Loading checkbox[] values

[freecrm]

I'm very puzzled.

I created a page at work to do mass mailshots... that works.

On X10, for my own site, a version of the same page doesn't work..:nuts:

I attach the full page code, but in principle, it does this.

Pre-Loads recordset (e-mails) based on $_POST values from same page.

Creates do{ repeating table for results in same page. (Within a form)

each row includes

<input name="checkbox[]" type="checkbox" id="checkbox[]" value="<?php echo $row_recordlookup['CONTID']; ?>" />

then a "Send e-mails" button


if (isset($_POST['send'])) then do this....

for($i=0;$i<$_POST['totalrowstosend'];$i++)
$edit_id = $checkbox[$i];

Then if $edit_id returns a value, create another recordset, finding a line that corresponds to the $edit_id (Table ID) to find the e-mail and then go through a php mail function.

Savvy?

My major sticking point is this bit

$checkbox[$i];
which doesn't return any values!!!!

I've checked the code when it parses and it does seem to be pulling in the record id in the checkbox field value..

Am I missing something simple here?

 

[misson]

Did you set $checkbox to $_REQUEST['checkbox'] (and filter it)?

Looking over the source, it appears not. I also observe that to access $checkbox, you loop over an index up to $_POST['rowstosend']. As the browser will only send a value for checked checkboxes, the array won't be set for the higher indices. Why not just use a foreach loop over $checkbox?

I created a page at work to do mass mailshots... that works.

On X10, for my own site, a version of the same page doesn't work..:nuts:

You probably have register_globals turned on, which you shouldn't. What version of PHP are you running on your work server?

<input name="checkbox[]" type="checkbox" id="checkbox[]" value="<?php echo $row_recordlookup['CONTID']; ?>" />

The ID "checkbox[]" won't be unique if there's more than one checkbox. Also, IDs can't contain "[]". You can probably use $row_recordlookup['CONTID'] to create a unique ID. Unless you're using the IDs for something (a quick glance at the source suggests you're not), you could also skip the ID attribute.

 

[galaxyAbstractor]

why do you use checkbox[] as name?

The correct way to get the value is $_POST['*name of field*']

 

[Scoochi2]

why do you use checkbox[] as name?

The correct way to get the value is $_POST['*name of field*']

probably because if the form is created dynamically, we won't know the names of all the fields that will be used, or how many... well, not without making the action page dynamic as well.

It's much easier and simpler (and more efficient) to get the results as an array, which is why checkbox[] was probably used.
And yes, it IS a valid name. And yes, it WILL work with multiple values, all of them being accessible for processing [as an array]. However, as an ID it loses my support

 

[freecrm]

Ahaaaaa!!! sussed it!!!

The name of the checkbox is the key (yes you can have different values... sort of), I just wasn't acessing the info correctly. I have deleted the ID as it wasn't doing anything.

All I had to do (leave the form field the same) was to create an array from these.

$send_array=$_POST['checkbox']

Then in the for loop, return the value thats associated with each line.

i.e. $send_array[$i]

Then just run an if() statement to check if $send_array[$i] has a value and execute a script on it...

The script can also use the value returned from $send_array[$i] to capture the right record and thereofre the right e-mail address.

It works!!! Yay.

BTW, I'm on cossacks server here at X10 and my site is in my sign (click image)

__________

Sorry Scoochi2, I must have posted a few seconds after you did. You summed up my methods perfectly - and suggested exactly what I had discovered!

 

[misson]

@vigge_sWe: You can read the PHP and HTML FAQ if you want more details, though the documentation on this feature of PHP is incomplete.

@freecrm: I know I bring this up all the time, but are you going to filter $_POST['checkbox']? What do you think about using a foreach loop over $send_array?

 

[freecrm]

@vigge_sWe: You can read the PHP and HTML FAQ if you want more details, though the documentation on this feature of PHP is incomplete.

@freecrm: I know I bring this up all the time, but are you going to filter $_POST['checkbox']? What do you think about using a foreach loop over $send_array?

Hi Misson

I'm not sure what you're getting at with filtering the $_POST['checkbox'].

All the script does is (as you've suggested) create a for loop over the $send_array and check if it returns a value.

In this way, if the checkbox is checked, it pulls the ID from the $row_recordset and creates a new query, from which it then sends the mail address from that row

If the checkbox isn't checked (and the array does not return a value) it simply skips the mail coding.

So you could say this is filtered and it does use a loop over the array!

I'll post the final working script if anyone is interested.

 

[misson]

I'm not sure what you're getting at with filtering the $_POST['checkbox'].

Filtering means removing/cleaning up invalid data from input, usually with the filter functions. It's related to validation and very important in preventing SQL injection.

All the script does is (as you've suggested) create a for loop over the $send_array and check if it returns a value.

Actually, your script loops over an index. If you use a foreach loop, you can loop over the array elements directly:

foreach ($send_array as $contactID) {
  $query_sendlist ="SELECT CONTID, COMPANY, FIRSTNAME, LASTNAME, DEAR, POSITION, EMAIL FROM CONTACTS WHERE CONTID='$contactID'";
  ...
}

In this way, if the checkbox is checked, it pulls the ID from the $row_recordset and creates a new query, from which it then sends the mail address from that row

If the checkbox isn't checked (and the array does not return a value) it simply skips the mail coding.

If a checkbox isn't checked, the browser won't send a value for that form control. For example, if you send the following form:

<form>
  <input name="contactID[]" type="checkbox" value="foo" checked />
  <input name="contactID[]" type="checkbox" value="bar" checked />
  <input name="contactID[]" type="checkbox" value="bam"/>
  <input name="contactID[]" type="checkbox" value="bug-AWWK!" />
</form>

you'll get the URL encoded string "contactID[]=foo&contactID[]=bar", which PHP will translate to "array('foo', 'bar')" and store it in $_REQUEST['contactID']. You should check for empty values only if your filter function doesn't remove them. The better approach would be to consider empty values as invalid so that they'll be removed when you filter out invalid input.

Edit: Did you check if register_globals is enabled on your work server?

 

[freecrm]

Thanks Misson

I've now read up on filters (which i didn't previously understand) and get the idea of FILTER_VALIDATE_EMAIL, which will come in handy, although the stings have already been validated in the previous page using JS for format and each $_POST value is sanitised before passing to this page.

I'm going to work on this now.

I also now understand the foreach loop idea and it turns out to be a lot simpler!!!

Haven't been back to work yet, so I can't tell what php version it's on. (It's hosted on local server so I can't access it remotely)

Problem solved!! Thank all.

Admin, please close this thread.

 

[misson]

although the stings have already been validated in the previous page using JS for format and each $_POST value is sanitised before passing to this page.

Client side validation/sanitizing doesn't count, and neither does server side if it was on a previous page & was resubmitted. You should filter either every time you grab something from $_POST/$_GET/$_REQUEST or whenever you hand the data off to a subsystem, such as MySQL.