?
Solved

checkbox in php

Posted on 2008-11-08
4
Medium Priority
?
213 Views
Last Modified: 2012-05-05
umm i cant figure out where im off wrong..


always records 0 in my db even when the checkbox is selected
<input type="checkbox" name="email" />
 
Code: [Select]
elseif (isset($_POST['submit']))
{
            $thePost = $_POST['yourpost'];
            $theSubject = $_POST['subject'];
            if ($thePost == "" || $thePost == null)
            {
                        $errMsgPost = "Error: You did not type in a post."; //no post entered
            } elseif ($theSubject == "" || $theSubject == null)
            {
                        $errMsgSubject = "Error: You did not enter a subject."; //no subject entered
            }
            else
            {
            if (isset($_POST['email'])) {
            $insertpost = "INSERT INTO forumtutorial_posts(emailreply) values('1')";
 
}
 
                        //we now strip HTML injections
                        $theSubject = strip_tags($theSubject);
                        $thePost = strip_tags($thePost);
                        $insertpost = "INSERT INTO forumtutorial_posts(forum,author,title,post,showtime,realtime,lastrepliedto,lastposter) values('$forum','$username','$theSubject','$thePost','$thedate','$thedate','$thedate','$username')";
                        mysql_query($insertpost) or die("Could not insert post"); //insert post
                        $updatepost = "UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$username'";
                        mysql_query($updatepost) or die("Could not update post");
                        header("Location: http://www.runningprofiles.com/members/index.php?page=forum&forum=$forum");
                        exit;
            }
}
?>

Open in new window

0
Comment
Question by:runnerjp
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
jausions earned 2000 total points
ID: 22913285
You're not running the query after the isset($_POST['email'])), you're just write the SQL query to the variable, but nothing is done with it, no mysql_query($insertpost).

On a side noe you should ALWAYS add addslashes() to your user-supplied data when you do INSERT SQL statements because your code is at a extremely high risk to be hacked and destroy your database.
0
 

Author Comment

by:runnerjp
ID: 22913912
thnaks... wont $theSubject = strip_tags($theSubject);
                        $thePost = strip_tags($thePost);

do the job?
0
 
LVL 4

Expert Comment

by:und3ath
ID: 22914414
if (isset($_POST['email'])) {
            $insertpost = "INSERT INTO forumtutorial_posts(emailreply) values('1')";
 !!!!!!!!HERE !!!!!!!!!!!!!!! mysql_query($insertpost);
}
 
                        //we now strip HTML injections
                        $theSubject = strip_tags($theSubject);
                        $thePost = strip_tags($thePost);
0
 
LVL 11

Expert Comment

by:jausions
ID: 22932801
runnerip:

strip_tags only takes care of HTML tags, which don't really matter from a SQL stand point. This is good for protection against cross-site attacks though.

What you need to be wary about for SQL injections are the quotes, which need to be escaped.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month16 days, 22 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question