checkbox in php

umm i cant figure out where im off wrong..


always records 0 in my db even when the checkbox is selected
<input type="checkbox" name="email" />
 
Code: [Select]
elseif (isset($_POST['submit']))
{
            $thePost = $_POST['yourpost'];
            $theSubject = $_POST['subject'];
            if ($thePost == "" || $thePost == null)
            {
                        $errMsgPost = "Error: You did not type in a post."; //no post entered
            } elseif ($theSubject == "" || $theSubject == null)
            {
                        $errMsgSubject = "Error: You did not enter a subject."; //no subject entered
            }
            else
            {
            if (isset($_POST['email'])) {
            $insertpost = "INSERT INTO forumtutorial_posts(emailreply) values('1')";
 
}
 
                        //we now strip HTML injections
                        $theSubject = strip_tags($theSubject);
                        $thePost = strip_tags($thePost);
                        $insertpost = "INSERT INTO forumtutorial_posts(forum,author,title,post,showtime,realtime,lastrepliedto,lastposter) values('$forum','$username','$theSubject','$thePost','$thedate','$thedate','$thedate','$username')";
                        mysql_query($insertpost) or die("Could not insert post"); //insert post
                        $updatepost = "UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$username'";
                        mysql_query($updatepost) or die("Could not update post");
                        header("Location: http://www.runningprofiles.com/members/index.php?page=forum&forum=$forum");
                        exit;
            }
}
?>

Open in new window

runnerjpAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jausionsCommented:
You're not running the query after the isset($_POST['email'])), you're just write the SQL query to the variable, but nothing is done with it, no mysql_query($insertpost).

On a side noe you should ALWAYS add addslashes() to your user-supplied data when you do INSERT SQL statements because your code is at a extremely high risk to be hacked and destroy your database.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
runnerjpAuthor Commented:
thnaks... wont $theSubject = strip_tags($theSubject);
                        $thePost = strip_tags($thePost);

do the job?
0
und3athCommented:
if (isset($_POST['email'])) {
            $insertpost = "INSERT INTO forumtutorial_posts(emailreply) values('1')";
 !!!!!!!!HERE !!!!!!!!!!!!!!! mysql_query($insertpost);
}
 
                        //we now strip HTML injections
                        $theSubject = strip_tags($theSubject);
                        $thePost = strip_tags($thePost);
0
jausionsCommented:
runnerip:

strip_tags only takes care of HTML tags, which don't really matter from a SQL stand point. This is good for protection against cross-site attacks though.

What you need to be wary about for SQL injections are the quotes, which need to be escaped.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.