Checkboxes are not updating in the database

Question

I've got a question about databases and checkboxes. I've got a table looking like:

Website is looking like:

At the bottom of the page I also have a button, so when I submit the checked checkboxes will be updated to 1 or 0 in the database. (True or false)

So when I click on the 3rd checkbox under trained, it will update the trained column in the database with a user/room id of '3583'. (ID is shown right of the screen)

Code:

<form class='verwerkInfo' method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>?license=6'>
                <td>
                    <?php if($room->trained == 1) { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>" checked> <?php echo "Y"; } else{ ?> <input type='checkbox' name="<?php echo $room->room_id; ?>"> <?php echo "N"; }?> </td>
                <Td><?php if($room->active == 1) { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>" checked> <?php echo "Active"; } else { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>"  <?php echo "Inactive"; } ?>
                </td>

                <Td><?php echo $room->configuration; ?></td>
                <td><?php echo $room->room_id; ?></td>
                <td><?php var_dump($room->user_id); }?></td>
                </tr>

So I guess I have a problem in the names of the checkboxes.

The query is looking like:

$trainedQuery = "UPDATE room_users
                            SET trained = 1
                            WHERE user_id = $room->user_id";

The $room->user_id is referring to the user_id in the database.

Answer 1

Here's a way to give the checkboxes unique names and pass extra information with each element:

name="trained[<?php echo $room->room_id; ?>]" value="<?php echo $room->user_id; ?>"

Then in the PHP script that processes the form submission you can:

foreach ( $_POST['trained'] as $room_id => $user_id ) {
    // This query needs protection from SQL Injection!
    $trainedQuery = "UPDATE room_users SET trained = 1 WHERE user_id = $user_id";
}

It's not clear what the relationship is between room_id and user_id and why you're updating the room_user table with only user_id. What do you do with the room_id?

Is this what you actually need:

// This query needs protection from SQL Injection!
$trainedClear = "UPDATE room_users SET trained = 0 WHERE user_id = $user_id";
$db->exec($trainedClear); // first clear all

foreach ( $_POST['trained'] as $room_id => $user_id ) {
    // This query needs protection from SQL Injection!
    $trainedQuery = "UPDATE room_users SET trained = 1 
        WHERE user_id = $user_id AND room_id = $room_id";
    $db->exec($trainedQuery); // then add selections
}
// assuming there's a database connection `$db-exec`.
// Replace with your actual connection and query method.

---

Refactored checkbox columns for clarity:

<?php

$room_id = $room->id;
$room_configuration = $room->configuration;
$room_user_id = $room->user_id;

if ( $room->trained == 1 ) {
    $trained_checked = 'checked';
    $trained_label = 'Y';
}
else {
    $trained_checked = '';
    $trained_label = 'N';
}

if ( $room->active == 1 ) {
    $active_checked = 'checked';
    $active_label = 'Active';
}
else {
    $active_checked = '';
    $active_label = 'Inactive';
}

echo <<<EOT

    <td><input type="checkbox" name="trained[$room_id]" value="$room_user_id" $trained_checked> $trained_label</td>
    <td><input type="checkbox" name="active[$room_id]" value="$room_user_id" $active_checked> $active_label</td>
    <td>$room_configuration</td>
    <td>$room_id</td>
    <td>$room_user_id</td>

EOT;

?>

Answer 2

Just change the checkbox names attribute with adding yes,no and active

       


  name="yes_<?php echo $room->room_id; ?>"
  name="no_<?php echo $room->room_id; ?>"
  name="act_<?php echo $room->room_id; ?>"