Inserting multiple checkbox values into a single SQL database column

Kyle Sisneros picture Kyle Sisneros · Jan 22, 2013 · Viewed 20.2k times · Source

I'm looking for a simple solution to inserting multiple checkbox selections into a single database column. User selects box 1, 4 and 6 - so the database would reflect "1, 4, 6".. the commas would be nice but are not neccessary. If one checkbox is selected, the information will insert as it should. If multiple are selected, only the last one will be inserted into the DB. Everything else is working fine, but these darned checkboxes. I tried to use

<?php
if(isset($_POST['mode'])) {
    $mode = implode(",", $_POST['mode']);   
} else {
    $mode = "";
}
?>

<?php

as suggested by another for someone asking the same question, though this method leaves me with "Array" inside of the column instead of any numbers no matter what is selected.

I tried to post some pictures to better explain, but it will not allow me. I'm no SQL or PHP professional, just trying to learn as much as I need to get this database going fairly quickly. If there is a solution to this issue, please enlighten me.

Here is the code I am using for the action script on submit:

<?php
if(isset($_POST['mode'])) {
$mode = implode(",", $_POST['mode']);   
} else {
$mode = "";
}
?>

<?php

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form 
$gamename=$_POST['gamename'];
$region=$_POST['region'];
$mode=$_POST['mode'];
$notes=$_POST['notes'];

// Insert data into mysql
$sql="INSERT INTO $tbl_name(gamename, region, mode, notes)VALUES('$gamename', '$region', '$mode', '$notes')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful". 
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
}

else {
echo "ERROR";
}
?> 

<?php 
// close connection 
mysql_close();
?>

And here is the code for my check boxes:

<td><input type="checkbox" name="mode[]" id="mode" value="1" />
 mode 1<br />
<input type="checkbox" name="mode[]" id="mode" value="2" />
  mode 2<br />
<input type="checkbox" name="mode[]" id="mode" value="3" />
  mode 3<br />
<input type="checkbox" name="mode[]" id="mode" value="4" />
  mode 4 <br /> 
<input type="checkbox" name="mode[]" id="mode" value="5" />
  mode 5 <br />
<input type="checkbox" name="mode[]" id="mode" value="6" />
  mode 6 <br />
<input type="checkbox" name="mode[]" id="mode" value="7" />
  mode 7<br />
<input type="checkbox" name="mode[]" id="mode" value="8" />
  mode 8
  </td>

As a side note, what steps should I take to ensure my DB and website are not vulnerable to simple exploits. I plan for these forms to be used by the public to openly submit information to the database.

Answer

dimaninc picture dimaninc · Jan 22, 2013

you override correct $mode variable, that's why you see Array in your table data.

remove this line from code:

$mode=$_POST['mode'];

and about vulnerable: you should escape string this way:

$gamename = mysql_escape_string($_POST['gamename']);
$region = mysql_escape_string($_POST['region']);
$notes = mysql_escape_string($_POST['notes']);