Ibrahim Azhar Armar Ibrahim Azhar Armar - 1 year ago 53
HTML Question

Passing the value using checkbox with html and php

I have two forms

a) post.php
b) edit.php

I am using the checkbox in both the form to set the binary value (0 and 1) to set the status for approve.

to process the value from the checkbox in the post.php I am using the code which checks and assume that if the checkbox is checked then the value will be 1 other wise it is 0 by default

if (isset($_POST['ad_approve'])) $ad_approve = htmlspecialchars(strip_tags(mysql_real_escape_string($_POST['ad_approve'])));
else { $ad_approve = 0; }

Now in the edit.php form I retrieve the data from the database and set the checkbox accordingly . if the approve has the value 1 then it is checked by default . look onto the following code

<input name="ad_approve" type="checkbox" value="1" <?php if($approve==1) echo 'checked="checked"';?> />

in the above code I cannot apply the same logic to catch the value from ad_approve i.e(by checking isset()) because if the value is 1 by default and if I try unchecking the checkbox then automatically the program assume that the value is set because it has been changed from checked to unchecked. now in the edit.php how do I again process the value from it such that if the checkbox is checked hold the value as 1 otherwise 0, ??

Answer Source

to be honest your question does not make a whole lot of sense but I can understand that you wish to check if check boxes are actually set.

firstly you don't need a value attribute on a check box because its the browser that decide what value if any to send via the GP headers.


Checkboxes (and radio buttons) are on/off switches that may be toggled by the user. A switch is "on" when the control element's checked attribute is set. When a form is submitted, only "on" checkbox controls can become successful.

So basically if a checkbox is not selected then the entity will not be sent via the headers, there for isset() would be a perfectly usable check.

The way your using real escape is totally wrong, you should never user real escape for html, DATABASE ONLY.

Take this code for example

    echo $_POST['some_check']; //on
    echo 'some_check has not been checked';

Your code:

if (isset($_POST['ad_approve'])) $ad_approve  = htmlspecialchars(strip_tags(mysql_real_escape_string($_POST['ad_approve'])));
        else { $ad_approve = 0; }

Can you give me a good excuse why your using htmlspecialchars,strip_tags and mysql_real_escape_string on an entity that can be done like so:

$ad_approve = isset($_POST['ad_approve']) ? true : false;

for issues like this its not that hard to refer to the documentation to get a better understand of what exactly is being sent from the browser.

if you wish to add values to to the checkboxes that you would do this with hidden fields, example follows.

<input type="checkbox" name="check_box" />
<input type="hidden" name="check_box_value" value="01100001" />

And within the php server side.

    echo $_POST['check_box_value']; //01100001
    echo 'some_check has not been checked';

by adding another html input thats hidden you can hide elements from the user and then use as data holders, the reason why you should use the exact same name but append it with _value is just for best practises.


    mysql_query('UPDATE profile SET receive_mail = 1');
   mysql_query('UPDATE profile SET receive_mail = 0');