Baku84 Baku84 - 4 days ago 4
PHP Question

How to implement a multiple selection or checkbox with $ _POST in PHP and MySqli?

(Excuse me if I use a translator so that I can understand this problem).

I have been practising for almost a week for the checkbox case, using Procedural MySqli, which I can not understand if one selects a type of coffee as seen in these codes, choosing one or many and before proceeding, I investigated if i have the same problem as mine, I can not find (two id), the idea is that I must insert the database using $ _POST, I have been trying several methods and none of them works.


<form method="POST" action="anadircafe.php">
<p><b>Selección de Cafe</b></p>
<input type="checkbox" name="id_cafe[]" value="1"/> Nescafe <br/>
<input type="checkbox" name="id_cafe[]" value="2"/> Americano <br/>
<input type="checkbox" name="id_cafe[]" value="3"/> Macciato <br/>
<input type="checkbox" name="id_cafe[]" value="4"/> Doble <br/>
<input type="checkbox" name="id_cafe[]" value="5"/> Cortado <br/>
<input type="checkbox" name="id_cafe[]" value="6"/> Capuccino <br/>
<input type="checkbox" name="id_cafe[]" value="7"/> Irlandes <br/>
<input type="checkbox" name="id_cafe[]" value="8"/> Cafe Solo<br/>
Usuario: <br/>
<input type="checkbox" name="id_usuario[]" value="1"/> Fslynx <br/>
<input type="checkbox" name="id_usuario[]" value="2"/> Guts <br/>
<input type="checkbox" name="id_usuario[]" value="3"/> Otter <br/>
<input type="checkbox" name="id_usuario[]" value="4"/> Sebastian <br/>
<input type="checkbox" name="id_usuario[]" value="5"/> Julian <br/>
<input type="checkbox" name="id_usuario[]" value="6"/> Claire<br/>
Precio: <input type="text" name="precio"><br>
IVA: <input type="text" name="iva"><br>
Total: <input type="text" name="total"><br>
<input type="submit" name="prueba" value="enviar">


$msg = $id_cafe = $id_usuario = $precio = $iva = $total = NULL;

$id_cafe = $_POST['id_cafe'];
$id_usuario = $_POST['id_usuario'];
$precio = $_POST['precio'];
$iva = $_POST['iva'];
$total = $_POST['total'];
$caf = implode("", $id_cafe);
$usu = implode("", $id_usuario);

if($id_cafe && $id_usuario && $precio && $iva && $total){

$link = mysqli_connect("localhost", "root", "", "cafe");

if (mysqli_connect_errno()) {
printf("Fallo conexion: %s\n", mysqli_connect_error());

$query = mysqli_query($link, "INSERT INTO compra_cafe (id_cafe, id_usuario, precio, iva, total) VALUES ('$id_cafe', '$id_usuario', '$precio', '$iva', '$total')");

if(!$query) {
printf("Error: %s\n", mysqli_error($link));
} else {
$msg = "Datos insertados";
echo $msg;

Table compra_cafe in phpmyadmin

CREATE TABLE `compra_cafe` (
`id_cafe` int(11) NOT NULL,
`id_usuario` int(11) NOT NULL,
`Precio` varchar(30) NOT NULL,
`IVA` varchar(30) NOT NULL,
`Total` varchar(30) NOT NULL,
UNIQUE KEY `id_cafe` (`id_cafe`),
UNIQUE KEY `id_usuario` (`id_usuario`),
CONSTRAINT `compra_cafe_ibfk_1` FOREIGN KEY (`id_cafe`) REFERENCES `tipo_cafe` (`id_cafe`) ON DELETE CASCADE ON UPDATE CASCADE,
CONSTRAINT `compra_cafe_ibfk_2` FOREIGN KEY (`id_usuario`) REFERENCES `usuario` (`Id_usuario`) ON DELETE CASCADE ON UPDATE CASCADE


In order for your submission to work you have to use the name as the identifier in the post array. For example...


should be


Because 'prueba' is the name of the submit button:

<input type="submit" name="prueba" value="enviar">


Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe!