php / mysql复选框与True对比1
this should not be hard but I'm struggling with it so I thought I'd request help as I could not finding anything specific on web.
I am posting from a checkbox on a form. When I look at the querystring in browser window when I freeze output, it shows, the names of the variables = on. Similarly, when I echo the posted values they show up as on. The problem is when inserting into the dbase although inputting TRUE works, on does not. Fieldtype is tinyint(1). Do I have to convert all the ons to TRUEs. I feel like this has never been a problem before.
<form action="processform.php" method="post">
<input type = "checkbox" name="var1" CHECKED>
<input type = "checkbox" name="var2" CHECKED>
<input type="submit" name="submit" value="submit"></form>
script on other end.
$var1 = $_POST['var1'];
$var2 = $_POST['var2'];
echo $var1; //echoes "on"
$sql = "INSERT into table (var1,var2) VALUES (TRUE,TRUE)"; //works
$sql = "INSERT into table (var1,var2) VALUES ($var1,$var2)"; //does not work.
$sql = "INSERT into table (var1,var2) VALUES ('$var1','$var2')"; //does not work.
mysql_query($sql);
Is this a typo? Can't imagine you really need to change "on" blank to TRUE or FALSE for each variable
You need to include a value="" field if you want to return a value other then ON
<input type = "checkbox" name="var2" value="1" CHECKED>
You could add a value="TRUE" to each checkbox in your HTML.
Or, your assignments to $var1 and $var2 could set them to TRUE/FALSE or 1/0 depending on whether $_POST['var1'] and $_POST['var2'] are set or not. My recollection of checkboxes in HTML is that they're present in $_POST[] if set, and absent if not set.
$var1 = isset($_POST['var1']);
$var2 = isset($_POST['var2']);
I hope that you aren't actually using the code in your question, that's a fine opening for a SQL-injection attack.
TRUE boolean evaluates to 1, = int
The other 2 are strings either "on" of the actual text $var1, but the field type is int, so that makes no sense
you could just set the input value to 1 and be done with it.
The field is a tinyint(1). You can't put the string "on" into an integer field!
So you can use TRUE/FALSE or 1/0.
It wouldn't be much work to write a small function that returns TRUE or 1 if the value passed in is "on" and returns FALSE or 0 otherwise... something like
function ConvertCheckboxValue($value) {
return $value == "on" ? 1 : 0;
}
Currently, your code is vulnerable to SQL injection. Consider changing it to something like this and you'll be able to avoid SQL injection and what you're trying to do should work:
$var1 = isset($_POST['var1']) ? 1 : 0;
$var2 = isset($_POST['var2']) ? 1 : 0;
echo $var1; //echoes "on"
$sql = "INSERT into table (var1,var2) VALUES (TRUE,TRUE)"; //works
$sql = "INSERT into table (var1,var2) VALUES ($var1,$var2)"; //should work.
$sql = "INSERT into table (var1,var2) VALUES ('$var1','$var2')"; //should also work.
mysql_query($sql);
TRUE works because PHP isn't strongly typed, and anything "truthy" converts into a string of "1", which is happening as you build up that sql statement. The easiest solution is to make the value attribute of your input = "1". When you pull it out of the $_GET array it will be a string "1", which will work in your tinyint field in the database.
<input type="checkbox" name="var2" value="1" />
You'll definitely want to preprocess it to avoid sql injection like other's have mentioned
$var2 = $_GET['var2'] === '1' ? '1' : '0';
I'd specifically set the $var2 to a string of '1' or '0' so it's clearer that you are actually expecting those values for your tinyint field.
This is how I do it:
var myVal = ( $('#myCheckbox').is(':checked') ) ? 1 : 0;
alert('myVal is: ' +myVal); //alerts 1 if checked, 0 if not checked