Re: checkbox unchecked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

First of all, using "y" and "n" for boolean values (such as a checkbox) is 
very sloppy.  "n" is boolean True.  A boolean value should evaluate correctly 
in a boolean context.  For that, you should use 1 and 0 for your values.  

What I usually do is this:

<input type="hidden" name="foo" value="0" />
<input type="checkbox" name="foo" value="1" <?php echo $checked; ?> />

Then when it gets submitted, foo will get the value of the form element that 
was submitted last that has a value.  That is, if the checkbox is checked 
then foo will be 1, otherwise it will be 0.  That gives you a nice, clean 
boolean value you can rely on being present (mostly <g>).  

On Sunday 02 December 2007, Ronald Wiplinger wrote:
> I have now tried to add many of the security hints on a web page and
> come to a problem.
> I am checking if the allowed fields match the sent fields.
> From the database I get the information if a checkbox is checked or not:
>
> <?php if($DB_a =="y") {
>     $checked="checked";
>     } else {
>     $checked="";
>     }
> ?>
> <input type="checkbox" name="R_a" value="y" <?php echo $checked ?>
>
>
> If the user takes out the checkmark the value will become "" and the
> field will not submitted which results in a missing field.
>
> $allowed = array();
> $allowed[]='form';
> $allowed[]='R_a';
> $allowed[]='R_b';
> ....
> $sent = $array_keys($_POST);
> if($allowed == $sent) {
> ... do some checking ...
> } else {
>         echo "Expected input fields do not match!";
>     }
>         break;
>
>
> How can I force a "n" for not checked in the input field? or how can I
> solve that?
>
> bye
>
> Ronald


-- 
Larry Garfield			AIM: LOLG42
larry@xxxxxxxxxxxxxxxx		ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 
Jefferson

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux