Re: Problem involving checkbox and Postgresql - Mailing list pgsql-php
| From | Digital Wokan |
|---|---|
| Subject | Re: Problem involving checkbox and Postgresql |
| Date | |
| Msg-id | 200206171403.25668.wokan@cox.net Whole thread Raw |
| In response to | Re: Problem involving checkbox and Postgresql (Scott Marlowe <scott.marlowe@ihs.com>) |
| Responses |
Re: Problem involving checkbox and Postgresql
(Chadwick Rolfs <cmr@shell.gis.net>)
|
| List | pgsql-php |
All of which brings up the fact that you should never just trust all the
values being submitted to a page. That's how SQL insertion attacks succeed.
On Thursday 20 June 2002 13:22, Scott Marlowe wrote:
> You have to process the values yourself to make sure it's right.
>
> Just do something like this:
>
> if ($driving_required == "1") $driving_required = 't';
> else $driving_required = 'f';
>
> Then use it in your update / insert statement as usual.
>
> On 20 Jun 2002, Jeff Self wrote:
> > That only works if I leave the checkboxes checked. If I remove the
> > check, I get the following error:
> >
> > Warning: pg_exec() query failed: ERROR: Bad boolean external
> > representation ''
> > in /var/www/nngov/admin/jobpostresults.php on line 66
> >
> > On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote:
> > > Hi Jeff,
> > >
> > > Set the value parameter in the input tag
> > >
> > > <input type="checkbox"
> > > name="driving_required" CHECKED value='1'>
> > >
> > > That should work I believe.
> > >
> > > -Surojit
> > >
> > > Jeff Self wrote:
> > > >I've got a table with a field called driving_required with a boolean
> > > >type and default 'true'. I've built a web page which contains the
> > > >following lines for displaying a checkbox:
> > > >
> > > ><tr><td width="25%" class="form">Driver's License Required?</td>
> > > > <td width="75%" class="form"><input type="checkbox"
> > > >name="driving_required" CHECKED></td></tr>
> > > >
> > > >After the form is submitted, it calls a php file called
> > > >jobpostresults.php which enters the data from the form into the
> > > > database and displays the results on the page.
> > > >
> > > >Here's the section that enters the form data into the database:
> > > >
> > > >// Add Job Description Details
> > > >$jddquery = "INSERT INTO job_description_details (description_id,
> > > >effective_date, driving_required, submitted_on, submitted_by,
> > > >sm_description, responsibilities, behaviors, skills, experience,
> > > >requirements) VALUES
> > > >('$description_id','$effective_date','$driving_required',now(),'$submi
> > > >tted_by','$sm_description','$responsibilities','$behaviors','$skills',
> > > >'$experience','$requirements')";
> > > >
> > > >$jddresult = pg_exec($conn, $jddquery);
> > > >if (!$jddresult)
> > > > exit;
> > > >
> > > >When I input the data and click on submit I get the following error
> > > >message:
> > > >
> > > >Warning: pg_exec() query failed: ERROR: Bad boolean external
> > > >representation 'on'
> > > > in /var/www/nngov/admin/jobpostresults.php on line 46
> > > >
> > > >It looks like the html form is producing 'on' for the value of
> > > >driving_required. How do I get this changed to 'true' in PostgreSQL?
> > >
> > > ---------------------------(end of
> > > broadcast)--------------------------- TIP 3: if posting/reading through
> > > Usenet, please send an appropriate subscribe-nomail command to
> > > majordomo@postgresql.org so that your message can get through to the
> > > mailing list cleanly