I have a list of users, and a series of online courses.

I would like to list the courses, and within each course in the list, list all users. I would then like to have a checkbox for each user, so an admin can go through the list selecting which users can access which courses - straight forward enough.

I currently have it working perfectly (with some minor but temporary security flaws, such as directly accessing $_POST) but you have to submit the page for each course; I would instead like to capture the selected users for every course on the page in one submission.

Current system: Get all users that are checked for course X and assign then

Target system: Get all users checked for all courses, and then for every course, insert a record for that user, and then move on to next course.

I can figure out looping through the user checkboxes in the PHP handler, as per below, but cannot figure out how to get all users for each course and then insert the record.

I think I need to nest the foreach($_POST['users'] as $user) in another foreach loop that cycles through the course id's on the page. The difficulty I'm having is identifying the correct user checklist for that correct course id for the insert. Any suggestions?

HTML Form:

<form name="addToUser" id="addToUser" action="" method="POST">                                                          
    <div style="overflow-y: scroll; overflow-x: hidden; height: 260px; padding-right: 10px;">
        <table class="table table-striped table-bordered table-hover table-full-width" style="margin-top: 15px;">';
            foreach($userlist as $user){
                echo'
                <tr>
                    <td>
                        <input type="checkbox" name="users[]" id="'.$courseInfo['id'].'-'.$user['id'].'" value="'.$user['id'].'" />
                    </td>
                    <td>
                        <label for="'.$courseInfo['id'].'-'.$user['id'].'">'.$user['fn'].' '.$user['ln'].'</label>
                    </td>
                    <td>
                        <label for="'.$courseInfo['id'].'-'.$user['id'].'">'.$user['authemail'].'</label>
                    </td>
                </tr>
                ';
            }
         echo'   
        </table>
    </div>
    <input type="hidden" name="courseid" id="courseid" value="'.$courseInfo['id'].'" />
    <button class="btn green span4 offset4" style="margin-top: 12px;" name="addToUser" type="submit">
        <i class="icon-share" style="margin-right: 12px"></i>Add Licences to Users
    </button>
</form>

PHP handler

if(isset($_POST['addToUser'])){

    if(!$mysqli){$mysqli = mysqli_connect(connect stuffs here);}
    $courseid = $mysqli->escape_string($_POST['courseid']);
    $stmt = $mysqli->prepare("INSERT INTO table_name(lmsid, usersid, courseid, valid_days, valid_from, valid_to) VALUES (?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE 
                                valid_days = (
                                    case when valid_to = 0 or valid_to is null then valid_days + values(valid_days) else valid_days end),
                                valid_to = (
                                    case when valid_to > 0 then valid_to + values(valid_days)*60*60*24 else valid_to end)");
    if ( false===$stmt ) {
      die('prepare() failed: ' . htmlspecialchars($mysqli->error));
    }

    $valid_days = 0;
    $valid_from = time();
    $valid_to = strtotime('+10 year', time());


    foreach($_POST['users'] as $user){

        $rc = $stmt->bind_param('iiiiii', $core['id'], $user, $_POST['courseid'], $valid_days, $valid_from, $valid_to);
        if ( false===$rc ) {
          die('bind_param() failed: ' . htmlspecialchars($mysqli->error));
        }
        $rc = $stmt->execute();
        if ( false===$rc ) {
          die('execute() failed: ' . htmlspecialchars($mysqli->error));
        }
    }
}

Thank you! Michael