...

View Full Version : Submitting more then one to database?



buggy
01-19-2010, 03:40 AM
Ok so I have coded this script that submits values to sql database but I want to be able to submit multiple "value4" & "value5" and still have values 1 to 3 enter for each row of the additional 4 & 5 values



<?php

// This code runs if the form has been submitted
if (isset($_POST['submit']))
{

// This makes sure they did not leave any fields blank
if (!$_POST['value1'] | !$_POST['value2'] | !$_POST['value3'] | !$_POST['value4'] | !$_POST['value5'] ) {
die('You did not complete all of the required fields');
}

// checks
if (!get_magic_quotes_gpc()) {
$_POST['value1'] = addslashes($_POST['value1']);
$_POST['value2'] = addslashes($_POST['value2']);
$_POST['value3'] = addslashes($_POST['value3']);
$_POST['value4'] = addslashes($_POST['value4']);
$_POST['value5'] = addslashes($_POST['value5']);
}

// now we insert it into the database
$insert = "INSERT INTO search_content (value1, value2,value3, value4, value5)
VALUES ('".$_POST['value1']."', '".$_POST['value2']."', '".$_POST['value3']."', '".$_POST['value4']."', '".$_POST['value5']."')";
$add_details = mysql_query($insert);
?>

<h1>Thank you</h1>
<p>Thank you for your contribution</p>

<?php
}
else
{
?>
<div id="center">

<form action="submit.php" method="post">

<h3>value1:</h3>
<div class="input">
<input type="text" name="value1" maxlength="150" />
</div>

<h3>value2:</h3>
<div class="input">
<input type="text" name="value2" maxlength="40" />
</div>

<h3>value3:</h3>
<div class="input">
<input type="text" name="value3" maxlength="100" />
</div>

<h3>value4:</h3>
<div class="input">
<input type="text" name="value4" />
</div>

<h3>value5:</h3>
<div class="input">
<input type="text" name="value5" />
</div>


<div id="btn">
<input type="submit" name="submit" value="Submit" />
</div>

</form>
</div>
<?php
}
?>


any ideas?

also does the coding look safe to you? im new at php and so not sure ...

As always thank you in advance :)

Fou-Lu
01-19-2010, 03:53 AM
This needs a little work:


if (!$_POST['value1'] | !$_POST['value2'] | !$_POST['value3'] | !$_POST['value4'] | !$_POST['value5'] ) {


This is incorrect. This will try to evaluate you're code as bitwise OR comparisons. If these are string, I'd suspect that it would always be 0. Logical (boolean) OR in php is either 'OR' or '||' without the commas, but check into the precedence table if you decide to mix them. Try to stay with double piped or.
This is backwards:


if (!get_magic_quotes_gpc()) {
$_POST['value1'] = addslashes($_POST['value1']);
$_POST['value2'] = addslashes($_POST['value2']);
$_POST['value3'] = addslashes($_POST['value3']);
$_POST['value4'] = addslashes($_POST['value4']);
$_POST['value5'] = addslashes($_POST['value5']);
}

What you want to do is actually strip them if magic quotes is available. Magic quotes are not compatible with mysql_real_escape_string (as in, they are not sensitive to each other). It will also be gone as of PHP6:


if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
$_POST['value1'] = stripslashes($_POST['value1']);
$_POST['value2'] = stripslashes($_POST['value2']);
...
}

You can also look at using the array_walk with stripslashes. Correct the behaviour with mysql_real_escape_string for any string data being inserted into you're database. Cast any numerical data to the corresponding values.


Now, as for multiple data, the easiest way is to use an html array. All input types can handle them, and are done like so:


<input type="text" name="txt[]" />
<input type="text" name="txt[]" />
...

The result of you're post will be a multi-dimensional array of txt. This can be used to you're advantage.

buggy
01-19-2010, 04:27 AM
Thank you for your reply Fou-Lu but im a little unsure of what you mean with "This needs a little work:" and the "html array" sections, could you please show me examples of what you mean?

I took a guess and tried:


<input type="text" name="value5[]" />

but that just submitted the word "Array" in the db tables ...

Dormilich
01-19-2010, 08:09 AM
because $_POST["value5"] is now an array and its string representation (thatís whatís inserted) is "Array".



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum