...

View Full Version : php mysql insert



extremed
11-14-2010, 09:01 AM
Hi

i have a code like this, which gona use for add multiple comments to a record



<script language="javascript">
fields = 0;
function addInput() {
if (fields != 10) {
var htmlText = "<input type='text' value='' name='field[]' /><br />";
var newElement = document.createElement('div');
newElement.id = 'text';
newElement.innerHTML = htmlText;

var fieldsArea = document.getElementById('text');
fieldsArea.appendChild(newElement);

fields += 1;
} else {
alert("Only 10 fields allowed.");
document.form.add.disabled=true;
}
}
</script>

<form name="form" action="form.php" method="post">
<input type="button" onclick="addInput()" name="add" value="Add input field" />
<div id="text"></div>
<br />
<input type="submit" value="Submit" />
</form>


how can i insert all values submit from this code into a mysql table?


sorry for language errors.

Thanks

poyzn
11-14-2010, 12:04 PM
very simple, without any filtering, validating and escaping it looks like this:


foreach($_POST['field'] as $field) {
$sql[] = "('$field')";
}
mysql_query("INSERT INTO tablename (fieldname) VALUES " . implode(',', $sql));

extremed
11-14-2010, 01:43 PM
Thanks

Keleth
11-14-2010, 04:21 PM
Note that'll only work if every _POST you get put in $sql has the name of the columns you have in mySQL AND it is in the order of the table.

Really, you should be referencing the column with INSERT INTO table (column1, column2, etc) VALUES (value1, value2, etc). In addition, if any of those values are strings, that won't work (though I'm pretty sure poyzn knows that).

extremed
11-14-2010, 04:37 PM
this work for me


mysql_query ("insert into comments (id,comment,date) values ('$id','$value',NOW())");


but now i have a problem which if the text field empty it insert a blank record into database

with the code i have no idea how to validate values :(

any help would be great

Thanks for the replies guys.

poyzn
11-14-2010, 04:50 PM
if($value) { // check if $value not empty
mysql_query(...); // send query to db
}

by the way DATE is reserved mysql word, you should backquote it in SQL queries:


`date`

extremed
11-14-2010, 04:59 PM
Thanks a lot

i tried to insert data with same page without sending to another php with


action="<?php echo $_SERVER['PHP_SELF']; ?>"

if i use like that im getting error in foreach

any idea why?


Regards

poyzn
11-14-2010, 05:04 PM
May be you do not pass an array to foreach loop. Try to check the variable if it is an array before start foreach


if(is_array($fileds)) {
foreach($fields as ...) {
...
}
}

extremed
11-14-2010, 05:24 PM
tried like this, no errors but record doesn't insert


<script language="javascript">
fields = 0;
function addInput() {
if (fields != 10) {
var htmlText = "<input type='text' value='' name='field[]' /><br />";
var newElement = document.createElement('div');
newElement.id = 'text';
newElement.innerHTML = htmlText;

var fieldsArea = document.getElementById('text');
fieldsArea.appendChild(newElement);

fields += 1;
} else {
alert("Only 10 fields allowed.");
document.form.add.disabled=true;
}
}
</script>

<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="button" class="add" onclick="addInput()" name="add" value="Add Comment" />
<div id="text"></div>
<br />
<input type="submit" value="Submit" />
</form>


<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'testc';

$con = mysql_connect($host , $user , $pass) or die ("Connection could not established." .mysql_error() );

mysql_select_db($db , $con) or die ("Colud not select database" . mysql_error());

if(is_array($field)) {
foreach($_POST['field'] as $value)

{

mysql_query ("insert into comm (comment) values ('$value')");
}

}
?>

MattF
11-14-2010, 05:31 PM
1) You're not santising input.

2) You're not escaping input.

3) PHP_SELF is dangerous used as is.

4) Learn to use basic error checking.

How people ever expect to track down problems in half the code posted is beyond me.



mysql_query ("insert into comm (comment) values ('$value')") or die(__FILE__, __LINE__, mysql_error());

poyzn
11-14-2010, 05:32 PM
tried like this, no errors but record doesn't insert

so, what's the problem? You don't want to insert empty value into db, do you?


but now i have a problem which if the text field empty it insert a blank record into database

extremed
11-14-2010, 05:51 PM
no thats not what i mean

with <?php echo $_SERVER['PHP_SELF']; ?>

even after value entered, value doesn't store in db. seems i messed up somewhere

poyzn
11-14-2010, 05:55 PM
if(is_array($_POST['field'])) { ...


you should always sanitize input



$fields_input = filter_input(INPUT_POST, 'field', FILTER_SANITIZE_STRING, array('flags' => FILTER_REQUIRE_ARRAY));
if(is_array($fields_input)) {
foreach($fields_input as ...

extremed
11-14-2010, 06:05 PM
Thanks it works now.

also thanks MattF for advice



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum