Inserting undertermined amt of values from a dynamic form

I have a form that reads a table (called form_fields) and inserts the fields into the form accordingly. Everything works fine as far as the form is concerned. Now, I am trying to INSERT the values into ONE row of a different table.

I have tried the following methods:

if (isset($_POST) && isset($submit) && is_array($_POST)) {
OpenTableSub();
$server = $_POST["$server"];
$clan_a = $_POST["$clan_a"];
$clan_b = $_POST["$clan_b"];
$challenge_date = $_POST["$challenge_date"];
$response_date = $_POST["$response_date"];

unset($_POST['submit']);

foreach ($_POST as $key => $value) {
$sql = mysql_query("INSERT INTO ".$sql_prefix."_challenges VALUES (DEFAULT, $value)" or die(mysql_error()) );
echo "$key -> $value<br>";
}
} else {
// show form
}

Results:
clan_a -> 1
clan_b -> 4
status -> 2
challenge_date -> 1162520145
response_date -> 0
server -> 4
map_name -> Bloodgulch
game_type -> Team Slayer
time_limit -> unlimited

I am so close!! :P It echo's the values correctly But it isn't inserting the values. So I may have an error in my INSERT query. Does it look ok? It doesn't throw any errors.

But wouldn't this insert multiple rows into the table?
I tried this, but it throws an error. I am looking to do something like this:

if (isset($_POST) && isset($submit) && is_array($_POST)) {
OpenTableSub();
$server = $_POST["$server"];
$clan_a = $_POST["$clan_a"];
$clan_b = $_POST["$clan_b"];
$challenge_date = $_POST["$challenge_date"];
$response_date = $_POST["$response_date"];

unset($_POST['submit']);

$sql = mysql_query("INSERT INTO ".$sql_prefix."_challenges VALUES (DEFAULT, "
foreach($_POST as $key => $value) {
"$value, ";
}
)" or die(mysql_error()) );
echo "$key -> $value<br>";

} else {
// show form
}

Results:
Parse error: parse error, unexpected T_FOREACH on line 14

No, you can't imbed a foreach statement in a string, which is what you're trying to do.

Instead, build the string before you call mysql_query, using a foreach to concantenate each array element onto the string. Something like this:


$query = "INSERT INTO ".$sql_prefix."_challenges VALUES (DEFAULT, ";
foreach($_POST as $key => $value) {
$query .= $value . ",";
}
//remove the last comma
$query = substr($query, 0, -1);

$sql = mysql_query($query) or die(mysql_error());

Just posting in case others find this error. This is how I solved it. I realize there is a serious possibility for sql injection here. Is there a way to validate the info so I can catch it before I run the command? Maybe I can validate the _POST array. Not sure. But this works :).

if (isset($_POST) && isset($submit) && is_array($_POST)) {
OpenTableSub();
$server = $_POST["$server"];
$clan_a = $_POST["$clan_a"];
$clan_b = $_POST["$clan_b"];
$challenge_date = $_POST["$challenge_date"];
$response_date = $_POST["$response_date"];

unset($_POST['submit']);

$data = "INSERT INTO ".$sql_prefix."_challenges(" . implode( ',', array_keys( $_POST ) ) . ") values('" . implode("','", $_POST ) . "')" or die(mysql_error());
$send = mysql_query($data) or die(mysql_error());

echo "$key -> $value<br>";