Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Aug 2011
    Posts
    52
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP $_POST in MYSQL Query

    Here's the deal, I'm trying to insert all of my $_POST data from a form into a MySQL query. normally i would do something like this

    PHP Code:
    $var_name $_POST[my_var_name
    but i cant do that this time around because all of the names of the input fields are being generated dynamically. so they are updated and changed often. is there any solution to this?

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,091
    Thanks
    51
    Thanked 506 Times in 493 Posts
    IF you want to store the raw form data as an array you could run it through serialize() and store the output.

    If however you want tp pull out the data and store it in each column then you need to find a way to identify each field from the random field names and without showing us how you're generating those field names and keeping track of them, there isn't much else we can say.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #3
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,233
    Thanks
    51
    Thanked 100 Times in 99 Posts
    Generated dynamically? can you explain more? PHP is a very powerful language and can do most anything you want. Once we understand what you need done, we can help you do it.
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,091
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by myfayt View Post
    Generated dynamically?
    I use a similar technique myself on forms. It's an anti-bot measure. Many of the basic bots will no recognise the name changes and therefore their submissions will automatically be filtered out but the better bots recognise it and just go with those names.

    There is more on the technique here.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #5
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    614
    Thanks
    48
    Thanked 64 Times in 64 Posts
    Method 1: Array items (such as $_POST variables) can be called inside quotation marks, however, the single quotes are omitted from their name.
    PHP Code:
    mysql_query("SELECT * FROM somewhere WHERE author='$_POST[author]'"); 
    Method 2: Instead of putting the variable inside the quotes, end the quotes and append the post variable unquoted where you need it. This is what you have to do anyway for all variables if you are not using single quotes (variables aren't recognized as variables inside single quotes). This method is more complicated but makes variables more apparent in code and, again, is required if you use single quotes.
    PHP Code:
    mysql_query("SELECT * FROM somewhere WHERE author='".$_POST['author']."'"); 
    Last edited by djh101; 01-17-2012 at 04:59 PM.
    "Yeah science!"
    Online Science Tools

  • #6
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Quote Originally Posted by djh101 View Post
    Method 1: Array items (such as $_POST variables) can be called inside quotation marks, however, the single quotes are omitted from their name.
    PHP Code:
    mysql_query("SELECT * FROM somewhere WHERE author=$_POST[author]"); 
    Method 2: Instead of putting the variable inside the quotes, end the quotes and append the post variable unquoted where you need it. This is what you have to do anyway for all variables if you are not using single quotes (variables aren't recognized as variables inside single quotes). This method is more complicated but makes variables more apparent in code and, again, is required if you use single quotes.
    PHP Code:
    mysql_query("SELECT * FROM somewhere WHERE author='".$_POST['author']."'"); 
    Not good practise. You should always, at least, escape POST and GET (or any other user provided information) with mysql_real_escape_string() to avoid SQL injection.

    Also, it wasn't really what the op was asking for
    Useful function to retrieve difference in times
    The best PHP resource
    A good PHP FAQ
    PLEASE remember to wrap your code in [PHP] tags.
    PHP Code:
    // Replace this
    if(isset($_POST['submitButton']))
    // With this
    if(!empty($_POST))
    // Then check for values/forms. Some IE versions don't send the submit button 
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

  • #7
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    614
    Thanks
    48
    Thanked 64 Times in 64 Posts
    Well that was more of an example on the concept, not intended to be used as it is. But yeah, most of my user inputted data I have preg_replaced- I completely forgot about mysql_real_escape_string.

    Anyway, there's not really much of a question in the first post, which only leaves you to assume...
    "Yeah science!"
    Online Science Tools

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,091
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by djh101 View Post
    Method 1: Array items (such as $_POST variables) can be called inside quotation marks, however, the single quotes are omitted from their name.
    PHP Code:
    mysql_query("SELECT * FROM somewhere WHERE author=$_POST[author]"); 
    No, no, no... ANY string must still be inside single quotes in an SQL string:

    PHP Code:
    $Author mysql_real_escape_string($_POST[author]);
    mysql_query("SELECT * FROM somewhere WHERE author='$Author'"); 
    Only integers can be treated your way without single quotes.

    Quote Originally Posted by djh101 View Post
    Anyway, there's not really much of a question in the first post, which only leaves you to assume...
    Erm, yes there is. The op is asking about how to handle form fields with dynamically generated names and how to somehow get the data and save it.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •