Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Nov 2006
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Inserting undertermined amt of values from a dynamic form

    I have a form that reads a table (called form_fields) and inserts the fields into the form accordingly. Everything works fine as far as the form is concerned. Now, I am trying to INSERT the values into ONE row of a different table.

    I have tried the following methods:
    Code:
    if (isset($_POST) && isset($submit) && is_array($_POST)) {
    	OpenTableSub();
    	$server = $_POST["$server"];
    	$clan_a = $_POST["$clan_a"];
    	$clan_b = $_POST["$clan_b"];
    	$challenge_date = $_POST["$challenge_date"];
    	$response_date = $_POST["$response_date"];
    	
    	unset($_POST['submit']);
    	
    	foreach ($_POST as $key => $value) {
       	$sql = mysql_query("INSERT INTO ".$sql_prefix."_challenges VALUES (DEFAULT, $value)" or die(mysql_error()) );
    		echo "$key -> $value<br>";
    	}
    } else {
         // show form
    }
    Results:
    clan_a -> 1
    clan_b -> 4
    status -> 2
    challenge_date -> 1162520145
    response_date -> 0
    server -> 4
    map_name -> Bloodgulch
    game_type -> Team Slayer
    time_limit -> unlimited

    I am so close!! :P It echo's the values correctly But it isn't inserting the values. So I may have an error in my INSERT query. Does it look ok? It doesn't throw any errors.

    But wouldn't this insert multiple rows into the table?
    I tried this, but it throws an error. I am looking to do something like this:
    Code:
    if (isset($_POST) && isset($submit) && is_array($_POST)) {
    	OpenTableSub();
    	$server = $_POST["$server"];
    	$clan_a = $_POST["$clan_a"];
    	$clan_b = $_POST["$clan_b"];
    	$challenge_date = $_POST["$challenge_date"];
    	$response_date = $_POST["$response_date"];
    	
    	unset($_POST['submit']);
    
      	$sql = mysql_query("INSERT INTO ".$sql_prefix."_challenges VALUES (DEFAULT, "
      		foreach($_POST as $key => $value) {
      			"$value, ";
      		}
      	)" or die(mysql_error()) );
    	echo "$key -> $value<br>";
    
    } else {
          // show form
    }
    Results:
    Parse error: parse error, unexpected T_FOREACH on line 14
    Last edited by Ruthik; 11-03-2006 at 02:41 AM.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    No, you can't imbed a foreach statement in a string, which is what you're trying to do.

    Instead, build the string before you call mysql_query, using a foreach to concantenate each array element onto the string. Something like this:

    PHP Code:
    $query "INSERT INTO ".$sql_prefix."_challenges VALUES (DEFAULT, ";
    foreach(
    $_POST as $key => $value) {
        
    $query .= $value ",";
    }
    //remove the last comma
    $query substr($query0, -1);

    $sql mysql_query($query) or die(mysql_error()); 

  • #3
    New to the CF scene
    Join Date
    Nov 2006
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Just posting in case others find this error. This is how I solved it. I realize there is a serious possibility for sql injection here. Is there a way to validate the info so I can catch it before I run the command? Maybe I can validate the _POST array. Not sure. But this works .

    Code:
    if (isset($_POST) && isset($submit) && is_array($_POST)) {
    	OpenTableSub();
    	$server = $_POST["$server"];
    	$clan_a = $_POST["$clan_a"];
    	$clan_b = $_POST["$clan_b"];
    	$challenge_date = $_POST["$challenge_date"];
    	$response_date = $_POST["$response_date"];
    	
    	unset($_POST['submit']);
    	
          $data = "INSERT INTO ".$sql_prefix."_challenges(" . implode( ',', array_keys( $_POST ) ) . ") values('" . implode("','", $_POST ) . "')" or die(mysql_error());
          $send = mysql_query($data) or die(mysql_error()); 
    	
    	echo "$key -> $value<br>";


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •