String Return in PHP..... with SQL

Question

Am having a problem with my PHP. I have a for loop as below:

$todays_date = date("Y-m-d H:i:s");
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

$artistConcentrate = '$_POST[ArtistField_'.$numIncrement.']';
$titleConcentrate = '$_POST[TitleField_'.$numIncrement.']';
$mixConcentrate = '$_POST[MixField_'.$numIncrement.']';

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('$_SESSION[promo_ID]', '$numIncrement', '$todays_date', '{$artistConcentrate}', '$titleConcentrate', '$mixConcentrate', '$_SESSION[CampaignTitle]')";
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

}

My problem is that the $artistConcetrate variable literally returns $_POST[ArtistField_1] and that value displays in the SQL table on PHPMyAdmin as so, any chance I can get it to actually return the value of what was submitted as POST[ArtistField_1], as this will be auto incremented through the loop so artistfield_2 etc will be inserted into the table.

I am aware of SQL injection problems that may occur from the above but will update my code after the solution has been found.

Many thanks for any advice on this.

CP

Answer 1

Modifying @whizzzkid Code:

$todays_date = date("Y-m-d H:i:s");
$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES ";
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

    $artistConcentrate = $_POST["ArtistField_".$numIncrement];
    $titleConcentrate = $_POST["TitleField_".$numIncrement];
    $mixConcentrate = $_POST["MixField_".$numIncrement];

    $query2 .= "(".$_SESSION['promo_ID']."', '".$numIncrement."', '".$todays_date."', '".$artistConcentrate."', '".$titleConcentrate."', '".$mixConcentrate."', '".$_SESSION['CampaignTitle']."'),";

}
$query2 = substr($query2, 0, -1);
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

This fires mysql_query only once.

Answer 2

You can use mysql_real_escape_string function for this purpose:-

Here is the documentation link:- http://php.net/manual/en/function.mysql-real-escape-string.php

In your code you can do:-

$todays_date = date("Y-m-d H:i:s");
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

$artistConcentrate = mysql_real_escape_string($_POST['ArtistField_'.$numIncrement]);
$titleConcentrate = mysql_real_escape_string($_POST['TitleField_'.$numIncrement]);
$mixConcentrate = mysql_real_escape_string($_POST['MixField_'.$numIncrement]);

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('$_SESSION[promo_ID]', '$numIncrement', '$todays_date', '{$artistConcentrate}', '$titleConcentrate', '$mixConcentrate', '$_SESSION[CampaignTitle]')";
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

}

Do remember to check mysql_set_charset() which would affect the result. Study documentation link given above.

Answer 3

$artistConcentrate = '$_POST[ArtistField_'.$numIncrement.']';
$titleConcentrate = '$_POST[TitleField_'.$numIncrement.']';
$mixConcentrate = '$_POST[MixField_'.$numIncrement.']';

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('$_SESSION[promo_ID]', '$numIncrement', '$todays_date', '{$artistConcentrate}', '$titleConcentrate', '$mixConcentrate', '$_SESSION[CampaignTitle]')";

should be

$artistConcentrate = $_POST[ArtistField_'.$numIncrement.'];
$titleConcentrate = $_POST[TitleField_'.$numIncrement.'];
$mixConcentrate = $_POST[MixField_'.$numIncrement.'];

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('".$_SESSION[promo_ID]."', '".$numIncrement."', '".$todays_date."', '".$artistConcentrate."', '".$titleConcentrate."', '".$mixConcentrate."', '".$_SESSION[CampaignTitle]."')";

Answer 4

try this

$todays_date = date("Y-m-d H:i:s");
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

$artistConcentrate = $_POST["ArtistField_".$numIncrement];
$titleConcentrate = $_POST["TitleField_".$numIncrement];
$mixConcentrate = $_POST["MixField_".$numIncrement];

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('".$_SESSION['promo_ID']."', '".$numIncrement."', '".$todays_date."', '".$artistConcentrate."', '".$titleConcentrate."', '".$mixConcentrate."', '".$_SESSION['CampaignTitle']."')";
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

}