CODEWITHSUNDEEP
phpmysqlsqldatabasefor-loop
Zach H
Zach H

Reputation: 257

How to loop through an array of inputs in a form?

I am trying to look through some input fields in a form and add them to a database. The user sets the number of fields, so I can't do something like the code below because there is no specific number of fields.

for($i=0; $i<(number-of-fields); $i++)
{
    $_REQUEST['Question+$i']
}

I have tried this as well:

<?php
$con=mysqli_connect("","test","test","Flashcards");

foreach($_REQUEST['Question[]'] as $value)
    {
    $newcards="INSERT INTO Cards(Questions)
    VALUES($value)";
    mysqli_query($con,$newcards);
    }

mysqli_close($con);
?>

It just doesn't add anything to my database. How should I go about doing this? I am new to PHP and SQL and can't seem to figure this out.

Upvotes: 3

Views: 18535

Answers (3)

Neil Neyman
Neil Neyman

Reputation: 2158

OK.

  1. First of all, $value is never defined.

  2. This code is a security risk because you need to sanitize your input before inserting into the database.

  3. use $_GET or $_POST depending on how your form is set. $_REQUEST probably also includes information you wont need

  4. Not sure what your database looks like. Should each form field be a separate row or a separate column? Your code seems to do the former, but it sounds like you'd want the latter? If it's the latter then you really would need to name your form inputs like Amir Noori noted.

    Assuming you have a form like that:

    <form method="POST" action="myphp.php`>
<input type="text" name="column_name_one" />
<input type="text" name="column_name_two" />
<input type="text" name="column_name_three" />
<input type="submit" name="submit" value="submit" />

then

     <?php  
     if (isset $_POST['submit'] {
      $con=mysqli_connect("","test","test","Flashcards");
    
      $values = array();
      $columns = array();
      foreach($_POST[] as $key => $value) {
           if (!empty($key) && $key != "submit") {
             $values[] = $con->real_escape_string($value);
             $columns[] = $con->real_escape_string($key);
            }
      }
      $colStr = implode(",",$columns);
      $valStr = implode("','",$values);
      $myQuery = "INSERT INTO Cards($colStr) VALUES ('$valStr');
      if (!$con->query($myQuery)) {
         echo "Error Occured:  $con->error";
      }
    }
    ?>

Now this only works when your column names are the same as your form input names. Also assumes they are all strings (varchar etc). If this is not the case then you need to handle that by simply accessing the form fields individually by name. One simple way:

       <?  
          
          if (isset($_POST['name']) && !empty($_POST['name']) {   //name field maps to cName column varchar
            $colStr = "cName,";
            $valStr = "'" . $_POST['age'] . "',";  //need quotes
          }

          if (isset($_POST['age']) && !empty($_POST['age']) {   //age field maps to customerAge column numeric
            $colStr .= "customerAge,";
            $valStr .= $_POST['age'] . ",";       //no quotes
          }          
        ?>

Or use array_map() to map an array of column names to form fields. Something like that might also help if you need to make sure all the post variable names are really valid column names and someone isn't trying to send you garbage. Obviously the insert will fail if the column names aren't correct but usually it's better not to let it even try to insert a bad query.

Upvotes: 1

Soosh
Soosh

Reputation: 812

you can assign input names like he following(using javascript) and create a hidden field that contains the number of field, so when the user add more input fields, the hidden field is updated dynamically. 

<input name="field_1">
<input name="field_2">
<input name="field_3">
<input type="hidden" name="count" value="3">

so when you post this you know how many fields you have.

Upvotes: 2

Marc B
Marc B

Reputation: 360872

Given:

<input type="text" name="foo[]" />
<input type="text" name="foo[]" />
etc...

in your form, you'd loop over them with

foreach($_POST['foo'] as $index => $value) {
    ...
}

The [] in the field name will be stripped off by PHP and used as a hint that it should expect multiple values with the same name, causing it to create a sub-array inside $_GET/$_POST to accomodate those extra values.

You can also suggest which array keys PHP should use, e.g.

<input type="text" name="foo[1]" value="hi there" />
<input type="text" name="foo[abc]" value="TGIF!" />

echo $_POST['foo'][1]; // outputs "hi there"
echo $_POST['foo']['abc'] // outputs "TGIF!"

Multi-dimensional arrays are also supported, using the same notation/access methods.

Upvotes: 6

Related Questions