How do I insert array elements results of an implode() into each row?

Question

I have an HTML form with checkboxes for day option much like the ones indicated below:

<input type="checkbox" name="A" value="Daily">Daily<br>
<input type="checkbox" name="B" value="Sunday">Sunday<br>
<input type="checkbox" name="C" value="Monday">Monday<br>

I then successfully read the checked in boxes in this way:

if (isset($_POST['A']))
    $val[] = $_POST['A'];
if (isset($_POST['B']))
    $val[] = $_POST['B'];
if (isset($_POST['C']))
    $val[] = $_POST['C'];

I then successfully implode them like below:

$value = implode(', ', $val);

I would like some advice on how to insert each array element into a table so that they end up on each row, as displayed in the below table (day column). This table below indicates that the checked in days were Daily, Tuesday, & Tuesday.

+---------+----------------+
| id      | day            | 
+---------+----------------+
| 1       | Daily          | 
| 2       | Tuesday        | 
| 3       | Friday         | 
+---------+----------------+

Any help is appreciated. Looking forward to your advise.

Answer 1

The other answers here all have you running a query using unfiltered data. This opens you up to SQL Injection, and is generally a bad idea. You should do something to filter your data. Either mysqli_real_escape_string($value) or use prepared statements.

The prepared statement solution would be (after inserting everything into $val):

    $stmt = msqli->prepare( "INSERT INTO tbl_name ( Day ) VALUES (?), (?), (?);" );
    $stmt->bind_param( 'sss', $val[0], $val[1], $val[2] );
    $stmt->execute();

Or, if you want to just go with escaped strings, rather than inserting into $val like you do in your example, do something like:

    if( isset( $_POST['A'] ) )
        $val[] = '(' . msqli_real_escape_string( $_POST['A'] ) . ')';

Note the parens around each value. They're important for the insert. They basically let it know that each item is another row.

and then your query would be (this is where I think you got the idea to implode something):

    $imploded = implode( ",", $val );
    $query = "INSERT INTO tbl_name  " . $imploded . ";";
    mysqli->query($query);

There are performance reasons to go with the prepared statement, but for a small query like this it really doesn't make that big of a difference. Even so, I'd prefer the prepared statement over the one built with string concatenation.

Answer 2

Best and quick way is:

PHP Code:

$data = array();

$data['A'] ='Daily';
$data['B'] ='Sunday';
$data['C'] ='Monday';

$value = "('".implode("'),('",$data)."')";

mysql_query("INSERT INTO tbl_name ('day') VALUES $value") or die(mysql_error());

Executed Query:

INSERT INTO tbl_name ('day') VALUES ('Daily'),('Sunday'),('Monday')

Answer 3

Add one step more, concatenate brackets before and after the values while saving into $val[] e.g:

if (isset($_POST['A']))
$val[] = "(" . $_POST['A'] . ")";
if (isset($_POST['B']))
$val[] =  "(" . $_POST['B'] . ")";
if (isset($_POST['C']))
$val[] =  "(" . $_POST['C'] . ")";



if(!empty($val[])){
    $value = implode(', ', $val);
    INSERT INTO table_name (day) $value
}

Answer 4

Do something like that :

foreach($val as $day_option){
    $sql = "INSERT INTO my_table (day) VALUES ($day_option)"
    //execute the previous statement here
}

Because $_POST checkbox contains the value of the checkbox (if html element checkbox has no value, the $_POST element is equal to boolean true)

Answer 5

You don't need to implode the array. Just use it like this:

<tr><td>1</td><td><?php echo $val[0] ?></td></tr><tr><td>2</td><td><?php echo $val[1] ?></td></tr><tr><td>3</td><td><?php echo $val[2] ?></td></tr>