CODEWITHSUNDEEP
phpmysqlsql
user3388086
user3388086

Reputation:

User creation in php, mysql using for loop and insert query

I need to create n number of users with n username and password.

If I give the input 5, abc. 5 Users should be created with the username and password such as abc1, abc2, abc3, abc4 and abc5.

How can I do this in for loop by giving the mysql insert query?

Here are my forms

create.php

Create User : 
<br><br>
<form action="add_res.php" method="post">
Count :  <input type = "text" name="count"><br>
Name :  <input type = "text" name="val">
<input type = "submit">
</form>

and the add_res.php

<?php
$count=$_POST['count']; 
$val=$_POST['val'];     
include ('config.php');
echo "<b>".$count." Users Created"."</b>"."<br>";
echo "<u>"."The Users' List is given below"."</u>";
for ($i=1; $i <=$count; $i++) 
{ 
$select=mysql_query("insert into student (username, password) VALUES
('$con', '$con')");
}  
?>

I don't have idea about implementing the proper for loop and the proper insert query. How can i achieve it?

Upvotes: 1

Views: 994

Answers (4)

Josh Watzman
Josh Watzman

Reputation: 7260

Several of the other answers here have indicated how to properly set up the variables to send with your MySQL query, but every single one of them, as well as your original code, contains a classic SQL injection vulnerability! Especially since you are getting your input directly from $_POST, this will allow an attacker complete control over your database -- reading data, resetting passwords, anything.

One way to solve the problem is to escape the input to mysql_query. A version which both solves your original question and the security issue might look like this:

<?php
include ('config.php');

$count = $_POST['count']; 
$val = $_POST['val'];     

echo "<b>".$count." Users Created</b><br>";
echo "<u>The Users' List is given below</u>";

echo "<ul>";
for ($i = 1; $i <= $count; $i++) 
{
  echo "<li>";
  $name = $val . $i;
  $name = mysql_real_escape_string($name);
  mysql_query("insert into student (username, password) VALUES ('$name', '$name')");
}
echo "</ul>";

However, this still uses mysql_query, and while mysql_real_escape_string solves the aforementioned security problem, is not the preferred way to write MySQL queries. I believe PDO is the recommended way to do so now.

Upvotes: 1

SagarPPanchal
SagarPPanchal

Reputation: 10121

Replace this instead of your loop

for ($i=1; $i <=$count; $i++) 
{ 
    echo "<br>";
    echo $val.$i;
    $con=$val.$i;
    $select=mysql_query("insert into student (username, password) VALUES ('".$con."', '".$con."')");
}

Upvotes: 0

Tateyaku
Tateyaku

Reputation: 154

Just create a variable with the $val variable then put the $i variable at the end. Then insert that.

for ($i=1; $i <=$count; $i++) 
{ 
$con = $val.$i;
$select=mysql_query("insert into student (username, password) VALUES ('$con', '$con')");
}

Upvotes: 0

Sulthan Allaudeen
Sulthan Allaudeen

Reputation: 11310

Use the for loop and the insert query by the below format, 

<?php
$count=$_POST['count']; 
$val=$_POST['val']; 

include ('config.php');
echo "<b>".$count." Users Created"."</b>"."<br>";
echo "<u>"."The Users' List is given below"."</u>";
for ($i=1; $i <=$count; $i++) 
{ 

    echo "<br>";
    echo $val.$i;
$con=$val.$i;
$select=mysql_query("insert into student (username, password) VALUES
('$con', '$con')");

}


?>

Upvotes: 1

Related Questions