two arrays in one form to mysql with php

Question

I have a form with two fieldsets which contains checkboxes:

<fieldset style="width:300px; height:200px; overflow:scroll;">
    <input type="checkbox" name="table[]" id="01" value='ado'> Adoption <br />
    <input type="checkbox" name="table[]" id="02" value='acc'> Accomodations <br />
    <input type="checkbox" name="table[]" id="03" value='ann'> Announcements <br />
    <input type="checkbox" name="table[]" id="04" value="bea"> Beauty/Fitness <br />
    <input type="checkbox" name="table[]" id="05" value="bus"> Business Oportunities    
</fieldset>

and this one

<fieldset style="width:300px; height:200px; overflow:scroll;">
    <input type="checkbox" name="State[]" id="01" value='AL'> Alabama <br />
    <input type="checkbox" name="State[]" id="02" value='AK'> Alaska<br />
    <input type="checkbox" name="State[]" id="03" value='AZ'> Arizona<br />
    <input type="checkbox" name="State[]" id="04" value='AR'> Arkansas <br />
    <input type="checkbox" name="State[]" id="05" value='CA'> California <br />
</fieldset>

Im using this code to go into their respective tables

$table = $_POST['table'];  
$name = $_POST['name'];
$state = $_POST['State'];

if(is_array($table)){
  while(list($tables) = each($table)){
    $sql2 = "INSERT INTO tableName (name,table) VALUES ('$name','$tables')";
    $q2 = mysqli_query($db_conx,$sql2);
    }
}           

if(is_array($state)){
  while(list($key,$value) = each($state)){
   $sql3 = "INSERT INTO states (name,State) VALUES ('$name','$value')";
   $q3 = mysqli_query($db_conx,$sql3);
     }
}

when it gets executed the only data that gets entered is states I used

echo "table; ".$table."<br /> State; ".$state;

and got

table; Array
State; Array012ALAKAZ

someone help me!

Answer 1

Here you have solution what makes only 2 queries instead of 20 and so queries:

$tables = $_POST['table'];  
$name = $_POST['name'];
$states = $_POST['State'];

$states_values = '';
$tables_values = '';

$i = 0;
foreach($states as $state)
{
    $i++;
    $last = $i == count($states) ? true : false;
    $states_values .= '(' . $name . ', ' . $state . ')' . ($last ? '' : ',');
}

$i = 0;
foreach($tables as $table)
{
    $i++;
    $last = $i == count($tables) ? true : false;
    $tables_values .= '(' . $name . ', ' . $table . ')' . ($last ? '' : ',');
}

mysqli_query($db_conx, 'INSERT INTO states (name, State) VALUES ' . $states_values;
mysqli_query($db_conx, 'INSERT INTO tableName (name, table) VALUES ' . $tables_values;

As Marc said, you should escape your inputs.

Answer 2

You are vulnerable to sql injection attacks.

And your table query is using a reserved word, so the entire insert query is failing. Since you failed to check for failure, and simply assumed success, you'll never see any error messages.

Never EVER assume success when dealing with an external resource (especially a database). There's exactly ONE way for a query to succeed, and a near infinite number of ways for it to fail. Yet you seem to think that 1:infinity odds are really good.

$sql2 = "INSERT INTO tableName (name,`table`) VALUES ('$name','$tables')";
                                     ^-----^---you need these

$q2 = mysqli_query($db_conx,$sql2) or die(mysqli_error($db_conx));
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^---you also need this