Reputation: 167
Separate Array entries into DB
I'm looking for some help on a problem I'm having trying to inject values from an array into a MySQL table separately. So, not the whole array in one row but in separate entries.
The form is something like this:
<form <form class="reg" name="main_form" action="form.php" method="post">>
<ul>
<li>
<label for="text1">
<input type="checkbox" name="task[]" value="text1" />text1
</label>
</li>
<li>
<label for="text2">
<input type="checkbox" name="task[]" value="text2" />text2
</label>
</li>
<li>
<label for="text3">
<input type="checkbox" name="task[]" value="text3" />text3
</label>
</li>
</ul>
<input type="submit" value="submit" />
</form>
In form.php I have something like this for now whic works to put all the selected boxes into one row within the table:
<?php
require 'db/config.php';
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link){
die('Could not connect due to: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected){
die('Can\'t use: ' . DB_NAME . ': ' . mysql_error());
}
$task = implode (PHP_EOL, $_POST['task']);
$sql = "INSERT INTO completed (task) VALUES ('$task')";
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
mysql_close();
?>
If someone were to come along and select the checkbox on all three (text1, 2 & 3), I'd need that to be entered into the DB as three separate entries and not grouped together as one.
I'm thinking I need to use something like explode() before the form actually feeds them into the DB but I'm not 100% sure. Any help would be appreciated.
Upvotes: 1
Views: 45
Answers (1)
Reputation: 2465
Your Version fixed
Your fixed version but your api is deprecated and your method is not sql injection save. Dont use this approach use the better approach, I mentioned later in my answer.
Replace this
$task = implode (PHP_EOL, $_POST['task']);
$sql = "INSERT INTO completed (task) VALUES ('$task')";
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
with this
<?php
foreach ($_POST['task'] as $task) {
$sql = "INSERT INTO completed (task) VALUES ('$task')";
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
}
Better Approach
Save Version with newer Api cause mysql_connect is deprecated, and sql injection save. So use the new mysqli api. To prevent SQL Injection you should really prepared statements, will update my answer for that in a minute. Don't use the other approach. Cause mysql_connect is not only deprecated it is removed in the recent php version from the api. Thanks @vove for your notice.
<?php
require 'db/config.php';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_error) {
die('Connect Error (' . $mysqli->connect_errno . ') '
. $mysqli->connect_error);
}
$stmt = $mysqli->prepare("INSERT INTO completed (task) VALUES (?)");
if (!$stmt) {
echo $mysqli->error;
exit();
}
foreach ($_POST['task'] as $task) {
$stmt->bind_param("s", $task);
$stmt->execute();
}
$stmt->close();
$mysqli->close();
Output of both Versions
Had text1 and text2 selected.
mysql> select * from completed;
+-------+
| task |
+-------+
| text1 |
| text2 |
+-------+
Upvotes: 1
Related Questions
- How do I check if an array includes a value in JavaScript?
- Loop (for each) over an array in JavaScript
- How can I remove a specific item from an array in JavaScript?
- How to append something to an array?
- Deleting an element from an array in PHP
- How to insert an item into an array at a specific index?
- Sort array of objects by string property value
- Loop through an array in JavaScript
- Create ArrayList from array