CODEWITHSUNDEEP
phpmysql
Ryan
Ryan

Reputation: 433

Multiple SQL insertions in one query

HI All, I'm concerned, I have an array coming in from a server. The array is then translated into variables. Such as:

$fpage = $_SESSION['scores'];

$score1 = $fpage['0'];
$score2 - $fpage['1'];
//Start of Queries


 // This is what I would like to do, but Its not working: 
$sql ="INSERT INTO Score (ScoreID,ResponseID,AssessorID,CriteriaID,Score,StudentID)"
       . "VALUES ('$rand','$rand2','$adminname','1-22','$score1', '$student')"; 

           $new = mysql_query($sql, $db);
$sql2 ="INSERT INTO Score (ScoreID,ResponseID,AssessorID,CriteriaID,Score,StudentID)"
       . "VALUES ('$rand','$rand2','$adminname','1-21','$score2', '$student')"; 

           $new1 = mysql_query($sql3, $db);
$sql3 ="INSERT INTO Score (ScoreID,ResponseID,AssessorID,CriteriaID,Score,StudentID)"
       . "VALUES ('$rand','$rand2','$adminname','1-21','$score3', '$student')"; 

           $new2 = mysql_query($sql3, $db);

My question is, What is the best way of doing this. I have tried to loop the queries, but I could not get that to work. What is the best way to accomplish this?

Upvotes: 0

Views: 330

Answers (1)

Jon Seigel
Jon Seigel

Reputation: 12401

Well, there is a typo in the middle call to mysql_query -- you passed in $sql3 instead of $sql2.

Also, you can do this:

INSERT INTO Score (ScoreID, ResponseID, AssessorID, CriteriaID, Score, StudentID)
    VALUES
        (score1, response1, assessor1, criteria1, etc.),
        (score2, response2, assessor2, criteria2, etc.),
        (score3, response3, assessor3, criteria3, etc.),
        etc.

which will only hit the database once for all the inserts instead of once per insert.

Finally, your code appears to be vulnerable to SQL injection.

Upvotes: 4

Related Questions