wbrandt
wbrandt

Reputation: 149

PHP array in array in array $_POST

I have a question about displaying a variable that is in the an array of another array. Below is an example of a var_dump() of my $_POST variable. As you can see I have an array.. and another array in that array.. and another array in that array.. I actually need a variable from each of the layers.

Array(
[type] => note
[date_time] => 17-01-01
[initiated_from] => admin
[initiated_by] => admin
[list] => 0
[note] => THIS IS A TEST 
[contact] => Array
    (
        [id] => 250
        [email] => [email protected]
        [first_name] => TEST
        [last_name] => McTESTER
        [phone] => (777)777-7777
        [ip] => 0.0.0.0
        [tags] => buyer, requote, followup1, delete
        [fields] => Array
            (
                [3] => [email protected]
                [5] => TESTING TESTER
                [10] => STATE
                [11] => CITY
                [12] => COUNTY
                [6] => PHONE NUMBER
                [8] => www.test.com
                [9] =>  MORE TESTS
            )

Here is my code that I tried.

$sql_note="INSERT INTO customer_notes(customer_email,note,added_by,note_date) VALUES('$_POST[contact][email]','$_POST[note]','$_POST[contact][fields][3]','$note_date')";

(Ignore the $note_date) So these are the three things I am trying to get..

$_POST[note]

$_POST[contact][email]

$_POST[contact][fields][3]

I get the first one just fine but I get ARRAY[EMAIL] and ARRAY[FIELDS][3]

Upvotes: 0

Views: 45

Answers (1)

Álvaro González
Álvaro González

Reputation: 146660

You are using variable expansion incorrectly:

$foo = array();
$foo['one']['two'] = 'OK';

echo "Value is $foo[one][two]\n"; // Value is Array[two]
echo "Value is {$foo[one][two]}\n"; // Value is OK

... and in the wrong job. Your query should look like this:

$sql_note = "INSERT INTO customer_notes(customer_email, note, added_by, note_date)
    VALUES (?, ?, ?, ?)";

... and values should be passed in an array. Injecting raw untrusted data into SQL code is terribly messy to write and leads to SQL injection vulnerabilities. Please check the documentation for your database library.

Upvotes: 1

Related Questions