How insert data into MySQL using PHP if input fields are dymanic and input names always change and the amount of them?

Question

so i want to insert into database information but the input fields names and values change dynamically how would do this below is the first part of the code

echo'<form action="add3rd.php" method="post">';
while($row = mysqli_fetch_assoc($title2)) {
    echo '' . $row["input"]. '  <input type="text" name="' . $row["input"]. '">';
    echo '<input type="hidden" name="' . $row["input"]. '" value="' . $row["articleid"]. '">' ;

}
echo'<input type="submit" value="Next"></form>';
}  

Answer 1

One option is to loop through $_POST and get each field (key = the field's name). Next: you can use Prepared Statements to build the MySQL query.

---

Example

The content of $_POST may look like this:

[
    "name_of_field": "value",
    "name_of_another_field": "another value"
    // etc...
]

Tip: Put a prefix before every field name to prevent unwanted values in your SQL query. But remember to remove the prefix when you use it in the query.

The last step is to build and execute a prepared statement. I am using PHP Data Objects (PDO) for this example.

// The MySQL connection
$conn = new PDO("mysql:host={$host};dbname={$db}", $username, $password);

// Get the names of the fields from $_POST (I assume that the fieldnames are the same as the column names).
// Remember my tip that I wrote above.
$fieldNames = implode(',', array_keys($_POST));

// Get the values of the fields from $_POST
$fieldValues = implode(',', array_values($_POST));

// Prepare the query
$stmt = $conn->prepare("INSERT INTO YourTable ({$fieldNames}) 
VALUES ({$fieldValues})");

// Execute the query
$stmt->execute();

Answer 2

I will assume that the field names in the form are also column names of the table, a simplistic solution is this :

$input_names  = '';
$input_values = '';

//Iterate the POST table to get the input names and values
foreach($_POST as $input_name => $input_value){
    // escaping is always important
    $input_names  .= mysqli_real_escape_string ( $con, $input_name ) . ",";
    $input_values .= "'" .mysqli_real_escape_string ( $con, $input_value ) . "',";
}
// Remove trailing comma
$input_names  = rtrim( $input_names, "," );
$input_values = rtrim( $input_values, "," );
$sql = "INSERT INTO table_name ( $input_names ) VALUES ( $input_values )";

if ( $con->query($sql) === TRUE ) {
    // Success
} else {
    // Failure
}

In case there are input fields that are not part of the table, or actually in any case a check can happen in the field forming part. For example:

$field_array = ["field1", "field2", "field3"];
foreach($_POST as $input_name => $input_value){

    // Skip field if the name is not in the $field_array
    if(!in_array( $input_name, $field_array ){
        continue;
    }

    $input_names  .= mysqli_real_escape_string ( $con, $input_name ) . ",";
    $input_values .= "'" .mysqli_real_escape_string ( $con, $input_value ) . "',";
}

The above code is untested and should only be used as a reference.