1

I tried to insert multiple rows from one form using checkboxes, include take values from input box, all of them has the structure: 

<input id="Valor" type="text" name="Valor[]" value="<?php echo $row2["Valor"];  ?>" />

and the checkbox is like:

<input type="checkbox" name="Pago[]" id="Pago" value="<?php echo $row2["IdSolicitudTarjeta"]; ?>" />

But when I'll send the form at 'insertmultiple.php' I use the following code but only shows 2 results. Don't matter how many times I tried show the rest, don't works:

foreach($_POST['Pago'] as key => $val) {
$Producto = $_POST['Producto'][$key];
$FormaPago = $_POST['FormaPago'][$key];
$FechaConsignacion = $_POST['FechaConsignacion'][$key];
$Valor = $_POST['Valor'][$key];
$Detalle = $_POST['Detalle'][$key];
$FechaRegistrar = $_POST['FechaRegistrar'][$key];

echo $Pago."&nbsp;--&nbsp;".$FechaConsignacion."&nbsp;--&nbsp;".$Producto."&nbsp;--&nbsp;";
echo $FormaPago."&nbsp;--&nbsp;".$Valor."&nbsp;--&nbsp;".$Detalle."&nbsp;--&nbsp;";
echo $FechaRegistrar."<br>";

}

please help! :(

Improve this question
4
  • Where is there mysql code...? Also you've got a lot of xss injection vulnerabilities. Commented Nov 1, 2011 at 20:27
  • Can you show us the code of the page that renders the form? Bit hard to understand what's going on prior to this code being executed. Commented Nov 1, 2011 at 20:29
  • $AInsertar = "(".$Ider.",".$Producto.",'".$FechaRegistrar."','".$FechaConsignacion."',".$FormaPago.",".$Pagado.",'".$Valor."','".$Detalle."','".$FechaAprobado."'".");"; $sql = " INSERT INTO compras(IdCliente,IdProducto,FechaSolicitud,FechaPago,IdFormaPago,RealizoPago,ValorPagado,Detalles,FechaAprobacionPago) VALUES ".$AInsertar; echo $sql; conectar(); mysql_query($sql) or die (mysql_error()); desconectar(); Commented Nov 1, 2011 at 20:35
  • print_r($_POST) please Commented Nov 1, 2011 at 20:48

2 Answers 2

Reset to default
2

First thing: not key but $key

foreach($_POST['Pago'] as $key => $val) {

I dont see any SQL code though.

ADDENDUM

Hm... it seems like a really messy way to insert things into database. As Cyclone noticed you do not purify your input prior to inserting the date. This is wrong but its a story for another post :p

Besides consider one thing:

Are you sure you want to use 

$Producto = $_POST['Producto'][$key];

and not:

$Producto = $_POST['Producto'][$val];

You seem to store some id in those checkboxes... otherwise you may have a scenario like:

1  [x]
2  [ ]
3  [ ]
4  [x]

So I blieve that $_POST['Pago'] will have only 2 fields 1 and 4... but their key will be 1 and 2 as inactive checkboxes will not have value and will not end-up in the array. I may be wrong though... shame to admit I do not remember how it works precisely O.o

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You're right, but I don't why when I put $val it doesn't works :( about injections how can I improve or do something? and I don't know what do with my mess of code. I will try to put some value in the unchecked values for see what kind of result apper now. Any idea about what I must do is welcome.
Hi, sorry for lack of response earlier. As for data validation that is more complicated but the easiest thing to do would be to make sure you use mysql_real_escape_string() function for every field that comes from the form. That will at least remove SQL injection threat. Check this function out on php.net/manual/en/function.mysql-real-escape-string.php
0

The problem is solved, thanks for your help!!!!!, that's work with the next changes:

if(!empty($_POST['Pago'])) {
    $aLista = array_keys($_POST['Pago']);
    $Valor = $_POST['Valor'];
    $Pago = $_POST['Pago'];
    $Producto = $_POST['Producto'];
    $FormaPago = $_POST['FormaPago'];
    $FechaConsignacion = $_POST['FechaConsignacion'];
    $Detalle = $_POST['Detalle'];
    $FechaRegistrar = $_POST['FechaRegistrar'];
foreach($aLista as $key => $val) {
      print "$aLista[$key] => $val";
      echo "&nbsp;&nbsp;------&nbsp;&nbsp;";
      print "$Valor[$val]";
      echo "&nbsp;&nbsp;------&nbsp;&nbsp;";
      print "$Producto[$val]";
      echo "&nbsp;&nbsp;------&nbsp;&nbsp;";
      print "$FormaPago[$val]";
      echo "&nbsp;&nbsp;------&nbsp;&nbsp;";
      print "$FechaConsignacion[$val]";
      echo "&nbsp;&nbsp;------&nbsp;&nbsp;";
      print "$Detalle[$val]";
      echo "&nbsp;&nbsp;------&nbsp;&nbsp;";
      print "$FechaRegistrar[$val]";
      echo "<br><hr>";
}
unset($val);

}

I guess, now I can Insert that rows without problems,

Improve this answer

2 Comments

Hi, sorry for lack of response earlier. As for data validation that is more complicated but the easiest thing to do would be to make sure you use mysql_real_escape_string() function for every field that comes from the form. That will at least remove SQL injection threat. Check this function out on php.net/manual/en/function.mysql-real-escape-string.php
Ok, thank you. I'll read it and I'll put into practice now :D

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.