0

my form as the following table (of textfeild). I am feeding the values into these textfeild. How can i enter these values into my database? plz help. enter image description here

code of the form:- 

    $rows=$_POST["rows"];       
          echo "
        <table align=\"center\" border=\"1\" width=\"70%\">
        <tr>
        <td><b>Roll No.</b></td> <td><b>Full Name</b></td> <td><b>Unit_test</b>       </td><td><b>Prelims</b></td> 
        <td><b>Attendance</b></td> <td><b>File</b></td> 
        </tr>";

    for($n=0;$n<$rows;$n++)
    { 
    echo "<tr>
    <td><input type=\"text\" name=\"roll\" /></td><td><input type=\"text\"                 name=\"name\" /></td><td><input type=\"text\" name=\"unit_test\" /></td>
    <td><input type=\"text\" name=\"prelims\" /></td><td><input type=\"text\"  name=\"attendance\" /></td><td><input type=\"text\" name=\"file\" /></td>
    </tr>";
    }
     echo "</table>";
     echo "<form action=\"feed2.php\" method=\"post\">
    <br>
     <input type=\"submit\" name=\"\" value=\"Submit\" />
   </form>";

code used for inserting into db:-

for($n=0;$n<3;$n++)
{
  if(isset($_POST['roll']))
  {
    echo "<br>Updating";

    $roll=$_POST['roll'];
    $name=$_POST['name'];
    $unit_test=$_POST['unit_test'];
    $prelims=$_POST['prelims'];
    $attendance=$_POST['attendance'];
    $file=$_POST['file'];

    $sql="Insert into students (roll,name,unit_test,prelims,average,attendance,file,interm) 
    VALUES ('$roll','$name','$unit_test','$prelims','$average'=(('$unit_test' + '$prelims')/125) *10,'$attendance','$file','$average'+'$attendance'+'$file')";
    $res=mysql_query($sql);
    header("Location:./view.php");
  }
Improve this question
2
  • I don't even see how this code works at all. Where do you post values to your table in form? Your for loop in your inserting into db does nothing. It is just looping 3 times with the same values. Commented Sep 29, 2013 at 12:01
  • my table is made of textfeilds so i think on clicking the submit button it should insert but for obvious reason it doesnt even insert any values. Commented Sep 29, 2013 at 12:30

3 Answers 3

Reset to default
2

The simplest way is probably to make the $_POST values for roll etc. an array (so $_POST becomes a multidimensional array).

See this previous question for an example of how it can be done:

Submitting a multidimensional array via POST with php

You can then loop through the array values in your database insert code.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The name of each field must be different in each row in order to successfully send data from browser to server. In your case for all columns the name remains the same in all rows. You can suffix them with $n

Solution:

Replace the code which generate fields to the following:

 for($n=0;$n<$rows;$n++)
    { 
    echo "<tr>
    <td><input type=\"text\" name=\"roll_$n\" /></td><td><input type=\"text\"                     name=\"name_$n\" /></td><td><input type=\"text\" name=\"unit_test_$n\" /></td>
    <td><input type=\"text\" name=\"prelims_$n\" /></td><td><input type=\"text\"  name=\"attendance_$n\" /></td><td><input type=\"text\" name=\"file_$n\" /></td>
    </tr>";
    }

In above code we have suffixed each field with _$n

Secondly, Change the code of insert to the following:

$roll=$_POST['roll_'.$n];
$name=$_POST['name_'.$n];
$unit_test=$_POST['unit_test_'.$n];
$prelims=$_POST['prelims_'.$n];
$attendance=$_POST['attendance_'.$n];
$file=$_POST['file_'.$n];

Thirdly, I think the sql query need to be changed. Calculate average before the query and store its values in a variable. Then reference this variable in query same as you have done with other variables like $roll and $name.

$average=(($unit_test + $prelims)/125) *10;

Now with this code all three lines will be saved in database.

Hope this helps.

Improve this answer

1 Comment

It is not best practice to use numeric suffixes on field names. It is better to wrap the numbers in square braces when naming HTML fields so that the nested arrays can be easily traversed when received by the server-side script.
0

Multiple row inserts in SQL are simply multiple parenthesis with commas, (), (), ();

You are also NOT escaping your data! You must escape ALL your data regardless of text or binary. It is simple and you must never fail to escape data. I escape data even if it's come directly out of my database, a hacker could post code in say a blog comment, it gets commented out, but then for some reason if I handle that comment it could later execute.

$roll = mysql_real_escape_string($_POST['roll');

So just do this...

INSERT INTO table (roll, name, unit_test, prelims, average, attendance, file, interm) VALUES 
('$roll','$name','$unit_test','$prelims','$average'=(('$unit_test' + '$prelims')/125) *10,'$attendance','$file','$average'+'$attendance'+'$file'),
('$roll','$name','$unit_test','$prelims','$average'=(('$unit_test' + '$prelims')/125) *10,'$attendance','$file','$average'+'$attendance'+'$file'),
('$roll','$name','$unit_test','$prelims','$average'=(('$unit_test' + '$prelims')/125) *10,'$attendance','$file','$average'+'$attendance'+'$file'),
('$roll','$name','$unit_test','$prelims','$average'=(('$unit_test' + '$prelims')/125) *10,'$attendance','$file','$average'+'$attendance'+'$file');
Improve this answer

1 Comment

It is not advisable to use any _escape_ functions as a preparation step before querying the database. The INSERT query should not be directly injected with user input. Best practice is to build a prepared statement; then bind parameters and execute queries in a loop.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.