-1

Good evening lovely people,

I'm having problems with my query. The query should insert each product which is entered on the page. My table products has 4 fields: id, product_name, quantity and price.

The HTML looks a bit like this:

<form action="" method="post">

    Product name: <input type="text" name="product_name[]" value="" />
    Quantity: <input type="text" name="quantity[]" value="" />
    Price: <input type="text" name="price[]" value="" /> <br /> <br />

    <input type="submit" name="submit" value="Insert new products" />

</form>

I want my users to be able to insert new products into our database table products. By the way, I've created a javascript function which adds more fields to the form so my employees do not have to submit the form every time he or she wants to add a new product, but instead just add as many fields he or she needs to submit. Hopefully you'll know what I am talking about :)

Since I am not an expert in PHP coding, then I've tried on my own, which in my case has not worked particularly well. Of course I've been reading some articles on the web about querying array data, but with no luck, sadly.

So far, the PHP code looks like this:

<?
if(isset($_POST['submit'])){
    $product_name = addslashes($_POST['product_name']);
    $quantity     = addslashes($_POST['product_name']);
    $price        = addslashes($_POST['product_name']);

    $db->query("INSERT INTO products (product_name, quantity, price) VALUES ('".$product_name."', '".$quantity."', '".$price."')");
}
?>

If my employees have to insert each product one by one this had not been a problem. But since they can add more fields to the form then it becomes a problem.

Hopefully there is a logical explanation, but I can not figure it out on my own. And of course I am aware that I have not escaped my variables but this code is just for testing purposes. Have a good evening folks :)

Improve this question
3
  • addslashes is a quite weak form of protection against SQL Injection. Commented Feb 13, 2014 at 21:54
  • Your $_POST data is an array - you'll need to iterate over it, so best to look up for() or foreach() Commented Feb 13, 2014 at 21:55
  • You can look for tutorials on inserting data from multiselects, which is very similar to what you're attempting. See for example, this question Commented Feb 13, 2014 at 21:58

1 Answer 1

Reset to default
2

You need to loop through all values in the array $_POST['product_name'] and issue a DB insert query once for each member of the array. The form data for each field set is submitted and processed as an array in PHP, like:

$_POST['product_name'] = array( 0 => 'first name', 1 => 'second name', 2 => 'third name', etc. )

Here's the code:

if(isset($_POST['submit'])){
    $ct=0;
    foreach( $_POST['product_name'] as $k=> $value ){ // loop through array
        $product_name = addslashes( $value );  // set name based on value
        $quantity     = addslashes($_POST['quantity'][$ct] ); // set qty using $ct to identify # out of total submitted
        $price        = addslashes($_POST['price'][$ct] ); // same as set qty

        $db->query("INSERT INTO products (product_name, quantity, price) VALUES ('".$product_name."', '".$quantity."', '".$price."')");
        $ct++; // increment +1
    }
}

To UPDATE (not INSERT) you need to pass an ID number along with the input fields in your HTML.

<input type="hidden" name="modify_id[]" value="7" />
Product name: <input type="text" name="product_name[]" value="" />
Quantity: <input type="text" name="quantity[]" value="" />
Price: <input type="text" name="price[]" value="" /> <br /> <br />

Then using PHP:

if(isset($_POST['submit'])){
    $ct=0;
    foreach( $_POST['product_name'] as $k=> $value ){ // loop through array
        $product_name = addslashes( $value );  // set name based on value
        $quantity     = addslashes($_POST['quantity'][$ct] ); // set qty using $ct to identify # out of total submitted
        $price        = addslashes($_POST['price'][$ct] ); // same as set qty

        $id           = (int)$_POST['modify_id'][ $ct ];

        $db->query("UPDATE products SET product_name = '$product_name', quantity = '$quantity', price = '$price' WHERE id = '$id' LIMIT 1");
        $ct++; // increment +1
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

A valid point. You could substitute $k for all instances of $ct for the other arrays, and remove the $ct=0; and $ct++; lines. But, I think, the data in $k is string, not integer.
And how will this work for updating the current fields in one page?
This will loop multiple times, for each set of fields you've added in the JavaScript. So if there are 8 sets of 3 fields, it will loop over them and submit 8 times.
$k is an integer so it would be safe and appropriate to use as a counter. Even if it wasn't, the arrays are all put together by PHP so those array elements would be all ordered by the same character type anyways.
Thanks man! I will definitely try this tomorrow. I am most grateful for your amazing help :) take care man!
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.