0

I have a form that has a variable number of input fields, and i now try to get these values in my database. I got this code from another question here and all the replies where implying that they got it working..so i think i'm doing something wrong here.

I get no error, it just enters one empty entry/row in my database every time i submit the form. The $_POST array is filled with all the data i need, it shows when i print_r it.

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {


  if (
     !empty($_POST['homeTeam']) && !empty($_POST['awayTeam']) && !empty($_POST['homeWin']) && !empty($_POST['awayWin']) && 
     is_array($_POST['homeTeam']) && is_array($_POST['awayTeam']) && is_array($_POST['homeWin']) && is_array($_POST['awayWin']) && 
     count($_POST['homeWin']) === count($_POST['awayWin'])
  ) {
      $homeTeam_array = $_POST['homeTeam'];
      $awayTeam_array = $_POST['awayTeam'];
      $homeWin_array = $_POST['homeWin'];
      $awayWin_array = $_POST['awayWin'];

      for ($i = 0; $i < count($homeTeam_array); $i++) {

          $homeTeam = mysql_real_escape_string($homeTeam_array[$i]);
          $awayTeam = mysql_real_escape_string($awayTeam_array[$i]);
          $homeWin = mysql_real_escape_string($homeWin_array[$i]);
          $awayWin = mysql_real_escape_string($awayWin_array[$i]);

          $sql = "INSERT IGNORE INTO CalcOdds (homeTeam, awayTeam, homeWin, awayWin) VALUES ('$homeTeam', '$awayTeam', '$homeWin', '$awayWin')"; 
          $conn->query($sql);
          $conn->close();

      }
  }
  echo "<pre>";
  print_r($_POST);
  echo "</pre>";
  echo 'Done!';
}

?>
Improve this question
6
  • 1
    WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use manual escaping and string interpolation or concatenation to accomplish this because you will create severe SQL injection bugs. Accidentally unescaped data is a serious risk. Using bound parameters is less verbose and easier to review to check you’re doing it properly. Commented Oct 9, 2018 at 19:59
  • 1
    Note: The object-oriented interface to mysqli is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete mysql_query interface. Before you get too invested in the procedural style it’s worth switching over. Example: $db = new mysqli(…) and $db->prepare("…") The procedural interface is an artifact from the PHP 4 era when mysqli API was introduced and should not be used in new code. Commented Oct 9, 2018 at 19:59
  • You may want to share the content of $_POST Commented Oct 9, 2018 at 20:01
  • 2
    Why are you mixing mysqli_ and mysql_ functions and where are you actually connecting to your database? Commented Oct 9, 2018 at 20:03
  • 1
    Thanks @tadman for the warning, i'll look into this.I only just picked up coding again after i while and really need to do some studying :) Commented Oct 9, 2018 at 20:28

2 Answers 2

Reset to default
3

I think the problem is because you have $conn->close(); inside the for loop try to add it after the loop like this:

     for ($i = 0; $i < count($homeTeam_array); $i++) {

          $homeTeam = mysql_real_escape_string($homeTeam_array[$i]);
          $awayTeam = mysql_real_escape_string($awayTeam_array[$i]);
          $homeWin = mysql_real_escape_string($homeWin_array[$i]);
          $awayWin = mysql_real_escape_string($awayWin_array[$i]);

          $sql = "INSERT IGNORE INTO CalcOdds (homeTeam, awayTeam, homeWin, awayWin) VALUES ('$homeTeam', '$awayTeam', '$homeWin', '$awayWin')"; 
          $conn->query($sql);            
      }
      $conn->close();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

  1. Instead of doing !empty() I'd do isset()

  2. By the looks of things you haven't actually established a connection to your database.

  3. Make sure that the data actually gets through the if() statement by using a echo() for example.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.