0

so i want to insert into database information but the input fields names and values change dynamically how would do this below is the first part of the code

echo'<form action="add3rd.php" method="post">';
while($row = mysqli_fetch_assoc($title2)) {
    echo '' . $row["input"]. '  <input type="text" name="' . $row["input"]. '">';
    echo '<input type="hidden" name="' . $row["input"]. '" value="' . $row["articleid"]. '">' ;

}
echo'<input type="submit" value="Next"></form>';
}
Improve this question

2 Answers 2

Reset to default
2

One option is to loop through $_POST and get each field (key = the field's name). Next: you can use Prepared Statements to build the MySQL query.

Example

The content of $_POST may look like this:

[
    "name_of_field": "value",
    "name_of_another_field": "another value"
    // etc...
]

Tip: Put a prefix before every field name to prevent unwanted values in your SQL query. But remember to remove the prefix when you use it in the query.

The last step is to build and execute a prepared statement. I am using PHP Data Objects (PDO) for this example. 

// The MySQL connection
$conn = new PDO("mysql:host={$host};dbname={$db}", $username, $password);

// Get the names of the fields from $_POST (I assume that the fieldnames are the same as the column names).
// Remember my tip that I wrote above.
$fieldNames = implode(',', array_keys($_POST));

// Get the values of the fields from $_POST
$fieldValues = implode(',', array_values($_POST));

// Prepare the query
$stmt = $conn->prepare("INSERT INTO YourTable ({$fieldNames}) 
VALUES ({$fieldValues})");

// Execute the query
$stmt->execute();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I will assume that the field names in the form are also column names of the table, a simplistic solution is this :

$input_names  = '';
$input_values = '';

//Iterate the POST table to get the input names and values
foreach($_POST as $input_name => $input_value){
    // escaping is always important
    $input_names  .= mysqli_real_escape_string ( $con, $input_name ) . ",";
    $input_values .= "'" .mysqli_real_escape_string ( $con, $input_value ) . "',";
}
// Remove trailing comma
$input_names  = rtrim( $input_names, "," );
$input_values = rtrim( $input_values, "," );
$sql = "INSERT INTO table_name ( $input_names ) VALUES ( $input_values )";

if ( $con->query($sql) === TRUE ) {
    // Success
} else {
    // Failure
}

In case there are input fields that are not part of the table, or actually in any case a check can happen in the field forming part. For example:

$field_array = ["field1", "field2", "field3"];
foreach($_POST as $input_name => $input_value){

    // Skip field if the name is not in the $field_array
    if(!in_array( $input_name, $field_array ){
        continue;
    }

    $input_names  .= mysqli_real_escape_string ( $con, $input_name ) . ",";
    $input_values .= "'" .mysqli_real_escape_string ( $con, $input_value ) . "',";
}

The above code is untested and should only be used as a reference.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.