0

HTML Input

<input type="checkbox" value="1" name="que[10][1]">
<input type="checkbox" value="2" name="que[10][2]">
<input type="checkbox" value="3" name="que[10][3]">
...
<input type="checkbox" value="40" name="que[10][40]">

PHP submit

$submit = $_POST["que"];

I have the following array I want to store in my database :

Array
(
    [10] => Array
        (
            [0] => 26
            [1] => 27
            [2] => 28
            [3] => 29
            [4] => 30
            [5] => 31
        )

)

How can I convert to insert statement output following as below :

INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES(10,26),(10,27),(10,28),(10,29),(10,30);

Here is my code :

$submit = $_POST['que'];

$all_values = [];

$sql_submit_form = "INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES";

foreach ($submit as $question_id => $choise) {
   
    $row_values = [];
    foreach ($choise as $choise_data => $s_value) { 
        $row_values[] = "'" . $question_id . "'"; // question_id
        $row_values[] = "'" . $s_value . "'"; // answer

    }
    $all_values[] = '(' . implode(',', $row_values) . ')';
}
$sql_submit_form .= implode(',', $all_values);

echo $sql_submit_form;

Output :

INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES('10','27','10','28','10','29','10','30','10','31','10','32')
Improve this question
2
  • What have you tried so far? Where are you stuck? Commented Aug 18, 2021 at 8:26
  • What's your question about the given code? Looks like you build the query the wrong way. Also, be warned that the given way of building a query is widely open for SQL injection Commented Aug 18, 2021 at 8:33

2 Answers 2

Reset to default
1

You only need to clean up what you already have. There's also no need to inject raw data into your SQL code, that only makes code harder to maintain (apart from insecure):

$params = $clauses = [];
foreach ($submit as $question_id => $choices) {
    foreach ($choices as $choice_id) {
        $clauses[] = '(?, ?)';
        $params[] = $question_id;
        $params[] = $choice_id;
    }
}
$sql = 'INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES ' . implode(', ', $clauses);

Then feed $params to a prepared statement and you'll be done.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you so much. I tried this code here is output : $sql=INSERT INTO tb_answers (question_id, answer) VALUES (10, 29), (10, 30), (10, 31)
0

As already mentioned, you construct your SQL query wrong. SQL Injection is a thing, you need to use '?' placeholders if you plan to use this in production environments. Your desired output can be generated like that:

$row_values = [];
foreach ($submit as $question_id => $choise) {
    foreach ($choise as $choise_data => $s_value) {
        $row_values[] = "(". $question_id .",".$s_value . ")";
    }
}
$sql_submit_form .= implode(',', $row_values);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.