0

I am trying to insert rows of data in an array into a table. It's inserting this instead of the actual data:

enter image description here

Here is my code:

for ($i = 0; $i < $arraycount; $i++)
{
    $db->query("INSERT INTO contact_tariffs (qid, retail_name, tariff_name, tariff_net, tariff_rental, tariff_inclusive, tariff_length, tariff_data)
                Values ('$qid', '$quote->retail_name[$i]', '$quote->tariff_name[$i]', '$quote->tariff_net[$i]', '$quote->tariff_rental[$i]', '$quote->tariff_inclusive[$i]', '$quote->tariff_length[$i]', '$quote->tariff_data[$i]' )");                        
}

I have had similar problems when using $_POST and $_SESSION variables and the only solution I had for that was to temporarily transport the values into temp variables and use the temp variables to insert into the database.

Improve this question
1
  • Look into string parsing, use curly braces, or possibly, sprintf or prepared statements. Commented Feb 3, 2012 at 11:44

2 Answers 2

Reset to default
2

The variables are too complex to use inside a string. PHP interprets $quote->retail_name as one variable and $i another, because it doesn't know where one variable ends and where the other starts. For example:

$i = 1;
$quote->retail_name[ 1 ] = 'foo';

echo "result: $quote->retail_name[$i]";  // --> result: Array[1]
// the above is the same as 
// echo $quote->retail_name; echo "["; echo $i; echo "];

echo "result: ".$quote->retail_name[$i]; // --> result: foo
// The above leaves the variable outside the string so it's parsed correctly.
// You could also use "result: {$quote->retail_name[$i]}"

See also http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing

Try this instead:

for ($i = 0; $i < $arraycount; $i++)
{
    $db->query("INSERT INTO contact_tariffs (qid, retail_name, tariff_name, tariff_net, tariff_rental, tariff_inclusive, tariff_length, tariff_data)
                Values ('$qid', '".$quote->retail_name[$i]."', '".$quote->tariff_name[$i]."', '".$quote->tariff_net[$i]."', '".$quote->tariff_rental[$i]."', '".$quote->tariff_inclusive[$i]."', '".$quote->tariff_length[$i]."', '".$quote->tariff_data[$i]."' )");                        
}

Although you should escape the values as well. Something like PDO would be preferable.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

+1 for pointing to PDO, Or he can use syntax: "'{$quote->retail_name[$i]}'"
I dont understand what you mean by too complex, are you refering to the variables structure or the data inside it?
PHP doesn't realize that $quote->whatever[$i] should be one variable. It thinks that it's $quote->whatever and $i separately. See the edit.
1

You can use curly brackets, to insert array values directly into a double quoted string:

for ($i = 0; $i < $arraycount; $i++)
{
    $db->query("INSERT INTO contact_tariffs (qid, retail_name, tariff_name, tariff_net, tariff_rental, tariff_inclusive, tariff_length, tariff_data)
                Values ('{$qid}', '{$quote->retail_name[$i]}', '{$quote->tariff_name[$i]}', '{$quote->tariff_net[$i]}', '{$quote->tariff_rental[$i]}', '{$quote->tariff_inclusive[$i]}', '{$quote->tariff_length[$i]}', '{$quote->tariff_data[$i]}' )");                        
}

...and please be aware of SQL injections.

Improve this answer

2 Comments

Its on a trusted system so im not worrying about that :)
Properly escaping parameters in SQL-queries is not just to protect against malicious injections. Perfectly valid names like "O'neill" could also get you in trouble. So, no matter whether you trust all users (and/or even if you yourself are the only user), escape those damn things.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.