Errors with foreach and array

Question

Hi I'm using foreach to insert into my database multiple authors for a book.

Here is the foreach:

foreach ($_POST["authors"] as $author) 
{
    $sqlAuthor = "INSERT INTO book_author (book_ISBN, author_ID)
        VALUES('$isbn','$author')";

    mysql_query($sqlAuthor);
}

I am getting the authors with a select multiple from my page for which I have created a function to display in the select multiple the authors available.

The code is producing exactly what I want it to produce in the page from my database (the names of all the authors)

Here is the multiple() function:

<?php include ("includes/connections.php");
    function multiple($intIdField, $strfNameField, $strlNameField, $strTableName, $strOrderField, $strNameOrdinal, $strMethod="asc") {
       echo "<select multiple=\"multiple\" name=\"$strNameOrdinal\[\]\">\n";

       $strQuery = "select $intIdField, $strfNameField, $strlNameField
                   from $strTableName
                   order by $strOrderField $strMethod";

       $rsrcResult = mysql_query($strQuery);

       while($arrayRow = mysql_fetch_assoc($rsrcResult)) {
          $strA = $arrayRow["$intIdField"];
          $strB = $arrayRow["$strlNameField"] . " " . $arrayRow["$strfNameField"];    
          echo "<option value=\"$strA \">$strB</option>\n";
       }

       echo "</select>";
    }
?>

Now for some reason it throws the following errors:

Notice: Undefined index: authors in C:\xampp\htdocs\ex\addBook.php on line 63

Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\ex\addBook.php on line 63

I think it tells me that it can't find the authors array but I find it very strange

Here the php code inside the html to call the multiple() function:

<?php multiple("author_ID", "author_firstname", "author_lastname", "author", "author_lastname", "authors"); ?>

Anyone has any idea what is wrong with my code?

Please stop writing new code with the ancient MySQL extension: it is no longer maintained and the community has begun the [deprecation process](http://news.php.net/php.internals/53799); you can use instead either the improved [MySQLi](http://php.net/mysqli) extension or the [PDO](http://php.net/pdo) abstraction layer. — eggyal, Jun 07 '12 at 19:02
**Your code is vulnerable to SQL injection.** You *really* should be using [prepared statements](http://stackoverflow.com/a/60496/623041), into which you pass your variables as parameters that do not get evaluated for SQL. If you don't know what I'm talking about, or how to fix it, read the story of [Bobby Tables](http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain). — eggyal, Jun 07 '12 at 19:04
Have you looked at the HTML that your code is generating to make sure it's producing what you expect? — andrewsi, Jun 07 '12 at 19:07

tigrang · Answer 1 · 2012-06-07T19:49:29.903

2

Change to

echo "<select multiple=\"multiple\" name=\"{$strNameOrdinal}[]\">\n";

and also check if its set before using it as others suggested.

Edit: Not related to the issue on hand but you have an extra space after $strA, change to if it wasn't on purpose.

echo "<option value=\"$strA\">$strB</option>\n";

edited Jun 07 '12 at 19:49

answered Jun 07 '12 at 19:08

tigrang

6,767
1
20
22

I tried it and it did not work, also I left the if out on purpose and even after choosing authors it still show the error that "authors" is undefined. So even if I choose the authors it is still not defined. Very weird – Aki K Jun 07 '12 at 19:36
I suggest you use http://validator.w3.org/ to validate your html and then firebug (or any alternative) to check what's being posted. – tigrang Jun 07 '12 at 19:46
I left the if statement out, that way it will show an error when the array is empty even if it should be not – Aki K Jun 07 '12 at 19:47

score 1 · Accepted Answer · answered Jun 07 '12 at 19:05

1

Every time you use foreach nest it in an if:

if (count($_POST["authors"])) {
    foreach ($_POST["authors"] as $author)  {
       ...
    }
}

so if you have 0 element in the array, or it's not an array (string, null, anything else) you won't enter the if, and won't get the error on foreach's wrong parameter

answered Jun 07 '12 at 19:05

Gavriel

18,880
12
68
105

the if just checks for empty array, my problem is that even if I select the authors I want it is still an empty array – Aki K Jun 07 '12 at 19:37
@SilliconTouch, what does var_dump($_POST["authors"]) display when you have 2 elements selected and posted? – Gavriel Jun 07 '12 at 19:41
it displays this: `array(2) { [0]=> string(3) "10 " [1]=> string(2) "1 " }` – Aki K Jun 07 '12 at 19:46
Jesus! I found it, the extra space after each identity was making it to not work – Aki K Jun 07 '12 at 19:52
strange. and there was the error in line 63 also when you had things selected??? BTW you have spaces after the numbers: "10 ", "1 ", that might cause you another problem later, so fix it as well – Gavriel Jun 07 '12 at 19:52
you see! that's why we use var_dump :) – Gavriel Jun 07 '12 at 19:53
Thank you very much for your help. So to get this straight, why would a simple space just make everything not work? Do you have any ideas? – Aki K Jun 07 '12 at 19:57
you try to use it in this SQL: VALUES('$isbn','$author'), so you try to insert "10 " to a column that's possibly integer, and "10 " is a string – Gavriel Jun 07 '12 at 20:02

score 0 · Answer 3 · answered Jun 07 '12 at 19:06

0

It's throwing the notice and error because $_POST["authors"] isn't defined or there are no authors.

Simply use if(isset($_POST["authors"])) { to make sure data has been submitted.

answered Jun 07 '12 at 19:06

Steve

632
4
16

score 0 · Answer 4 · answered Jun 07 '12 at 19:14

change this:

foreach ($_POST["authors"] as $author) 
{

to this:

foreach ((array)$_POST["authors"] as $author) 
{

to make it empty-safe. Also i cannot see from where the "authors" are sent to addBook.php to make a suggestion..

Errors with foreach and array

4 Answers4