0

I have a textarea that is populated with values. On submit button, I'm saving the value of textarea in a table in separate rows using this code:

echo "<center><textarea name='resulta' id='result' style='height:200px; width:350px' readonly=readonly></textarea></center>";
echo "<form><center><input type=submit name=subs value='Submit'></center></form>";
$val=$_POST['resulta'];

    if (isset($_POST['subs']))
    {

        $lines = explode("\n", $val);

    foreach ($lines as $line) 
    {
        mysql_query("insert into postflight (sample_lang) values ('$line')") or die(mysql_error());

    }

If I have inputted the following in the textarea:

Tokyo - London -> 10:00:00
London - Tokyo -> 11:00:00

The postflight table will have these data respectively,

sfno  || bltime   || sample_lang
00001 || 00:00:00 || Tokyo - London -> 10:00:00
00002 || 00:00:00 || London - Tokyo -> 11:00:00

But, what I want to do is, add to sample_lang column 'Tokyo - London' then add to bltime column '10:00:00'. The data in the postflight should look like this:

sfno  || bltime   || sample_lang
00001 || 10:00:00 || Tokyo - London
00002 || 11:00:00 || London - Tokyo

I have tried several MySQL string functions like explode, locate, trim but can't get it to properly work. I'm not that familiar with MySQL string functions so I'm having a hard time getting this to work. Any ideas on how to do this will be appreciated. Thanks a lot!

EDIT: I'm not limiting the possible solutions to MySQL string functions only. Of course I'm open to PHP solutions as well. I just stated what I've done so far to get this work. Thanks.

xjshiya
  • 915
  • 7
  • 16
  • 44
  • 1
    **Your code is vulnerable to SQL injection.** You *really* should be using [prepared statements](http://stackoverflow.com/a/60496/623041), into which you pass your variables as parameters that do not get evaluated for SQL. If you don't know what I'm talking about, or how to fix it, read the story of [Bobby Tables](http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain). – eggyal Sep 04 '12 at 05:12
  • Also, as stated in [the introduction](http://www.php.net/manual/en/intro.mysql.php) to the PHP manual chapter on the `mysql_*` functions: *This extension is not recommended for writing new code. Instead, either the [mysqli](http://www.php.net/manual/en/book.mysqli.php) or [PDO_MySQL](http://www.php.net/manual/en/ref.pdo-mysql.php) extension should be used. See also the [MySQL API Overview](http://www.php.net/manual/en/mysqlinfo.api.choosing.php) for further help while choosing a MySQL API.* – eggyal Sep 04 '12 at 05:12
  • Why input in a ` – eggyal Sep 04 '12 at 05:13
  • @eggyal, a javascript code is binded in the textarea so I can't use any other container other than that. I'm also using PHP into this code (see, explode function on top). I'm not limiting myself to MySQL functions only. I'm open to PHP ideas. – xjshiya Sep 04 '12 at 05:15
  • @eggyal, I'm very aware of that. This is not my final code. I'm just testing the functions if it'll work. Please focus on the main problem first. – xjshiya Sep 04 '12 at 05:17

2 Answers2

2

While this is technically possible to do purely in MySQL, what makes you think it's your only option?

It's really far easier to do string parsing in PHP.

foreach ($lines as $line) 
{
    $fields = explode('->', $line);
    $sample_lang = trim($fields[0]);
    $bltime = trim($fields[1]);
    mysql_query("insert into postflight (bltime, sample_lang) values ('".mysql_escape_string($bltime)."','".mysql_escape_string($sample_lang)."' )") or die(mysql_error());

}
Gavin Towey
  • 3,132
  • 15
  • 11
0

You have to use some logic in ur code , split the String (text iput in textarea) into two values ( One that should be inserted in sample_lang column and One in bltime) then insert these values in these columns seperately.

Just_another_developer
  • 5,737
  • 12
  • 50
  • 83