5

What I trying to do is loop through a text input where the user enters tags for a blog post. I want to add each tag to the database if it doesn't already exist.

The actual query string below works when I test in in the database.

However I think that my loop syntax is maybe not quite right cos I am getting nothing added to the DB.

Can anyone spot an error in my loop causing my 'add to database' fail?

Thanks in advance for your help!

foreach ($_POST['__tags'] as $key=>$ls_value) {

        $value = strtolower(mysql_real_escape_string($ls_value));

        mysql_query("INSERT INTO `table` (`field`)
                SELECT * FROM (SELECT '$value') as tmp
                WHERE NOT EXISTS (
                        SELECT `field` FROM `table` WHERE `field` = '$value')
                LIMIT 1") or trigger_error(mysql_error(), E_USER_ERROR);            

    }
Becs Carter
  • 1,250
  • 1
  • 12
  • 27
  • 4
    What does echoing or using print_r on $_POST['__tags'] return? Is it returning anything to begin with? – Jay Huang Mar 19 '13 at 04:33
  • 1
    Your code is vulnerable to sql injection. Also mysql_* functions are deprecated and should no longer be used if at all possible. http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – Cfreak Mar 19 '13 at 04:38

3 Answers3

1

try using the following code:

if(is_array($_POST['__tags']))
{
    foreach ($_POST['__tags'] as $key=>$ls_value) {

        $value = strtolower(mysql_real_escape_string($ls_value));

        mysql_query("INSERT INTO table (field)
            SELECT * FROM (SELECT '".$value."') as tmp
            WHERE NOT EXISTS (SELECT field FROM table WHERE field = '".$value."') LIMIT 1") or trigger_error(mysql_error(), E_USER_ERROR);            

    }
}

Please using proper PDO or prepared statement and mysql_query is deprecated, instead use mysqli functions

Kumar Saurabh Sinha
  • 880
  • 8
  • 23
0

Just Try With The Following :

PHP Part :

<?php 

$tags = $_POST['tags'];

foreach ($tags as $tag){
$value = strtolower(mysql_real_escape_string($tag));
$sel_tag = mysql_query("select * from `table` where `field`='$value'")or die(mysql_error());
$num_rows = mysql_num_rows($sel_tag);
if($num_rows > 0){
echo "Tag Already Exists";
}
else {
$ins_tag = mysql_query("insert into `table` (`field`) values ('$value');")or die(mysql_error());
echo "Tag Successfully Inserted";
}
}

?>

HTML Part :

<form action="" name="tags" method="post">
<p>Please select the tags names : </p>
<p>
<input type="checkbox" name="tags[]" value="tag1"> Tag1
<input type="checkbox" name="tags[]" value="tag2"> Tag2
<input type="checkbox" name="tags[]" value="tag3"> Tag3
</p>
<p><input type="submit" name="tag_submit" value="Submit"></p>
</form>

I think this may help you to resolve your problem.

John Peter
  • 2,870
  • 3
  • 27
  • 46
0

I have given you hint to take the array value and keys form name should be equal to the database filed check this

post.php

 <?php  
        $keys=array();
        $values=array();    
        foreach ($_POST as $key=>$ls_value) {
            $keys[]=$key;
            $values[]="'".mysql_real_escape_string($ls_value)."'";      
        }
        echo $fileds=implode(",", $keys);
        echo $values=implode(",", $values);
  ?>

form.html 

<form action="post.php" method="post">
  <input type="text" value="123" name="number"/>
  <input type="text" value="firstname" name="name"/>
  <input type="submit" value="submit"/>
</form>
Thirumalai murugan
  • 5,698
  • 8
  • 32
  • 54