0

I keep getting the word "Array" in my database. I have checkboxes in my form and am having a hard time with it. I've tried different things, and this is the latest coding I have. What am I doing wrong?

In my form, the checkboxes have the name "cats[]".

I don't know if the first part matters (I saw that online and tried using it with the rest just in case)

if(count($cats) > 0)
{
 $str = implode(",", $cats);
}

And then the actual code

$cats = array();

    // Not good?
    //if(isset($_POST['submit']))
    if($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if(isset($_POST['cats']))
        {
            $cats = $_POST['cats'];
        }
        $categories= $_POST['categories'];

        // This saves it aa a string, as you can only save those values as string.
        $str = $categories . ": " . implode(", ", $cats);
        var_dump ($str);
    }

And this for the database

$sql="INSERT INTO form_corpo_test (compagnie)
VALUES
('$_POST[cats]')";

EDIT:

This is the correct code (thank you guys for the help! I wish I could have marked two of your answers as the "best answer"). Hopefully this helped others (err, although they'll need to look into sql injections too of course).

$cats = array();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if(isset($_POST['cats'])) {
$cats = implode(",", $_POST['cats'] );
}
$categories= $_POST['categories'];
$str = $categories . ": " . $cats;
}

And

    $sql="INSERT INTO form_corpo_test (categories)
    VALUES
    ('$str')";
M.Sidim
  • 303
  • 3
  • 4
  • 15
  • 2
    You are trying to store an array in to the database. you need to either convert it to a string or serialize the array before storing it – Anigel Jul 29 '13 at 16:31
  • 1
    Looks like you should be inserting `$str`, not `$_POST['cats']` – Chris Rockwell Jul 29 '13 at 16:31
  • `$_POST[cats]` is an array. Don't want to insert `$str`? – gen_Eric Jul 29 '13 at 16:31
  • 3
    Aside from the question, read up on [SQL injection](http://en.wikipedia.org/wiki/SQL_injection)... – Izkata Jul 29 '13 at 16:31
  • 2
    You are also directly writing a `$_POST` field to your database, by the looks of it. That's *very* insecure. – dimo414 Jul 29 '13 at 16:31
  • you made a "lot" of verification on your $_POST['cats'] storing the processed values inside a variable `$str` which is almost good (read the injection part). Why not using $str? any particular reason? – TecHunter Jul 29 '13 at 16:38
  • Thank you for both the sql injection. I am currently not there... now I am after seeing my problem is fixed :D I started reading upon it, but haven't gotten there just quite yet. As for the $str part, I had no idea you had to do that for checkboxes. Now I know :) – M.Sidim Jul 29 '13 at 16:55

5 Answers5

2

If $cats is an empty array, its still an array. This is probably the case.

So you are inserting an empty array concatted to a string in your database. When you cast an array to a string the sting will contain the word Array.

Example:

$var = new Array();
echo $var;

Outputs: Array

As commented by others: You probably intended to insert $str, not $_POST['cats']

Damien Overeem
  • 4,487
  • 4
  • 36
  • 55
2

This should produce a comma seperated list of all the cats entered by the user, to add to the category. As its called categories, does that mean it is also an array??

if($_SERVER['REQUEST_METHOD'] == 'POST') {
    if(isset($_POST['cats'])) {
        $cats = implode(",", $_POST['cats'] );
    }
    $categories= $_POST['categories'];

    $str = $categories . ": " . $cats;
    echo $str;
}
gen_Eric
  • 223,194
  • 41
  • 299
  • 337
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
  • Awesome, that was what messed me up lol. Thank you for correcting it :D That definitely is one of the things that helped me. Along with the '$str' from a few others :D – M.Sidim Jul 29 '13 at 17:05
0

use this coding for you database

$sql="INSERT INTO form_corpo_test (compagnie)
VALUES
('$str')";
Meeran
  • 77
  • 2
  • That won't work (not in my case). What works is '$str'. Thanks for posting though :) It helped a lot! – M.Sidim Jul 29 '13 at 16:59
  • This introduces a SQL injection attack bug, and should not be a recommended way to insert data into a database. – CanSpice Jul 29 '13 at 17:27
  • yes it $str variable should sanitize before inserting using mysql_real_escape_string function – Meeran Jul 29 '13 at 18:00
0

Your idea of storing categories in database is wrong.

Never store comma-separated values in a database column, but create another table to store categories linked to posts. This is how databases work.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • Please do explain (no sarcasm). I'm not much the database/php type just yet. Any resources where I could still look that up? Also, why is it wrong? (no sarcasm). – M.Sidim Jul 29 '13 at 16:58
  • 1
    *why is it wrong?* [It is difficult to query, is error prone and inefficient](http://stackoverflow.com/questions/3653462/is-storing-a-delimited-list-in-a-database-column-really-that-bad). To illustrate the difficulty aspect, say you needed to query the table to find records which contained *all* of these categories (`A`, `C`, `F`) - how would you do it in SQL? – Leigh Jul 29 '13 at 19:46
-1

A couple different things:

If you are trying to insert the concatenated string, $str:

You are inserting $_POST['cats'] into your DB, where you should be inserting $str - the string you are building.

If you are trying to insert each $cat:

You will need multiple database queries. Try:

    foreach($cats as $category){
        $sql="INSERT INTO form_corpo_test (compagnie)
              VALUES
              (?)";
        //execute query in a prepared statement here
    }
Justin Smith
  • 46
  • 6
  • Thanks for the post, it is much appreciated! However, that did not work. However, there was something who had another solution which worked :) – M.Sidim Jul 29 '13 at 17:00
  • This introduces a SQL injection attack bug, and should not be a recommended way to insert data into a database. – CanSpice Jul 29 '13 at 17:28
  • It does. I should have caught that, my apologies. I edited my post, although now it is a bit ambiguous. – Justin Smith Jul 29 '13 at 20:49