How to insert multiple values into database using php for loop

Question

i have one textbox and one dropdown box in each row.

now i want to enter some date in text box and select some value in dropdown.

when i click it should get saved into database.

How can i do this?

here is my code

php insert code: When i click submit this php code should

<?php
mysql_connect("localhost", "tiger", "tiger") or die(mysql_error());
mysql_select_db("theaterdb") or die(mysql_error());
$query = mysql_query("INSERT INTO movie (movie_name,language) VALUES('$_POST[Fname]','$_POST[language]') ") or die(mysql_error());
?>

drop down is generated dynamically

code:

function create(param) {
    'use strict';

    var i, target = document.getElementById('screens');
    target.innerHTML = '';

    for(i = 0; i < param; i += 1) {
       target.innerHTML +='</br>';
       target.innerHTML +='New Movie '+i+'  ';
       target.innerHTML += '<input type="text" name="Fname">';
       target.innerHTML +='  '+'Language '+'  ';
       target.innerHTML += "<?php 
        try {
            $dbh = new PDO('mysql:dbname=theaterdb;host=localhost','tiger','tiger');
        } catch (PDOException $e) {
            echo 'Connection failed: ' . $e->getMessage();
        }

        $sql = 'SELECT language FROM languages;';

        $sth = $dbh->prepare($sql);
        $sth->execute();

        echo "<select name='language' id='course'>";
        echo "<option>----Select Language----</option>"; 
        while($row = $sth->fetch(PDO::FETCH_ASSOC)) {
            echo "<option value='" . $row['language'] ."'>" . $row['language']. "</option>";
        }
        echo "</select>";
?>";
       target.innerHTML +='</br>';
       target.innerHTML +='</br>';
    }
}

the ui looks something like this...

enter image description here

You are very vulnerable to SQL injection the way you are doing things now! _Never_ put you're post values directly in your query! Escape them using mysql_real_escape_string or start using PDO or mysqli! — Bono, Aug 22 '13 at 11:21
@Bono, preferably not `mysql_really_escape_me_please_perhaps_string`, see [this issue](http://stackoverflow.com/q/5741187/372643). [PDO or prepared statements](http://stackoverflow.com/a/60496/372643) instead. — Bruno, Aug 22 '13 at 13:09
@Bruno No need to tell me, I'd go with PDO any day, but he might not. So the least he should do is escape. — Bono, Aug 22 '13 at 13:20

score 0 · Answer 1 · edited Aug 22 '13 at 11:42

Add name for text box and select box like this

name="text_box"+i and name="select_box"+i. "i"

is value from counter in loop, for example if you have 100 New Moview you will have name for each text box like this text_box1, text_box2. ..... text_box100. You should on submit remeber the numbers of "New MovieS" and that is "i" and in php code just loop for each element and save them. In first iteration you will have $_POST[Fname1] and $_POST[language1], etc..

score 0 · Answer 2 · edited Aug 22 '13 at 13:05

0

in HTML Form: Set textbox and dropdown element name as same algorithm ElementName+RowNumber; insert element for RowCount: <input type="hidden" name="RowCount" value="3">

in PHP: get values:

for($iRow=0;$iRow less $_POST['RowCount'];$iRow++) {
    mysql_query("INSERT INTO movie (movie_name,language) VALUES('".$_POST['Fname'.$iRow]."','".$_POST['language'.$iRow]."');
}

edited Aug 22 '13 at 13:05

Matt

1,073
1
8
14

answered Aug 22 '13 at 11:35

John

1
2

score 0 · Answer 3 · answered Aug 22 '13 at 11:55

0

Add a line in your js which makes the inputs to print something along the lines of target.innerHTML = '<input name="RowCount" value="' + param + '" hidden />' then in your PHP use:

for ($i=0; $i < $_POST["RowCount"]; $i++) {
     $query = sprintf("INSERT INTO movie ('movie_name', 'language') VALUES ('%s', '%s')",
         mysqli_real_escape_string($_POST["Fname"]), // Escaping values before inserting.
         mysqli_real_escape_string($_POST["language"]));
     mysqli_query($con, $query);
}

answered Aug 22 '13 at 11:55

Matt

1,073
1
8
14

You should avoid [mysqli_real_escape_string](http://stackoverflow.com/q/5741187/372643). – Bruno Aug 22 '13 at 13:11
I see, interesting read, although assuming testtestic8 is using UTF-8 as his charset in the DB (very likely), it's perfectly safe. Otherwise we just need a call to `mysqli_set_charset()` before escaping the values. – Matt Aug 22 '13 at 15:32

How to insert multiple values into database using php for loop

3 Answers3