PHP Arrays from HTML Forms to UPDATE MySQL

Question

I've got a page showing the contents of my DB in form inputboxes like this:

<?php 

while($row = mysql_fetch_array($result))
            {

$namn = $row['namn'];
$mandag = $row['mandag'];
$tisdag = $row['tisdag'];
$onsdag = $row['onsdag'];
$torsdag = $row['torsdag'];
$fredag = $row['fredag'];
?>

<td width="100"></td>
<td><?=$namn?><input name="namn[]" type="hidden" value="<?=$namn?>"></td>
</tr>
<tr>
<td width="100">Mandag</td>
<td><input name="mandag[]" type="text" value="<?=$mandag?>"></td>
</tr>
<tr>
<td width="100">Tisdag</td>
<td><input name="tisdag[]" type="text" value="<?=$tisdag?>"></td>
</tr>
<tr>
<td width="100">Onsdag</td>
<td><input name="onsdag[]" type="text" value="<?=$onsdag?>"></td>
</tr>
<tr>
<td width="100">Torsdag</td>
<td><input name="torsdag[]" type="text" value="<?=$torsdag?>"></td>
</tr>
<tr>
<td width="100">Fredag</td>
<td><input name="fredag[]" type="text" value="<?=$fredag?>"></td>
</tr>
<?php } ?>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>

After this I've added code to able to update the different DB entries by changing the content of the inputboxes and pressing the submit button:

<?php

if(isset($_POST['update']))
{

$namnValue = $_POST['namn'];
$mandagValue = $_POST['mandag'];
$tisdagValue = $_POST['tisdag'];
$onsdagValue = $_POST['onsdag'];
$torsdagValue = $_POST['torsdag'];
$fredagValue = $_POST['fredag'];
print_r($mandagValue);

$sql = "UPDATE anstalld SET mandag = '$mandagValue', tisdag = '$tisdagValue', onsdag = '$onsdagValue', torsdag = '$torsdagValue', fredag = '$fredagValue' WHERE namn = '$namnValue'";
echo $sql;

$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";

}

mysql_close($conn);

?>

The DB is being updated, however, the problem is that all my

$namnValue = $_POST['namn'];
$mandagValue = $_POST['mandag'];
$tisdagValue = $_POST['tisdag'];
$onsdagValue = $_POST['onsdag'];
$torsdagValue = $_POST['torsdag'];
$fredagValue = $_POST['fredag'];

are returning the result "Array", an not the actual Values from the inputboxes. Therefore my SQL UPDATE ends up being

"UPDATE anstalld SET mandag = 'Array', tisdag = 'Array', onsdag = 'Array', torsdag = 'Array', fredag = 'Array' WHERE namn = 'Array'"

I'll appreciate any help I can get on this, thanks.

You should use PDO or MySQLi with prepared statements instead of the mysql_ functions, they've been deprecated — , Sep 25 '13 at 13:00
**By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. — Andy Lester, Sep 25 '13 at 13:27

score 1 · Answer 1 · answered Sep 25 '13 at 12:53

1

You need to delete [] on our input names:

<td><input name="onsdag" type="text" value="<?=$onsdag?>"></td>

instead of

<td><input name="onsdag[]" type="text" value="<?=$onsdag?>"></td>
                       ^^

Otherwise they are considered as arrays.

answered Sep 25 '13 at 12:53

fedorqui

275,237
103
548
598

Thank you for this. However, I'm now able to update the values of my last DB entry, and not the first and the second one. – user2052849 Sep 25 '13 at 13:05
@user2052849 did you replace `[]` in all the names? – fedorqui Sep 25 '13 at 13:07
Yes I did. Since removing them only one SQL UPDATE is being sent, hence only my last Entry is being updated. This was the whole reason why I opted for using Arrays in the first place. To be able to update all of the entries. – user2052849 Sep 25 '13 at 13:18
I am afraid I cannot understand what's the problem. Please try to improve the explanations. – fedorqui Sep 25 '13 at 13:48

score 1 · Answer 2 · answered Sep 25 '13 at 12:57

Because of the name of your input fields

<input name="onsdag[]" type="text" value="<?=$onsdag?>">

you are sending arrays and not single values.

Change the names as the previous answer suggests

<input name="onsdag" type="text" value="<?=$onsdag?>">

or access them as arrays

$namnValue = $_POST['namn'][0];
$mandagValue = $_POST['mandag'][0];
...

PHP Arrays from HTML Forms to UPDATE MySQL

2 Answers2