0

My idea is like an basket on a webshop.

I have a list of items filled into a form by php like:

<?php while($info=msqli_fetch_array($query)){  ?>
    <Input type="text" id="someid1" value="<?php echo $info['info']; ?>"> 
    <Input type="Checkbox" id="checkid1" value="1">
    <Input type="Checkbox" id="checkid2" value="2">
<?php } ?>

I want to use POST for submitting. on the next page for each line should be done this:

MYSQLI query 

INSERT into booking (text,variable1,variable2) 
  VALUES ('$_POST['someid1']','$_POST['checkid1']','$_POST['checkid2']';

Is there a solution for this?

Tomáš Zato
  • 50,171
  • 52
  • 268
  • 778
HKK
  • 237
  • 1
  • 3
  • 17
  • Prevent yourself from mysql-injection by using mysqli_* or PDO methods. Furthermore you should use the name attribute with array annotation. So you can loop over it after submit. – Tobias Golbs Jan 13 '14 at 19:23
  • @HKK You should use prepared statements. – jeroen Jan 13 '14 at 20:46

3 Answers3

3

You can setup named inputs with brackets to get the results as an array server-side. For example:

<input type="text" name="fruits[1]" value="apple" />
<input type="text" name="fruits[2]" value="orange" />

on server side:

<?php
print_r($_POST['fruits']);
?>

array(
  1 => 'apple',
  2 => 'orange',
)

That solves the question. But your code suggests something else that should really be addressed.

You're asking for SQL injection if you just dump $_POST variables into a query. Use PHP's PDO functionality and parameterize your input. Look at the 2nd example in the answer at PHP PDO prepared statements for more info.

Community
  • 1
  • 1
Charlie Schliesser
  • 7,851
  • 4
  • 46
  • 76
  • The idea is to view a basket with articles, where you can edit the article-text and select from 3 checkboxes from wich warehouse the article should be shipped, and than insert the line in a table (SQL) – HKK Jan 13 '14 at 19:36
  • could you maybe Show how this code can be done in the normal php version, not the one with "=>" i dont get that version. – HKK Jan 13 '14 at 19:37
  • what do you mean by 'normal PHP version'? => is completely normal syntax for arrays – Andrew Brown Jan 13 '14 at 20:00
0

You could use a foreach but IMHO isn't a very secure thing what you want to do.

Gonz
  • 1,198
  • 12
  • 26
  • There's nothing wrong with using array annotation in form elements. I think not handling / sanitizing the data on the server would be the only concern. – Charlie Schliesser Jan 13 '14 at 19:25
  • I didn' say it was wrong, I use it. But I sanitize the data first before save it to the dddbb. Btw, I don't know why is the down vote. With a foreach it can be done what he asked for, but ain't gonna code it for him. – Gonz Jan 14 '14 at 14:13
-1

You should use arrays in your html, then you get the corresponding arrays in your $_POST array. Note that you need the name attribute:

<input name="someid[<?php echo $info['id']; ?>]" id="someid1" value="<?php echo $info['info']; ?>">
<input name="checkid[<?php echo $info['id']; ?>]" id="checkid1" value="1">
// etc.

Now $_POST['someid'], etc. will be arrays you can loop over.

Note that you need to use prepared statements to store the information in your database.

jeroen
  • 91,079
  • 21
  • 114
  • 132
  • @HKK `foreach ($_POST['someid'] as $key => $value)` where `$key` matches the `$info['id']` of the previous page. – jeroen Jan 13 '14 at 20:46