0

I have variable number of forms (name1,name2,name3...etc) and I need to put those data in corresponding colums (name1,name2, name3) so far I came with a this code: 

if(isset($_POST["nombreItem"]) && count($_POST['nombreItem'])>0) {

    foreach($_POST["ItemID"] as $value) {
    $query = "INSERT INTO `inventarioStat` SET `$_POST[ItemID]` = `$_POST[1]` ";

         mysql_query($query);
    }     

}

Whta Im doing wrong?

Iznogud
  • 73
  • 6
  • solution to my own questio: if(isset($_POST["cantidad"]) && count($_POST['cantidad'])>0) { foreach($_POST["cantidad"] as $key => $value) { $cantidad = $value; $value = $_POST["cantidad"][$key]; $idItem = $_POST['hiddenField'][$key]; $itemName = $_POST['hiddenName'][$key]; $query = "INSERT INTO `inventarioStat` SET `fecha` = $timestamp, `idItem` = $idItem, `nombreItem` = $itemName, `cantidad` = $value"; mysql_query($query); } } echo "
    ";     – Iznogud Jan 16 '14 at 17:07

2 Answers2

4

  1. You aren't connected to a database

  2. The correct INSERT syntax is: INSERT INTO table (column1, column2) VALUES ($val1, $val2)

  3. Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Use PDO or MySQLi - this article will help you decide which.

  4. Learn about prepared statements to prevent against SQL injection (your code is vulnerable to this)

Zoe
  • 27,060
  • 21
  • 118
  • 148
Kermit
  • 33,827
  • 13
  • 85
  • 121
  • Thanks for a quick answer. I have it connected to the database, just I havent pass the code here. How do I match the columns name with corresponding form? – Iznogud Jan 16 '14 at 14:56
  • 2
    @Iznogud I can't magically know what your table columns are named. I'm guessing you've already set up the table on the database side? – Kermit Jan 16 '14 at 15:00
  • Sure. I set up so the name of the colum match the id of the Item. – Iznogud Jan 16 '14 at 15:10
  • Okay, so the columns from your table go in the column list `(column1, column2)` and the values to put into the columns go after the `VALUES` – Kermit Jan 16 '14 at 15:21
  • But thats the thing, I dont have the fix number of the forms. Im trying to make so the no mater the number of the forms. – Iznogud Jan 16 '14 at 15:33
  • The correct database design would accept `NULL`, and you do this with prepared statements. If the value passed from the form is empty, a `NULL` will be used for that column – Kermit Jan 16 '14 at 15:37
0

Use PDO or mysqli to CRUD your tables.
Use sanitization of inputs received from users in order to avoid SQL INJECTION.
Use PHP sanitize filters in order to increase your databse security, paired with PDO.
Better normalize your tables, it's not a good practice to have many columns but just fill a few of them. A table with NULL fields as a common practice, indicates a mediocre database architecture and poor performance. Maybe it's a better idea to traverse your design and then query by CASE or GROUP_CONCAT in order to get a PIVOT or cross tabuled table.

Community
  • 1
  • 1
digitai
  • 1,870
  • 2
  • 20
  • 37