0

I'm trying to process a large form and hit a bit of a stumbling block. I've tried google for the answer, but I'm not quite sure I'm wording what I need right. My code looks like this.

<?PHP

$exchange = $_POST['exchange'];
$estimate = $_POST['estimate'];
$wp = $_POST['wp'];
$label1 = $_POST['name3'];
$result1 = $_POST['fb1'];
$result2 = $_POST['fb2'];

$username = "-----";
$password = "-----";
$hostname = "-----";

$con = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
$selected = mysql_select_db("-----", $con) or die("Could not select examples");



$query = "UPDATE btsec SET Status='$result1', TM='result2' WHERE Exchange='$exchange' AND Estimate='$estimate' AND WP='$label1' AND SectionID='$label1'";

if (!mysql_query($query,$con))
    {
    die('Error: ' . mysql_error($con));
    }
}   

echo "Sections updated for WP's $wp on $estimate on the $exchange Exchange!";

mysql_close($con);

?>

What I need to do is loop through the query, but each time change the contents of the variable.

$label1 = $_POST['name3']; needs to become $label1 = $_POST['name6'];
$result1 = $_POST['fb1']; needs to become $result1 = $_POST['fb10'];
$result1 = $_POST['fb2']; needs to become $result1 = $_POST['fb11'];

As I say google isn't able to compensate for my bad wording.

Alireza Fallah
  • 4,609
  • 3
  • 31
  • 57
Des Hutch
  • 293
  • 1
  • 3
  • 13
  • 3
    Are there any rules for selecting these indexes or do you just pick them randomly? – Realitätsverlust Jan 21 '14 at 10:11
  • @YUNOWORK The form label name3 increases by 3 on each section of the form and fb1 increases by 9. It is uniform like that throughout – Des Hutch Jan 21 '14 at 10:14
  • 1
    You might find it easier to have the input fields work as an array: `name="name[3]"`, `name="name[6]"`, `name="fb[1]"`, `name="fb[10]"`, and so on -- then you can do `foreach ($_POST['name'] as $index => $name)`... – Michael Jan 21 '14 at 10:16
  • +1 It is easier to work with forms when the fields are organized into collections. – Flosculus Jan 21 '14 at 10:17
  • Maybe you can use [isset](http://www.php.net/manual/en/function.isset.php). Or in your form send a hidden value to control wich label/name is set; if the user sets the name3, set the hidden value to 3. – Lan Jan 21 '14 at 10:17
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jan 21 '14 at 10:18
  • @MichaelRushton I think I understand. I'll give this a go now. – Des Hutch Jan 21 '14 at 10:20

1 Answers1

0

The best solution would be to change the form inputs so that they work as arrays:

<input type="text" name="name[3]">
<input type="text" name="name[6]">
<input type="text" name="name[9]">


<input type="text" name="fb[1]">
<input type="text" name="fb[10]">
<input type="text" name="fb[19]">

Then when you submit the form you can iterate over the data:

foreach ($_POST['name'] as $index => $name)
{

}

foreach ($_POST['fb'] as $index => $fb)
{

}

As a side note, you also should look into using prepared statements, or at the very least escaping the data -- you're at risk of SQL injection.

Michael
  • 11,912
  • 6
  • 49
  • 64