add multiple items to a database in one form

Question

I've got an internal site I'm developing for work. I'm by no means a web developer but know enough to get some basic functionality done. I've got a form working fine for inserting data. I'm trying to figure out this one last piece, though.

The page is designed to add jobs to our site. Each position has assigned responsibilities. The easiest way to make this work (in my brain) is to create a table for responsibilities that has a responsibilityID, PositionID, and then the responsibility. I want a way to kind of bulk add these responsibilities when completing the form for the new position. Something similar to how you add new fields when using the MySQL workbench - where you can just click on the next row and it'll add that field. That would work great.

I'm not sure what to even search for to accomplish this other than adding multiple items - which hasn't turned up what I'm looking for.

Thanks in advance!

score 2 · Answer 1 · edited May 23 '17 at 12:08

2

Most times people here like to see what you've tried.

This question was asked here.

example MySQL statement:

INSERT INTO tbl_name (a,b,c) VALUES(1,2,3),(4,5,6),(7,8,9);

You can replace the values with PHP variables if needed. Just make sure if they are strings, they are in 'quotes'.

edited May 23 '17 at 12:08

Community

1
1

answered Mar 05 '14 at 19:24

13ruce1337

753
1
6
13

This is probably the easiest solution, no need for PDO/ORM if you want to get it done asap. One note of caution (to consider): Update handling and/or duplicates can cause friction. There are MySql [et al] methods for these issues. In MySQL ```insert ignore``` and ```insert on duplicate key``` syntax are key. When batching and a duplicate key error is thrown you stand a risk of loosing all values for that bulk action. Good luck. – Marc Mar 05 '14 at 19:38
I usually have something that I've tried but I wasn't even sure where to start with this one. So, can I make that loop or something so that it can just be an "unlimited" number of values? – JeremyThePHPNoob Mar 05 '14 at 21:54
Unless you have a very good reason for manually settign the PK I would advise letting the table handle it with Auto Increment. – Tyson of the Northwest Mar 05 '14 at 22:20

Tyson of the Northwest · Answer 2 · 2014-03-05T22:17:19.230

If you have a form that allows you to submit multiple responsibilities simultaneously then I would use PDO. Remember PDO is your friend, and always sanitize your inputs before inserting them. Here is them most basic version, You probably want to replace the inputs with dropdowns or texteareas.

table

responsibilityID|PositionID|responsibility

The responsibilityID should be PK and auto-increment

html

<form>
  <div>
    <h1>job</h1>
    <label>PositionID</label><input name='jobs[][positionID]' />
    <label>responsability</label><input name='jobs[][responsibility]' />
  </div>
  <div>
    <h1>job</h1>
    <label>PositionID</label><input name='jobs[][positionID]' />
    <label>responsability</label><input name='jobs[][responsibility]' />
  </div>
  <div>
    <h1>job</h1>
    <label>PositionID</label><input name='jobs[][positionID]' />
    <label>responsability</label><input name='jobs[][responsibility]' />
  </div>
  <div>
    <h1>job</h1>
    <label>PositionID</label><input name='jobs[][positionID]' />
    <label>responsability</label><input name='jobs[][responsibility]' />
  </div>
  <input type='submit' />
</form>

Basic

Create an insert statement then loop through your jobs binding each value to the statement and executing them.

$insert_sql = "INSERT INTO responsibilities (`PositionID`, `responsibility`) VALUES (:PositionID, :responsibility);";
$stmt = PDO::Prepare($insert_sql)
foreach ($jobs as $job){
  //add some input testing before you execute to make sure you are not inserting bad values
  $stmt->bindValue(":positionID", $job['positionID'], PDO::PARAM_INT);
  $stmt->bindValue(":responsibility", $job['responsibility'], PDO::PARAM_STR);
  $stmt->execute();
}

The :fieldname in the query tells PDO what needs to be replaced with the bind functions, then the bindValue/bindParam functions tells what to insert where into the query and properly escapes the value so you can insert it. Older sql functions allowed for unescaped or improperly escaped values and you got the little bobby tables problem. PDO protects you from some of the worst injection attacks, but you should probably make sure that positionID points to a real position or that responsibility doesn't have weird java-script exploit code in it.

Fancy

Create an insert statement, bind params, then foreach loop through your responsibilities, checking/sanitizing the input (never trust form data) then executing the statement. Every time you loop the bound parameter will point at the new job.

$insert_sql = "INSERT INTO responsibilities (`PositionID`, `responsibility`) VALUES (:PositionID, :responsibility);";
$job = array('positionID'=>NULL, 'responsibility'->NULL);
$stmt = PDO::Prepare($insert_sql)
$stmt->bindParam(":positionID", $job['positionID'], PDO::PARAM_INT);
$stmt->bindParam(":responsibility", $job['responsibility'], PDO::PARAM_STR);
foreach ($jobs as $job){
  //add some input testing before you execute to make sure you are not inserting bad values
  $stmt->execute();
}

I really appreciate the feedback but you lost me after PDO ... I'm still new to programming/web development and that's beyond anything I've so far learned — JeremyThePHPNoob, Mar 05 '14 at 21:56
I would advise taking a long look at PDO and trying to familiarize yourself with it. PHP is depreciating many of the sql functions in objects because they are problematic(insecure/fragile). PDO and mysqli objects are where the language seems to be going. — Tyson of the Northwest, Mar 05 '14 at 22:01
Also, you can do the **Basic** version without PDO, just make sure to sanitize and properly escape your values before you include them in your insert query. — Tyson of the Northwest, Mar 05 '14 at 22:21
Doesn't this limit it to being able to add a finite number of data points? The positions have a range of the number of responsibilities. Is there some way to loop the inputs so that i can just keep adding them? — JeremyThePHPNoob, Mar 06 '14 at 15:26
You can put as many job divs on your form as you want and this will loop through each one until you run out of job inputs. It is completely open ended. Also, you probably want to include in the input sanitation dropping empty rows, otherwise if you have a page with 50 job divs but only fill out 1 div worth you will have 49 empty records. — Tyson of the Northwest, Mar 07 '14 at 17:07
Also, as the position ID field is non-unique you can have as many jobs be assigned to the same position as there are jobs. — Tyson of the Northwest, Mar 07 '14 at 17:09
This setup maxes out at 9,223,372,036,854,775,807 or 18,446,744,073,709,551,615 jobs depending on the responsabilityID field, as those are the limits of integer storage. — Tyson of the Northwest, Mar 07 '14 at 17:18

score 0 · Answer 3 · answered Mar 05 '14 at 19:24

0

with the inputs you want to have multi values, use the name attribute like responsibilities[], and then insert serialized data to the database

answered Mar 05 '14 at 19:24

NguyenNgocPhuong

402
6
9

Can you give me an example? I think I follow you but I want to make sure. – JeremyThePHPNoob Mar 05 '14 at 21:58

add multiple items to a database in one form

3 Answers3