0

Another quick question....I'm trying to use a foreach statement to get user form inputs inserted into my database and I'm getting some weird results. The foreach loop appears to be parsing out the selections from the dropdown menus and inserting one letter at a time row by row into the database table. However, it is not parsing the text the user enters into the text boxes. So theoretically the script would append the form data into the table so it would look like this

Folder Name || Office Code || username || day || month || year || creator || Office Chief || Status || File Series || classification || Media Folder 1 XATC smithbw 11 Nov 2014 Bob Row Lee Hall Draft 100-01 Data Top Secret CD/DVD

Instead it's placing the first letter of each user input into the cell of the table. Only the Folder Name entry is being fully and properly inserted into the table cell.

So I guess I have a couple of questions. In my index.php file do I need to put [] by each of the variable names? Right now I only have it for the checkbox and file name variables. Then in my php script that actually inserts the data I'm fairly certain my foreach statement is screwed up. BX_NAME/Folder Name will be the unique identifiers for each line the user enters. Any pointers are welcome and thanks in advance!

index.php

<?php
session_start();
if(!isset($_SESSION['myusername'])) {
header('Location:index.php);
}

echo $_SESSION['myusername'];
echo '<a href="logout.php"><span>Logout</span></a></li>';

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>Records Management File Plan Application</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
        <link rel="stylesheet" type="text/css" href="css/default.css"/>
        <script type="text/javascript" src="js/script.js"></script> 
    </head>
    <body>    
        <form action="InsertFileDetailArraytoDB.php" class="register" method="POST">
            <h1>Office File Plan Application/h1>
            <fieldset class="row1">
                <legend>Office Information</legend>
                <p>
                    <label>Office Code * 
                    </label>
                    <input name="bus" type="text" required="required"/>
                    <label>Date of journey  (2013)*
                    </label>
                    <select class="date" name="day">
                        <option value="1">01
                        </option>
                        <option value="2">02
                        </option>
                        <option value="3">03
                        </option>
                        <option value="4">04
                        </option>
                        <option value="5">05
                        </option>
                        <option value="6">06
                        </option>
                        <option value="7">07
                        </option>
                        <option value="8">08
                        </option>
                        <option value="9">09
                        </option>
                        <option value="10">10
                        </option>
                        <option value="11">11
                        </option>
                        <option value="12">12
                        </option>
                        <option value="13">13
                        </option>
                        <option value="14">14
                        </option>
                        <option value="15">15
                        </option>
                        <option value="16">16
                        </option>
                        <option value="17">17
                        </option>
                        <option value="18">18
                        </option>
                        <option value="19">19
                        </option>
                        <option value="20">20
                        </option>
                        <option value="21">21
                        </option>
                        <option value="22">22
                        </option>
                        <option value="23">23
                        </option>
                        <option value="24">24
                        </option>
                        <option value="25">25
                        </option>
                        <option value="26">26
                        </option>
                        <option value="27">27
                        </option>
                        <option value="28">28
                        </option>
                        <option value="29">29
                        </option>
                        <option value="30">30
                        </option>
                        <option value="31">31
                        </option>
                    </select>
                    <select name="month">
                        <option value="1">January
                        </option>
                        <option value="2">February
                        </option>
                        <option value="3">March
                        </option>
                        <option value="4">April
                        </option>
                        <option value="5">May
                        </option>
                        <option value="6">June
                        </option>
                        <option value="7">July
                        </option>
                        <option value="8">August
                        </option>
                        <option value="9">September
                        </option>
                        <option value="10">October
                        </option>
                        <option value="11">November
                        </option>
                        <option value="12">December
                        </option>
                    </select>                   

                    <select name="year">
                        <option value="2013">2013
                        </option>
                        <option value="2014">2014
                        </option>
                        <option value="2015">2015
                        </option>
                        <option value="2016">2016
                        </option>                       
                    </select>

                </p>
                <p>
                    <label>Office Chief*
                    </label>
                    <input name="officechief" required="required" type="text"/>
                    <label>Status *
                    </label>
                    <input name="status" required="required" type="text"/>
                    <label>Via (Root) *
                    </label>
                    <select name="root">
                        <option value="Draft">Draft
                        </option>
                        <option value="Submitted">Submitted
                        </option>
                        <option value="Approved">Approved
                        </option>
                    </select>
                </p>
                <p>
                    <label>Creator *
                    </label>
                    <input name="mob" required="required" type="text"/>
                </p>
                <div class="clear"></div>
            </fieldset>
                <fieldset class="row2">
                <legend>Folder Details</legend>
                <p> 
                    <input type="button" value="Add Folder" onClick="addRow('dataTable')" /> 
                    <input type="button" value="Remove Folder" onClick="deleteRow('dataTable')"     /> 
                    <p>(All actions apply only to entries with check marked check boxes.)</p>
                </p>
            <table id="dataTable" class="form" border="1">
                <tbody>
                    <tr>
                    <p>
                        <td><input type="checkbox" required="required" name="chk[]"     checked="checked" /></td>
                        <td>
                            <label>Folder Name</label>
                            <input type="text" required="required" name="BX_NAME[]">
                        </td>
                        <td>
                            <label for="BX_fileseries">File Series</label>
                            <select id="BX_fileseries required="required"   name="BX_fileseries[]">
                            <option>100-01-Inspection and Survey/PII-NO</option>
                            <option>200-02-Credit Card Purchases/PII-NO</option>
                            <option>300-07-Time and Attendance/PII-YES</option>                         
                        </td>
                        <td>
                            <label for="BX_classification">Classification</label>
                            <select id="BX_classification" name="BX_classification"         required="required">
                                <option>Unclassified</option>
                                <option>Confidential</option>
                                <option>Secret</option>
                                <option>Top Secret</option>
                                <option>Ridiculous Top Secret</option>
                                <option>Ludicrous Top Secret</option>
                            </select>
                        </td>
                        <td>
                            <label for="BX_media">Media</label>
                            <select id="BX_media" name="BX_media" required="required">
                                <option>Paper</option>
                                <option>Shared Drive</option>
                                <option>Film</option>
                                <option>Floppy Disk</option>
                                <option>Mixed</option>
                                <option>Other</option>
                            </select>
                        </td>
                            </p>
                        </tr>
                        </tbody>
                    </table>
                    <div class="clear"></div>
                </fieldset>

            <input class="submit" type="submit" value="File Plan Complete &raquo;" />


            <div class="clear"></div>
            </form>

        </body>

</html>

And InsertFileDetailArrayToDB.php

/*
When the user has finished entering their folders, reviewed the form inputs for accuracy and clicks the submit button,  this will loop through all folder entries and using 

the SQL insert into query will place them in the database.  When it completes data insertion it will redirect the user  back to the file detail input form*/

<?php

/*this part requires the user to be logged in and allows their user name to be included in the insert into query.
If you remove the "ob_start();" piece it will screw up the header statement down at the botton.  
See the comments by the header statement for an explanation of its purpose*/

ob_start();
session_start();
if(!isset($_SESSION['myusername'])) {
header('Location:index.php')


}

/*these two lines would ordinarily display the user name and a link a
allowing the user to log out. However this php script does not output anything 
so the user will never see it.*/
echo $_SESSION['myusername'];
echo '<a href="logout.php"><span>Logout</span></a></li>';

?>

<?php

/*this include statement connects this script to the MySQL database
so the user form inputs can be inserted into the file_plan_details
table*/

include ('database_connect.php');

foreach($_POST['BX_NAME'] as $row=>$BX_NAME)

{
    $BX_NAME1 = mysql_real_escape_string($_POST['BX_NAME');
    $officecode1 = mysql_real_escape_string($_POST['officecode'][$row]);
    $username1 = mysql_real_escape_string($_SESSION['myusername'][$row]);
    $day1 = mysql_real_escape_string($_POST['day'][$row]);
    $month1 = mysql_real_escape_string($_POST['month'][$row]);
    $year1 = mysql_real_escape_string($_POST['year'][$row]);
    $creator1 = mysql_real_escape_string($_POST['creator'][$row]);
    $officechief1 = mysql_real_escape_string($_POST['officechief'][$row]);
    $status1 = mysql_real_escape_string($_POST['status'][$row]);
    $BX_fileseries1 = mysql_real_escape_string($_POST['BX_fileseries'][$row]);
    $BX_classification1 = mysql_real_escape_string($_POST['BX_classification'][$row]);
    $BX_media1 = mysql_real_escape_string($_POST['BX_media'][$row]);

    $fileplandetailinsert1 = "INSERT INTO file_plan_details (folder_name, office_code, user_name, day, month,   year, creator, office_chief, status, file_series, classification, media) 
                VALUES 

    ('$BX_NAME1','$officecode1','$username1','$day1','$month1','$year1','$creator1','$officechief1','$status1','$BX_fileseries1','  $BX_classification','$BX_media1')";


    msyql_query($fileplandetailinsert1);

}

/*this header statement redirects the user back to the folder detail input form afterit inserts data into the db
After I build a main navigation page, I will switch out index.php with whatever I name
the script that will produce the main navigation page*/

header('Location:index.php');

?>
Arioch9000
  • 17
  • 3
  • 4
    Reduce that code to a minimum reproducible issue and edit this question or ask new one. – Tomasz Kowalczyk Nov 24 '14 at 19:53
  • This question is far from quick – sjagr Nov 24 '14 at 19:54
  • Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). You will also want to [Prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 24 '14 at 19:55
  • Since characters in strings can be accessed using zero-based offsets, that is exactly what your script is doing for example: $_POST['BX_media'][$row] will return the first character from the value of $_POST['BX_media'] (when $row=0). Is this form dynamically generated? – ymas Nov 24 '14 at 20:18
  • ymas: there is a dynamic capability such that the user can add or delete rows as needed. The user needs this flexibility as the number of folders entered will vary from office to office. There are 2 scripts in a .js file that deliver the add row/delete row capability. I can add them if you need to see them. Do you have any suggestions as to how the code should look so it will insert the entire word not just the first letter of each word? Thanks for your help! – Arioch9000 Nov 25 '14 at 15:54
  • Jay Blanchard: My organization is using an older version of PHP so I can get away with using depreciated functions for now. Also, what I'm building is on a closed network so I'm not overly concerned with sql injection at this point. I will be adding more security functions once I get the functionality I want. But appreciate the reminder nonetheless. :) – Arioch9000 Nov 25 '14 at 15:57

1 Answers1

0

This is a comment: i want the formatting:

Your code is incorrect, try this before your HTML of: <!DOCTYPE html:

<?php

session_start();
if(!isset($_SESSION['myusername'])) {
    header('Location:index.php');
}

echo $_SESSION['myusername'];
echo '<a href="logout.php"><span>Logout</span></a></li>';
?>
Ryan Vincent
  • 4,483
  • 7
  • 22
  • 31