"Registration-form" that creates multiple users

Question

I have a registration form (controlled by the admin), that generates a new user. In the form there is one <input> called "amount".

Right now it is possible to generate a new user, although I need a function that generates multiple users, depending on what number "amount" is filled in with. Do you know any similar function that I could use for this?

Admin.php:

<head>
  <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css">
  <script src="//code.jquery.com/jquery-1.10.2.js"></script>
  <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script>
  <title>Generera Licenser</title>
</head>

<?php
include('template.php');
if(isset($_POST['email']))

{
function genRandomString($length = 10) { 
    $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
    $string = '';
    for ($p = 0; $p < $length; $p++) {
        $string .= $characters[mt_rand(0, strlen($characters))];
    }

    return $string;
}
function antal(){

}
  $antal = antal();
  $role = '3'; //Detta gör att användaren som skapas får rollvärdet 3//*
  $password= genRandomString();
  $licenseID= genRandomString();

    $query = <<<END

    INSERT INTO user(email, company, courseID, antal, password, licenseID, role)

    VALUES('{$_POST['email']}','{$_POST['company']}','{$_POST['courseID']}', '$antal', '$password','$licenseID', '$role');
END;
    $mysqli->query($query);


echo 'Nya licenser har lagts till i databasen';

}
 $content = <<<END
 <div class="row">
         <div class="container">
         <div class="jumbotronadmin">
            <div class="jumbotron">

          <div class="container">

  <h2>Generera Licenser</h2>


            <form action="admin.php" action="sendback.php" method="post">
              <div class="form-group">
              <input type="text" class="form-control" aria-describedby="basic-addon1" name="company" placeholder="Företag" maxlength="40">
              </div>
              <div class="form-group">
              <input type="text" class="form-control" aria-describedby="basic-addon1" name="email" placeholder="Email" maxlength="40">
              </div>
              <div class="form-group">
              <input type="text" class="form-control" aria-describedby="basic-addon1" name="antal" placeholder="Antal licenser" maxlength="3">
              </div>
              <div class="form-group">
                <div class="checkbox">
                    <label>
                        <input type="checkbox" aria-describedby="basic-addon1" name="courseID">Webbutbildningen i Allmän brandskyddskunskap
                    </label>
                </div>

                 <div class="checkbox">
                    <label>
                        <input type="checkbox" aria-describedby="basic-addon1" name="role">Skapa en ny administrativ användare
                    </label>
                </div>
                </div>
              <input type="submit" class="btn btn-default" value="Generera">
              </form>
            </div><!-- Stänger jumbotronen --> 
            </div><!-- Stänger jumbotronadmin -->
         </div><!-- Stänger container --> 
      </div><!-- Stänger row --> 
END;
  echo $navigation_admin;
  echo $content;
  echo $header;
  ?>

Answer 1

You can loop over the query like below:

Suppose getting the count $amount = $_POST['amount'];

for($i=0; i<$amount; $i++){
    $query = <<<END

    INSERT INTO user(email, company, courseID, antal, password, licenseID, role)

    VALUES('{$_POST['email']}','{$_POST['company']}','{$_POST['courseID']}', '$antal', '$password','$licenseID', '$role');
END;
    $mysqli->query($query);
}

Your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe!