how to push data from html grid to mysql?

Question

I am trying to push the data from this simple html grid into sql but I can't do it. in the beginning, I got the error that there was no index for the var impressions. I fixed that. when I use just the advertiser value I can push the data into mysql while with the second value, I can't succeed. can you explain me what I am doing wrong? Thanks in advance

<?php

    include_once 'con_ui.php';
    if(isset($_POST['btn-save']))
        {

     $advertiser = $_POST["advertiser"];
     $impressions = (isset($POST["impressions"])?
     $_POST["impressions"]:'');



            $sql_query = "INSERT INTO data(adv, imp) VALUES('$advertiser', '$impressions')";
     mysql_query($sql_query);

            // sql query for inserting data into database

    }
    ?>


     <html>
     <head>
     </head>
     <body>
     <form method="post">
     <table id="myTable" align='center' cellspacing=0 cellpadding=5 border=1> 

     <tr>
     <th>advertiser</th>
     <th>impressions</th>
     </tr>
     <td>

     <select name="advertiser" id="advertiser">
                <option value="">Select advertiser</option>
                <option value = "Brita ">Brita</option>
                <option value = "Sammontana">Sammontana</option>
        </select>

     </td>

    <td name= "impressions" id="impressions" >1000000</td>

     <td>
        <button type="submit" name="btn-save"><strong>SAVE</strong></button>
     </td>
    </form>
    </body>
    </html>

FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. — John Conde, Jun 14 '17 at 16:38
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Jun 14 '17 at 16:38
You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. — John Conde, Jun 14 '17 at 16:39

score 0 · Answer 1 · answered Jun 14 '17 at 18:22

0

There's a few things wrong here:

Firstly the $POST in

   $impressions = (isset($POST["impressions"])?$_POST["impressions"]:'');

Is missing an underscore and should be a $_POST

   $impressions = (isset($_POST["impressions"])?$_POST["impressions"]:'');

Secondly the browser won't recognize

<td name= "impressions" id="impressions" >1000000</td>

as a form field. If you want to pass on values that the user can't edit you have a few options. You can use a hidden field like:

<td><input type="hidden" name="impressions" id="impressions" value="1000000">1000000</td>

or you can use a text input and disable user input like

<td><input type="text" name="impressions" id="impressions" value="1000000" disabled></td>

answered Jun 14 '17 at 18:22

Jake

338
1
6

Hey thanks for your reply. Problem being is i need to have the user enter the date into the cell and and have and the content should be editable. in addition i'm having a button add row, to insert a new raw but doesn't work if use the form type as input. gonna post the full code as my own reply – Alessandro Longo Jun 14 '17 at 19:01
In that case, use the second field and take out the disabled attribute. If you want to insert rows manually you can actually set the input type to be an array. So name="advertiser[]" or name="impressions[]" then when you parse in the backend you can just do a foreach. (BTW I should mention that if only one row is submitted the browser will send it as text, not as an array, so you'll need to have your code check for both) https://johnrockefeller.net/html-input-forms-sending-in-an-array-in-php/ – Jake Jun 14 '17 at 19:20
thanks for your reply. if i go for the second option removing the disabled attribut, the cell is a form where the last value entered is not "stored" in the grid and i need that value to be displayed. additionaly the function associated to the add row button doens't work (could be my mistake. i am gonna recheck the code). thanks again and sorry if i am asking banal questions – Alessandro Longo Jun 14 '17 at 19:37
To populate the form, so you'll need to do a SQL query to get the data, then as your looping though the results populate the value attribute. Maybe something like this: http://www.phponwebsites.com/2014/04/php-mysql-display-results-in-html-table.html only with forms – Jake Jun 14 '17 at 20:49

score 0 · Answer 2 · answered Jun 14 '17 at 19:06

here you have the details of the code that i am using to achieve for adding the raws automatically, have the users entering data and keeping the code editable

Hey thanks for your reply. Problem being is i need to have the user enter the date into the cell and and have and the content should be editable. in addition i'm having a button add row, to insert a new raw but doesn't work if use the form type as input. here you have the full code

    <?php
include_once 'con_ui.php';
if(isset($_POST['btn-save']))
{
 // variables for input data
 $advertiser = $_POST["advertiser"];
 $impressions = (isset($_POST["impressions"])?
    $_POST["impressions"]:'');

 // variables for input data

 // sql query for inserting data into database

        $sql_query = "INSERT INTO data(adv, imp) VALUES('$advertiser', '$impressions')";
 mysql_query($sql_query);

        // sql query for inserting data into database

}
?>


 <html>
 <head>
 <script>
 function myFunction() {
    var table = document.getElementById("myTable");
    var new_client = document.getElementById("advertiser_row1").innerHTML;
    var new_impressions = document.getElementById("impressions_row1").innerHTML;

    var row = table.insertRow(1);
    var cell1 = row.insertCell(0);
    var cell2 = row.insertCell(1);
}
    </script>
 </head>
 <body>

 <table id="myTable" align='center' cellspacing=0 cellpadding=5 border=1> 
 <form method="post">
 <tr>
 <th>advertiser</th>
 <th>impressions</th>
 </tr>
 <td>

 <select name="advertiser" id="advertiser_row1">
            <option value="">Select advertiser</option>
            <option value = "Brita ">Brita</option>
            <option value = "Sammontana">Sammontana</option>
    </select>

 </td>

<td><input type="text" name="impressions" id="impressions_row1" value="1000000"></td>


 <td>
<button onclick="myFunction()">Add Row</button>
</td>
<td>
 <button type="submit" name="btn-save">Save</button>
 </td>
</tr>
</form>
</table>

</body>
</html>

how to push data from html grid to mysql?

2 Answers2