0

I have an issue.
I have a field where you can enter something like this:

word|secondword|third|fourth
and|more|and|more

So I thought that doing an explode like this should be fine:

$linebyline = explode("\n", $_POST['message']);
for ($i=0;$i<100;$i++){
  $exploded = explode("$delimiter", $linebyline[$i]);

And in the for loop I added a statement like:

$query = ("insert into homesweet(phone,sensitive,vagisil) values('$result','$exploded[$experience]','$exploded[$name]');

But it works if I copy-paste it in MysQL. It does not if I use it by PHP. Throwing just cannot execute the query. Also, it says:

PHP Notice: Undefined offset

And:

PHP Notice: Undefined index

Not working query: $query = ("insert into homesweethome(trashcan,exp,seller,name,zip,city,state,country,dobmonth,dobyear,ssn,address,price,phone) values('$result','$exploded[$exp]','$username','$exploded[$name]','$exploded[$zip]','$exploded[$city]','$exploded[$state]','$exploded[$country]','19','1990','$exploded[$ssn]','$exploded[$address]','$exploded[$price]','$exploded[$phone]'");

Stephanie Sotelo
  • 75
  • 1
  • 1
  • 6
  • https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – bassxzero Jun 26 '17 at 21:42
  • 2
    You are missing the closing quotation mark in your insert query, which is why it is working in MySQL but not PHP. – Obsidian Age Jun 26 '17 at 21:43
  • 1
    You should include all the relevant code that is pertinent to your question - for example, where / what is `$experience` or `$name` ~ where are they define? – Professor Abronsius Jun 26 '17 at 21:48
  • ,'$exploded[$phone]'"); It's closed, Since I can't copy and paste all of my code here I tried to sinthetize. As I said I have strings of codes divided by a character like this: "|" Now, I used explode to first get every line by \n and then using explode on that array to get words by words. Since it will be used by many people with different layout of text, I decided to make like 10 fields asking for the field number (name = 1, phone = 2) (SBRISI MINI|3209302930) something alike, in a way to be able to put those in mysql even if they come in a different order. – Stephanie Sotelo Jun 26 '17 at 21:55
  • 2
    Anyway, prize for oddest column names. I'm already starting to itch. – Strawberry Jun 26 '17 at 21:55
  • If you're getting `Undefined index` errors, it means either the variables like `$name` and `$zip` are not set correctly, or the array doesn't have enough elements to fill in all the fields. – Barmar Jun 26 '17 at 22:19
  • It's no longer throwing that error, it was a mistake caused by a typo, once fixed it still won't accept the syntax – Stephanie Sotelo Jun 26 '17 at 22:22

1 Answers1

1

You can replace all the new line caracters from the received string with your delimiter and use explode() only once.

$receivedString = "word|secondword|third|fourth
and|more|and|more";

$linebyline = preg_replace('/\s+/', '|', $receivedString);


$exploded = explode("|", $linebyline);

$query = "INSERT INTO table_name(column0, column1, column2, column3, column4)
VALUES('$exploded[0]', '$exploded[1]', '$exploded[2]', '$exploded[3]', '$exploded[4]')";

echo $query;
mufax
  • 81
  • 3
  • Still, throws mysql "Cannot execute query." – Stephanie Sotelo Jun 26 '17 at 22:12
  • The $exploded array is an Indexed array, not an associative one, hence you need to use the index numbers. Also, maybe it's best if you replace the new lines with the delimiter and only performe explode once. – mufax Jun 26 '17 at 22:27
  • the point is to make it dynamic because I don't know which index value will be right once users enters it. My goal was using the [$var] to be able to fit the user input. it asks where the name will be: second or fifth variable or the last one, the user has to chose it – Stephanie Sotelo Jun 26 '17 at 22:40
  • If you're having trouble with a query, echo the query (just like mufax gives the example of doing here), and then take the static query, and paste that into mysql that you are running from the command line. Then see what error it gives you. Then go back to your PHP code and figure out why it's generating an invalid query. Learn how to debug this in pieces and you can break the problem into smaller steps, each of which is easier to do. – cazort Jun 26 '17 at 22:56
  • the issue is with the db, pasting the code to another db I have return 200 for the query – Stephanie Sotelo Jun 28 '17 at 01:11