saving bank row using array

Question

I have a dynamic form which allows to add multiple textboxes. While saving the data in the database, it also saves an additional empty extra row. Could you help to find the issue?

HTML:

<div class="col-xs-12 col-sm-6">
  <div class="form-group">
    <input name="skill[]" type="text" class="form-control" placeholder="Skill name, e.g. HTML">
  </div>
</div>

<div class="col-xs-12 col-sm-6">

  <div class="form-group">
    <div class="input-group">
      <input name="percent[]" type="text" class="form-control" placeholder="Skill proficiency, e.g. 90">
      <span class="input-group-addon">%</span>
    </div>
  </div>

</div>

<div class="col-xs-12 duplicateable-content">
  <div class="item-block">
    <div class="item-form">

      <button class="btn btn-danger btn-float btn-remove"><i class="ti-close"></i></button>

      <div class="row">
        <div class="col-xs-12 col-sm-6">
          <div class="form-group">
            <input name="skill[]" type="text" class="form-control" placeholder="Skill name, e.g. HTML">
          </div>
        </div>

        <div class="col-xs-12 col-sm-6">

          <div class="form-group">
            <div class="input-group">
              <input name="percent[]" type="text" class="form-control" placeholder="Skill proficiency, e.g. 90">
              <span class="input-group-addon">%</span>
            </div>
          </div>

        </div>
      </div>

    </div>
</div>

Here is my php to save the data input:

for ($i = 0; $i < count($_POST["skill"]); $i++) {
  $skill = $_POST["skill"][$i];
  $percent = $_POST["percent"][$i];

  $sql = "insert into tb_skill (skills,percent,user_id) values 
    ('$skill', '$percent', '$_SESSION[id]')";
  mysqli_query($con, $sql);
}

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — mega6382, Oct 20 '17 at 13:33
You likely need to trim a newline character off the end of your input... at least that's at first glance. — Tim S., Oct 20 '17 at 13:34
@Roble, can you please paste here POST array values, how they are coming — jvk, Oct 20 '17 at 16:17

score 0 · Answer 1 · answered Oct 20 '17 at 14:47

0

Add these lines inside of your for loop, before you submit the variables to database.

$skill = trim($skill);
$percent = trim($percent);

answered Oct 20 '17 at 14:47

cmprogram

1,854
2
13
25

score 0 · Accepted Answer · answered Oct 20 '17 at 17:22

This might help to you.

  $skill = $_POST['skill];
    $percent = $_POST['percent'];
    for ($i = 0; $i < = count($skill); $i++) {

      $sql = "insert into tb_skill (skills,percent,user_id) values 
        ('$skill[$i]', '$percent[$i]', '$_SESSION[id]')";
      mysqli_query($con, $sql);
    }

saving bank row using array

2 Answers2