-1

I am trying to export a full table into SQL using data from an HTML table. I know how to export one row, but can't understand how to export multiple rows. Any advice?

<?php while ($row = $result->fetch_assoc()) :?>

<tr>
<form action="insertorder.php" method="post">
    <td name="Item_ID[]"><?=$row["item_id"]?></td>
    <td name="name[]"><?=$row["ITEM_NAME"]?></td>
    <td name="suggested_qty"><?=$row["suggested_qty"]?></td>
    <td  name="price" class="pricetd"><?=$row["Price_item"]?></td>
    <td>
    <input type="text" name="editedvalues[]" class="qtyinput" value="<?=$row["suggested_qty"]?>" />
    </td>
    <td><input name='result[]' class="resultinput" /></td>
</tr>

<?php endwhile?>
<input type="submit" class="btn btn-dark" value="Submit">
</table>

</form>

//////Export script////////

$sql = 'INSERT INTO \'ms_order\' (\'item_id\', \'item_name\', \'order_quantity\', \'total\') VALUES';
for ($i=0; $i<count($_POST['item_id']); $i++) {
    $sql .= '(\'' . $_POST['item_id'][$i] . '\', \'' . $_POST['item_name'][$i] . '\', \'' . $_POST['editedvalues[]'][$i] . '\', \'' . $_POST['result'][$i] . '\')';
    if ($i<count($_POST['item_id']) - 1) {
       $sql .= ',';
    }
}
stackmaster
  • 55
  • 6
  • Could you provide more information about why you're trying to do this? It looks to me like you're populating the table with data. I'm not sure why you would need to then scrape the data off and put it back into your database. Are you trying to scrape someone else's webpage? To read something out of an uploaded file? Is Javascript an option? – Truth Apr 22 '19 at 19:39
  • The idea is that I am pulling in data for the user to view, then the user enters/changes data then resubmits the form with the updated data – stackmaster Apr 22 '19 at 19:45
  • **Warning:** You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](http://php.net/manual/en/pdo.prepared-statements.php) or by [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input, especially that which comes from the client side. Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). – Dharman Apr 22 '19 at 21:46

1 Answers1

0

If I understand your problem correctly, you need to use an HTML form which will submit your data to your PHP page to be processed. When you build your form, use the information you queried from your database to fill in the value attribute of your form's input elements.

<form action = 'myphppage.php' method='post'>
    <input name='myinput' value='<?php echo $defaultValue ?>'>
    <button type='submit'>Submit</button>
</form>

When the user changes the input field, the value of the input changes. When the user clicks submit, the value of your select element will be sent in your $_POST array to 'myphppage.php', with the name of the element as an index.

<?php

   $select = $_POST['yourselect']; 

?>

You can then manipulate the data to update your database.

WARNING: Make sure you properly sanitize your data and use a parametrized query to prevent SQL injection. How can I prevent SQL injection in PHP?

Truth
  • 486
  • 7
  • 19