-1

My problem is inserting new data from html form from element <input type = checkbox>, other input field html form php script into mysql table inserted correctly, without errors.

First html form snippet - this is my current checkbox (with more options):

<input  id="element_5" type="checkbox"  name= "skupiny_rp[]" value="C" checked> C <br>
<input  id="element_5" type="checkbox"  name= "skupiny_rp[]" value="CE" > CE <br>
<input  id="element_5" type="checkbox"  name= "skupiny_rp[]" value="D"> D <br>
<input  id="element_5" type="checkbox"  name= "skupiny_rp[]" value="DE"> DE <br>

I used array to store more values from the checkbox. My idea was as follows: I wanted to use the procedure that I used when inserting these values into a csv file - this procedure worked, here when inserting into MySQL table is not working. This array skupiny_rp[] I converted this field using php the implode () php function and put it in csv. But to insert into mysql table from implode function for mysql doesn't work.

Here's a php and sql snippet: all input fields of the html form before being inserted into the mysql table treated using mysqli_real_escape_string()

here prepare sql query

$query = "INSERT INTO skoleni (jmeno, prijmeni, narozen, ulice_cp,
          mesto, psc, zeme, cislo_rp, skupina_rp,email,telefon, 
          termin_skoleni)
          VALUES ('$jmeno', '$prijmeni', '$narozen', '$ulice_cp', 
                  '$mesto', '$psc','$zeme', '$cislo_rp', '$skupina_rp', 
                  '$email', '$telefon', '$termin')";

And here the execution of the query and its verification of success:

if (mysqli_query($SQLconn,$query)):
    echo "Záznam vytvořen.";
    close($SQLconn);
else:
    echo "Vytvoření záznamu selhalo." ;
endif;

This source code works almost correctly. But displaying the values from the html checkbox seems to me unsolvable, can someone advise how to display the mysql table all selected values from skupiny_rp[] in the MySQL table.

Here's the configuration table in Mysql:

CREATE TABLE skoleni (
 id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
 registrovan TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
 jmeno VARCHAR(10) NOT NULL,
 prijmeni VARCHAR(30) NOT NULL,
 narozen VARCHAR(20) NOT NULL,
 ulice_cp VARCHAR(255) NOT NULL,
 mesto VARCHAR(50) NOT NULL,
 psc VARCHAR(5) NOT NULL,
 zeme VARCHAR(50) NOT NULL,
 cislo_rp VARCHAR(10) NOT NULL,
 skupina_rp VARCHAR(10) NOT NULL,
 email VARCHAR(50) NOT NULL,
 telefon VARCHAR(9) NOT NULL,
 termin_skoleni VARCHAR(50) NOT NULL)
Petr Fořt Fru-Fru
  • 858
  • 2
  • 8
  • 23
  • 1
    Also, see about sql injection and the importance of prepared and bound queries – Strawberry Nov 10 '19 at 13:29
  • Have you tried `echo`ing the PHP variable `$query` after you put it together and "protected" it with `mysqli_real_escape_string()`? Maybe the result is not exactly how you want it? I also noticed that the column `skupina_rp` in your `skoleni` table is defined as `VARCHAR(10)`. This might be too short if you have many checkboxes selected. Yes, and like @Strawberry mentioned: you should probably look into using prepared statements, see here: https://www.php.net/manual/en/mysqli.prepare.php . – Carsten Massmann Nov 10 '19 at 13:44
  • 1
    [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) – Dharman Nov 10 '19 at 19:57
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Nov 10 '19 at 19:57

2 Answers2

2

Assuming that the values have "arrived" in your PHP script - and the values of the skupiny_rp[] checkboxes have been combined with implode() into the PHP variabe skupina_rp , then maybe the following insert satement using a "prepared statement" will be helpful to you? (The code is untested!)

if ($stmt = mysqli_prepare($SQLconn, 
   "INSERT INTO skoleni (jmeno, prijmeni, narozen, ulice_cp,
       mesto, psc, zeme, cislo_rp, skupina_rp,email,telefon, 
       termin_skoleni) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)" )) {
    /* bind parameters for markers */
    mysqli_stmt_bind_param($stmt, "ssssssssssss", $jmeno, $prijmeni,
       $narozen, $ulice_cp, $mesto, $psc, $zeme, $cislo_rp, 
       $skupina_rp, $email, $telefon, $termin);    
    /* execute query */
    mysqli_stmt_execute($stmt);
    if (mysqli_stmt_affected_rows($stmt)) { echo "Záznam vytvořen.";}
    else { echo "Vytvoření záznamu selhalo.";}
    // close($SQLconn);
}

And - as I mentioned in my comment: your column skupina_rp might not be wide enough to store string that holds all checkbox values.

I have now tested the above in a little fiddle, see here: http://phpfiddle.org/main/code/yywg-c6dz

Carsten Massmann
  • 26,510
  • 2
  • 22
  • 43
0

My problem has been resolved. The problem all the time was in the wrongly defined database name in the function "mysqli()",

$sqlconn = new mysqli($servername, $username, $password, $dbName);

an invalid parameter in $dbName caused my error,

where all the time was wrong database name. The PHP script now works correctly.

Recommendations for all those who have the same problem, when the data from the HTML form goes to the server, but the data is not written to the table.

  1. Check the connection initialization parameters (in my case $ sqlconn), focus on the parameters to access the MySQL server.
  2. Check your SQL query, focusing primarily on the table name, and the column names defined in the SQL query (compare physically with table names, and column names directly on the SQL server).
Petr Fořt Fru-Fru
  • 858
  • 2
  • 8
  • 23