PHP script insert multiples records after submit button

Question

I'm creating a HTML form to insert input and file values in their respective tables using same php script to execute this. When I fill the input text and select images to send the path of all their to a table, the php script inserts several lines in one table according to the number of images that i select for send and this is incorrect because the table just have to store one record and the another table has to store images names with the recently created ID.

I found some similars questions about, but i didin't find a correct way to solve this:

1. PHP multiple records insert
2. MYSQL Insert Submit Button PHP
3. PHP multiple records insert
4. how to insert multiple records in php

In this case i have 2 tables on Mysql: cars_tbl e images_tbl. Below are their structure:

cars_tbl

carID | carName
--------------------
01    | Volvo
02    | GM
03    | Ford
xx    | xxxxxxxxxx

images_tbl

imageID | image       | carID
-------------------------------
01      | 0001.jpg    | 01
02      | 0551.jpg    | 01
03      | 08591.jpg   | 02
04      | 074581.jpg  | 02
05      | 785581.jpg  | 03

On table images_tbl, *the carID column, is a foreing key of ID column from cars_tbl.

Below are the basic HTML form code that i'm using for this:

<form action="upload.php" method="post" enctype="multipart/form-data">

<label for="carName">Car Name:</label><br>
  <input type="text" id="carName" name="carName"><br>

<label for="image">Select images:</label><br>
<input type="file" id="file" name="file" multiple>

 <input type="submit" name="submit" value="ADD">

</form>

And finally, the PHP script (upload.php) that has a function to insert into carName input to cars_tbl table and insert into the images names and carID on images_tbl table:

<?php

include 'configDB.php';

// prepare and bind
$stmt = $db->prepare("INSERT INTO cars_tbl (carName) VALUES (?)");
$stmt->bind_param("s", $carName);

// set parameters and execute
$carName = $_POST['carName'];
$stmt->execute();
$stmt->close();

$last_id = $db->insert_id;

if(!empty($_FILES)){

    // File path configuration 
    $uploadDir = "uploads/"; 
    $fileName = basename($_FILES['file']['name']); 
    $uploadFilePath = $uploadDir.$fileName; 

    // Upload file to server 
    if(move_uploaded_file($_FILES['file']['tmp_name'], $uploadFilePath)){ 
        // Insert file information in the database 
        $insert = $db->query("INSERT INTO images_tbl (image, carID) VALUES ('".$fileName."', '".$last_id."')"); 
    } 
        echo "Car added. ID: .$last_id.";

$db->close();

}

?>

Based on the information above, when I fill the input form carName and select images on file input, after i click submit button, the php script (upload.php) uploads selected images to uploads folder correctly, but on cars_tbl table, the script add several lines according to the number of images that i send and at the same time, the script add images name into images_tbl table, but the carID column is not only unique ID for all added images, but the carID is on a sequence number instead of the recently created ID from cars_tbl table.

UPDATED

The results that i would like to happen is similar the table below:

Suppose that i fill carName input with BMW name and i selected 3 images clicking on file browser button then i click on submit button. The php script should insert the data into 2 tables cars_tbl and images_tbl like below:

cars_tbl table

carID | carName
--------------------
xx    | xxxxx
xx    | xxxxx
xx    | xxxxx
04    | BMW

images_tbl table

imageID | image       | carID
-------------------------------
xx      | xxxxxxxx    | xx
xx      | xxxxxxxx    | xx
xx      | xxxxxxxx    | xx
05      | 782221.jpg  | 04
06      | 711581.jpg  | 04
07      | we3444.jpg  | 04

In this case, where i have to modify my script (upload.php) to insert, after click on submit button, only one register into cars_tbl table and the selected images names into images_tbl table related to recently created carID?

Answer 1

Your PHP code looks like you're uploading images one at a time, but your HTML form is accepting multiple images.

In this issue the structure of the $_FILES tag will be completely different and not transferable between these two types of $_FILES.

---

As general practise you should add a CSRF token to your POSTing form, which will also avoid this duplication, the form may be submitted multiple times but it will only be accepted the first time.

So your form would have a unique token <input type='hidden' name='randomName' value='<?php print $_SESSION['randomValueEachPageLoad'];?>'>

Then, on your receiving page, you do this:

if($_POST['randomName'] === $_SESSION['randomValueEachPageLoad']){
    // Do all of your stuff with the form data.
}
unset($_SESSION['randomValueEachPageLoad']);

---

As noted by ADyson remove the multiple from your <form> element.

---

As also mentioned by ADyson, you are logging into your SQL as the root user, this is highly unwise and is a significant security risk; if someone can access your PHP or even post their own data to your forms (as you don't have CSRF protection or universal parameterised queries) then they can do anything with your SQL.....