1

I'm a little confused here. I want to add 4 values to the db. Exept if the user only add < 4.

DB columns are:

ticket1, ticket2, ticket3, ticket4

There are multiple checkboxes 1-19.

<input class='' id='cbx' value='1' name='check_num[]' type='checkbox'/><label>1</label>

My code is...

 if(!empty($_POST['check_num'])) {

     foreach($_POST['check_num'] as $key => $value) {

          //i just need the ARRAY or something to divide the numbers in peaces to put on the db.

     }
 } else {
   echo "empty"; 
 }
Mariana Silva
  • 1
  • 4

1 Answers1

0

I'd use something like this, but there are plenty of alternatives.

if(!empty($_POST['check_num'])) {
    $count = count($_POST['check_num']);
    if($count <= 4){
        $columns = "";
        $values = "";
        $i = 1;
        while($i <= $count){
            $columns .= "ticket".$i.", ";
            $params .= "?, ";
            $types .= "i";
            $i++;
        }
        $columns = substr($columns, 0, 2);
        $params = substr($columns, 0, 2);
        $stmt = $mysqli->prepare("INSERT INTO [table_name] (".$columns.") VALUES (".$params.");";);
        mysqli_stmt_bind_param($stmt, $types, ...$_POST['check_num']);
        mysqli_stmt_execute($stmt);
    }
    else{
        echo "Too many selections";
    }
}
else{
    echo "empty"; 
}

I haven't used anything but PDO for prepared in php in several years. Might be my bias but I'd recommend the switch, this seemed more complicated to me. You may need to update the portions using mysqli prepare and bind I haven't tested this code at all, just wrote it in the answer.

I also assumed each column was an integer type, and of course, update to use your table name in the query.

I added the substr() functions to remove trailing ", " from last entry of each, you could also check if $i == $count before those assignments, and use a different assignment set without the trailing ", " inside that if() with the current assignments in the following else. The $i++ would obviously be outside this if()/else.

TCooper
  • 1,545
  • 1
  • 11
  • 19
  • That part it's ok.. i just want to add like INSERT (ticket1, ticket2, ticket3, ticket4) VALUES($value1, $value2, $value3, $value4), this is what i want. Every Number from Checkbox INSERTED. – Mariana Silva Nov 20 '20 at 01:22
  • But what DB are you using? What library/methods are you using to interact with it? – TCooper Nov 20 '20 at 01:23
  • PHPMYADMIN MYSQLI, to protect the POSTS i'm only using mysqli_real_escape_string($con, sanitize()) – Mariana Silva Nov 20 '20 at 01:26
  • Got it, for future reference/real world applications, please read this Q&A https://stackoverflow.com/questions/32391315/is-mysqli-real-escape-string-enough-to-avoid-sql-injection-or-other-sql-attack - but I'll update the answer now. – TCooper Nov 20 '20 at 01:29
  • 1
    and i use MYSQLI prepared Statments (?) – Mariana Silva Nov 20 '20 at 01:32
  • Got it, that's what you need. There's a few ways to handle this, I'd check for the existence of a value and if it doesn't exist set it to an empty string for simplicity, then run one query to update. I assume you also have a user id or similar unique identifier to know which row to insert these values to? – TCooper Nov 20 '20 at 01:35
  • yes, i use user_id => INT, i think at the moment i just need to figure out how to ADD the 4 checkbox into 4 COLUMNS like 1,2,3,4 – Mariana Silva Nov 20 '20 at 01:37
  • @MarianaSilva see updated answer, you'll still need to test, and maybe tweak yourself, but should get you the concepts. – TCooper Nov 20 '20 at 18:37