-1

I created a form with multiple checkboxes to add to database, what do I need to change in the VALUE $_POST[penerima] to enter multiple checkboxes data into the database?

if(isset($_POST['simpan'])){
$simpan = mysqli_query($koneksi, "INSERT INTO umum (tanggal_terima, pengirim, no_surat, perihal, disposisi, penerima )
                                VALUES ('$_POST[tgl_terima]',
                                        '$_POST[pengirim]',
                                        '$_POST[no_surat]',
                                        '$_POST[perihal]',
                                        '$_POST[disposisi]',
                                        '$_POST[penerima]')
                                        ");
Dimas Adrian Arifin
  • 1
  • 4
    Your code is wide-open to SQL injection. Do not directly embed (post) variables in the sql ~ use `prepared statements` instead. If the form field `penerima` is named `penerima[]` then you can iterate through them like an array – Professor Abronsius Jan 31 '21 at 22:18
  • We would need to know what your HTML structure is like. – El_Vanja Jan 31 '21 at 23:10
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Feb 01 '21 at 13:27

1 Answers1

0

I'm not going to address the SQL injection issues in the code, but please read: How can I prevent SQL injection in PHP?

You can store array data in a database using json_encode($array) - this will convert your array of checkboxes to a string which can be stored. I suggest using the TEXT column type, otherwise, the sting may be cut off if your values are long.

https://www.php.net/manual/en/function.json-encode.php

You can then json_decode the data back to an array once it's selected.

https://www.php.net/manual/en/function.json-decode.php

Blueline
  • 388
  • 1
  • 10