How to $_POST multiple textarea into SQL database in PHP?

Question

currently I am doing a university assignment called "Online Examination System". I had proceed to "Teacher part" and teacher is responsible to add Questions and Answers then INSERT into Database. However, I cannot make this happen, can anyone helps me? Thanks

My addTest.php code as belows:

<!DOCTYPE html>
<html>
<head>
    <title>Add New Test by teacher</title>
</head>
<form method="post" action="addTest.php">
    <h2>Add New Test Form</h2>
    <table border = '1'>
    <td colspan='12'><a href='teacherPage.php'><input type='button' value='Close'/></a></td>
    <h2>Add new Test</h2>
    <tr><td>Test ID: </td><td><input type = 'text' name='test_id' /></td></tr>
    <tr><td>Test name: </td><td><input type = 'text' name='test_name'/></td></tr>
    <tr><td>Test Given Time in minutes: </td><td><input type = 'text' name='test_time'/></td></tr>
    <tr><td>Test's date: </td><td><input type = 'date' name='test_date'/></td></tr>
    <tr><td>Number of questions: </td><td><input type = 'number' name='no_Ques' /></td></tr>
    <td colspan='2'>
    <button type="submit" class="btn" name="confirm" >Confirm</button><br></td>
    <tr><td colspan='2'>
    <button type="submit" class="btn" name="add" >Add</button><br></td></tr>
    </table>
</form>
<body>
    <?php
        include ("database.php");//Config file
        session_start();
        $sessuname = $_SESSION['Uname']; //automatically retrieve teacher ID from Login
        $Moderator_ID="";
        
        $sqlTeacher = "select TEACH_ID from TeacherUser where TEACH_USERNAME='$sessuname' LIMIT 1";
        $TeacherNo = mysqli_query($conn, $sqlTeacher);
        while ($Row = mysqli_fetch_row($TeacherNo))
        {
            for ($i=0; $i<count($Row); $i++)
            {
                $Moderator_ID=$Row[0];
            }
        }
        //Used to spawn how many text area for questions and answers.
        if (isset($_POST['confirm'])){
            $No_Ques = $_POST['no_Ques'];
            
            for($i=1;$i<=$No_Ques;$i++)
            {
                echo"<br><table><thead><th>Question ".$i."</th></thead>";
                echo"<tr><td>Test Questions: </td><td><textarea name='test_question[".$i."]' cols ='35' rows ='6'></textarea></td></tr>";
                echo"<tr><td>Test Answers: </td><td><textarea name='test_ans' cols ='35' rows ='6'></textarea></td></tr></table><hr><br>";
            }
        }
        //Used to submit the entries into database
        if (isset($_POST['add'])) {
            
            $Test_ID = $_POST['test_id'];
            $Test_Name = $_POST['test_name'];
            
            $Test_Time = $_POST['test_time'];
            $Test_Date = $_POST['test_date'];
                
            $test_check_query = "SELECT * FROM TestDetails WHERE TEST_ID='$Test_ID' LIMIT 1";
            $test_result = mysqli_query($conn, $test_check_query);
            $test_exist = mysqli_fetch_assoc($test_result);
            
            for($i=0;$i<$_POST['no_Ques'];$i++)
            {
                $Test_Ques = array();
                $Ques=array();
                $Test_Ques = trim($_POST['test_question']);
                
                //It says $Test_Ques is not recognize == no value found in it when print_r.
                //Not working :(
                //print_r($Test_Ques);
                
                //array_push($Ques,$Test_Ques);
                //echo"Array is ".$Test_Ques[$i];
                
                $que="<pre>$test_question</pre>";
                $ans="<pre>$test_ans</pre>";
                    $test_sql = "INSERT INTO TestDetails (TEST_ID, TEST_NAME, TEST_QUESTION, TEST_ANS, 
                    TEST_TIME, TEST_DATE, TEST_MODERATOR, TEST_MODERATOR_ID)
                    VALUES ('$Test_ID', '$Test_Name', '$que', '$ans',
                    '$Test_Time', '$Test_Date', '$sessuname', '$Moderator_ID')";
                //The result is insert nothing into database.
                $result = mysqli_query($conn, $test_sql);
            }
            //If test existed, added failed
            if($test_exist){
                if ($test_exist['TEST_ID'] == $Test_ID){
                    echo "<br>The test is already added. Please add with another test ID.";
                    mysqli_close($conn);
                }
            }
            //New Test added successful
            else{
                echo"<br>New Test added successfully!<br><br>";
                echo"New test ID is <strong>".$Test_ID."</strong>.<br>";
                echo"New test name is <strong>".$Test_Name."</strong>.<br>";
                echo"New test date is when <strong>".$Test_Date."</strong>.<br>";
                header("refresh:5; url=addTest.php"); //check for port :8080
            }
        }
    
    ?>

</body>
</html>

Output: A simple forms had created

After enter question number, textareas had been spawn

My Database structure

`$_POST['test_question']` will be an array, so you need to loop through it. `test_ans` will be the same. (And using trim() on it consequently makes no sense either). — ADyson, Mar 05 '21 at 11:31
**Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. — ADyson, Mar 05 '21 at 11:32
(Possible) side note: Do not use string interpolation or concatenation to get values into SQL queries. That's error prone and might make your program vulnerable to SQL injection attacks. Use parameterized queries. See ["How to include a PHP variable inside a MySQL statement"](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) and ["How can I prevent SQL injection in PHP?"](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — sticky bit, Mar 05 '21 at 11:32
https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped input values. — ADyson, Mar 05 '21 at 11:32
It would make more sense to store the `TEACH_ID` in the session and then save yourself an unnecessary query in probably all your scripts — RiggsFolly, Mar 05 '21 at 11:41
@ADyson, alright thanks, I will look into these reading materials, appreciate that ! — Leow Kah Seng, Mar 05 '21 at 12:38

How to $_POST multiple textarea into SQL database in PHP?

0 Answers0