1

Iam making a daily report system. its just a hobby project. question is that how can i submit form that is displayed in while loop to sql query. as the form is in while loop, i cannot determine that how many rows are going to be inserted. so i cannot add multiple insert statements. i am thinking of showinginsert into statement in while loop also. can i do it somehow? there is some of the code to understand: Attendance.php: `

<form action="create.php" method="POST">
<?php
$query="SELECT * FROM users where class "; // SQL query to fetch all table data
$view_users= mysqli_query($conn,$query);    // sending the query to the database

//  displaying all the data retrieved from the database using while loop
while($row= mysqli_fetch_assoc($view_users)){
$id = $row['id'];  
$marksnamaz = $row['marksnamaz'];
$class = $row['class'];
echo "<tr >";
echo " <th scope='row' >{$id}</th>";
echo " <td >{$marksnamaz}<input name='name' type='hidden' value='{$marksnamaz}'></td>";
echo "<td><select name='att'><option value='Hazir'>Hazir</option><option value='gherhazir'>Gher Hazir</option><option value='rukhsat'>Rukhsat</option></select></td>";
echo "<td><input type='text' name='reason'></td>";
echo "<td>{$class}</td>";
echo "</tr>";
}  
?>
<input type="submit" name="create">
</form>

` The Create.php

`

<?php 
  if(isset($_POST['create'])) 
    {
        $name = $_POST['name'];
        $att = $_POST['att'];
        $reason = $_POST['reason'];
        $date = date("y-m-d");
        // SQL query to insert user data into the users table
        $query= "INSERT INTO att(name, att, reason, date) VALUES('{$name}','{$att}','{$reason}','{$date}')";
        $add_user = mysqli_query($conn,$query);
    
        // displaying proper message for the user to see whether the query executed perfectly or not 
          if (!$add_user) {
              echo "something went wrong ". mysqli_error($conn);
          }

          else { 
              }         
    }
?>

` please answer me fast i will be very thankful to you.

I expect that i should show mysql insert into statement also in a while loop so it adds new statements automatically based on number of rows it is recieving

Muhammad Rohan Ghalib
  • 11
  • 2
  • A web page can only submit one form at a time. – Barmar Dec 30 '22 at 04:06
  • You could put multiple rows in the form, using array-style names on the input fields. They will become arrays in `$_POST`, which you can loop over to insert into the database. – Barmar Dec 30 '22 at 04:07
  • Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating variables into the query. – Barmar Dec 30 '22 at 04:07
  • my code will not be public. thanks for advice. – Muhammad Rohan Ghalib Dec 30 '22 at 04:29
  • can you please show me snippet? ii couldnt understand – Muhammad Rohan Ghalib Dec 30 '22 at 04:29
  • See https://stackoverflow.com/questions/17344379/get-the-values-of-2-html-input-tags-having-the-same-name-using-php/17344480#17344480 for examples – Barmar Dec 30 '22 at 21:00

1 Answers1

0

Create the following statement:

INSERT INTO tbl (a,b,c) VALUES
    (1,2,'abc'),
    (3,2,'xabc'),
    (11,12,'y'),
    (19,29,'zzz')

Notes:

  • The lack of trailing comma; I recommend collecting an array of rows, then inserting the commas with implode(',', arr)
  • The rows would be in your 'loop' of unknown length.
  • Be sure to escape any strings as you build the them -- mysqli_real_escape_string().
  • If you have 100 rows to insert, it will run about 10 times as fast as one at a time.
Rick James
  • 135,179
  • 13
  • 127
  • 222