-1

Website.

This feels like a common problem, but it's a difficult one to Google!

As explained in the comment in the code, inserting the value was previously not a problem but stopped working when I added the additional INSERT queries below it.

$user = $_POST['name'];
$night = $_POST['club'];
$query = mysql_query("SELECT day FROM nights WHERE name = '$night'");
$email = $_POST['email'];

while ($row = mysql_fetch_assoc($query)) {

    $date = getFullDateString($row['day']);
    $date2 = getDateString($row['day']);

}

// this one previously worked but now enters into the database with $user as "Array"
mysql_query("INSERT INTO guestlists (guest, night, date) VALUES('$user', '$night', '$date') ") or die(mysql_error());

$guest1 = $_POST['name1'];
$guest2 = $_POST['name2'];

// these were added later and work fine but seem to have had an effect on the query above
mysql_query("INSERT INTO guestlists (guest, night, date) VALUES('$guest1', '$night', '$date') ") or die(mysql_error());
mysql_query("INSERT INTO guestlists (guest, night, date) VALUES('$guest2', '$night', '$date') ") or die(mysql_error());

foreach ($_POST as $key){
    if (is_array($key)){
        foreach ($key as $key2 => $value){
            mysql_query("INSERT INTO guestlists (guest, night, date) VALUES('$value', '$night', '$date') ") or die(mysql_error());

        }
    }
}
Improve this question
5
  • 1
    i'm confused, which of the 4 inserts is doing what now? Commented Jun 13, 2012 at 9:56
  • $value than is proabably an array check it with is_array. And your code asks for mysql injection all over. Commented Jun 13, 2012 at 9:57
  • 1
    Oh no, SQL Injection! Your code is very vulnerable to attacks. Please use mysql_real_escape_string or even better, PDO. Commented Jun 13, 2012 at 9:58
  • Yeah, I haven't looked at SQL injections yet. Any pointers in the right direction? Commented Jun 13, 2012 at 9:58
  • use the print_r($variable) to check all your variables before adding it in mysql query, and if it is array than get the required value with $variable['key']. And BTW Please stop writing new code with the ancient mysql_* functions. They are no longer maintained. Commented Jun 13, 2012 at 10:01

3 Answers 3

Reset to default
1

You should rename the guest HTML inputs to guests[] instead of using name again. You have a naming conflict.

You need to fix this in your javascript code:

var name = $("<p><input class='input' type='text' name='guests[]' value='' /></p>");

And in your HTML code:

<input class="input" type="text" name="guests[]" />

After that, your PHP code should handle the guest variable as an array:

$guests = $_POST['guests'];

foreach ($guests as $guest)
{
    mysql_query("INSERT INTO guestlists (guest, night, date) VALUES('$guest', '$night', '$date') ") 
    or die(mysql_error());
}

Note that you don't need to go guests[1], guests[2], guests[3] etc.

Improve this answer
1
  • This is the tidiest solution. Commented Jun 13, 2012 at 10:19
1

in your website you have:

<input class='input' type='text' name='name["+currentArrayNum+"]' value='' />

to generate the form. The name[...] arguments end up in php as $_POST['name'] which will be an array. If you force this to be a string, the string will be Array. So take your $user and iterate over it using foreach, to handle each name.

Also, please read up on sql injection!

Improve this answer
0

You have some Javascript on your page that is inserting form fields that look like this: 

<input class="input" type="text" name="name[5]" value="">

The name="name[5]" part is whats causing your problems here - it turns $_POST['name'] in to an array when submitted. You'll need to refactor that code.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.