up vote -1 down vote favorite

I am trying to get multiple rows to insert into a mysql table from a form that allows for multiple checkboxes.

This is the form:

<input type='submit' name='invite-group' value='Invite To Group'>
<br />
<?php
$query2aac = mysql_query("SELECT * FROM follow WHERE yoozer1='$userdb1a' AND  followaccept='Yes' ORDER BY yoozer2 DESC");

while($row2aac = mysql_fetch_array($query2aac))
{
    $rowid = $row2aac['followid'];
    $yoozer2aac = $row2aac['yoozer2'];
    $yoozer2aacurl = strtolower($yoozer2aac);
    $palurl = '<a href="http://www.bunchofus.com/fanpage/' . $yoozer2aacurl . '">' .    $yoozer2aac . '</a>';
    echo '<input type= "hidden" name = "id[]" value="' . $rowid . '"></input>';
    echo '<input type= "checkbox" name = "friends[]" value="' . $yoozer2aac . '">' . $palurl . '</input><br />';
}   
?>

This is the php: 

if ($submit)
{
    $submit = $_POST['invite-group'];
    $date1 = date("Y-m-d");
    $lowername = strtolower($username);
    $combined = $_POST['friends'];

    foreach ($combined as $username) 
    {
        $insert1 = mysql_query("INSERT INTO grprequest VALUES ('','$grpid3','$username','$myuser','$grprights3','$grpactive3')");
    }
}
?>

It is inserting one line into the database but not multiple lines. If I echo the username after the foreach, multiple usernames are showing.

If anyone could help I would appreciate it.

share|improve this question
People look tired today... lol – Mike Boutin May 18 '12 at 18:08
Please post the output of var_dump($combined); – Travesty3 May 18 '12 at 18:11
@Travesty3 array(2) { [0]=> string(9) "yoozpaper" [1]=> string(9) "bunchofus" } – stevieD May 18 '12 at 18:22
This is horrible, horrible piece of code. BTW, do you get any errors? Something like You have an error in your query near...? – Salman A May 18 '12 at 18:35

2 Answers

up vote 0 down vote accepted

Based on the sample code you've provided, and the var_dump of $combined, I'm not sure why it isn't working for you. But perhaps you could try something like this:

$inserts = array();
foreach ($combined as $username)
    $inserts[] = "('','$grpid3','$username','$myuser','$grprights3','$grpactive3')";

$query = "INSERT INTO grprequest VALUES ". implode(", ", $inserts);

echo "query = $query"; // for debugging purposes, remove this once it is working
mysql_query($query) or die(mysql_error());

This will perform all of your inserts in one call to the database. I added an echo before performing the query so that you can see the exact query that's being performed.

One thing that you should definitely note is that it looks like your code is vulnerable to SQL injection. There are hundreds of places you can look to find out more about how to protect yourself, so just search for it. My favorite reference is Bobby Tables.

It also looks like your form is vulnerable to XSS attacks. You select data from the database and insert it directly into HTML, but you should sanitize it first (using something like htmlspecialchars).

share|improve this answer
Ended up adding two results of the first and one of the other. At least it added multiple. I will try to figure it out from here. Thanks. query = INSERT INTO grprequest VALUES ('','38','yoozpaper','theSteveDowling','Group','Yes')query = INSERT INTO grprequest VALUES ('','38','yoozpaper','theSteveDowling','Group','Yes'), ('','38','bunchofus','theSteveDowling','Group','Yes') – stevieD May 18 '12 at 18:47
up vote 0 down vote

Have you tried using another variable besides $username? Because it seems as you have already used this name based off the $lowername = strtolower($username); line.

share|improve this answer
Yep tried that. Didn't work. Thanks though. – stevieD May 18 '12 at 18:30

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.