current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Join the Stack Overflow Community
Stack Overflow is a community of 6.5 million programmers, just like you, helping each other.
Join them; it only takes a minute:
Sign up
up vote -1 down vote favorite

Good evening lovely people,

I'm having problems with my query. The query should insert each product which is entered on the page. My table products has 4 fields: id, product_name, quantity and price.

The HTML looks a bit like this:

<form action="" method="post">

    Product name: <input type="text" name="product_name[]" value="" />
    Quantity: <input type="text" name="quantity[]" value="" />
    Price: <input type="text" name="price[]" value="" /> <br /> <br />

    <input type="submit" name="submit" value="Insert new products" />

</form>

I want my users to be able to insert new products into our database table products. By the way, I've created a javascript function which adds more fields to the form so my employees do not have to submit the form every time he or she wants to add a new product, but instead just add as many fields he or she needs to submit. Hopefully you'll know what I am talking about :)

Since I am not an expert in PHP coding, then I've tried on my own, which in my case has not worked particularly well. Of course I've been reading some articles on the web about querying array data, but with no luck, sadly.

So far, the PHP code looks like this:

<?
if(isset($_POST['submit'])){
    $product_name = addslashes($_POST['product_name']);
    $quantity     = addslashes($_POST['product_name']);
    $price        = addslashes($_POST['product_name']);

    $db->query("INSERT INTO products (product_name, quantity, price) VALUES ('".$product_name."', '".$quantity."', '".$price."')");
}
?>

If my employees have to insert each product one by one this had not been a problem. But since they can add more fields to the form then it becomes a problem.

Hopefully there is a logical explanation, but I can not figure it out on my own. And of course I am aware that I have not escaped my variables but this code is just for testing purposes. Have a good evening folks :)

share|improve this question
    
addslashes is a quite weak form of protection against SQL Injection. – kapa Feb 13 '14 at 21:54
    
Your $_POST data is an array - you'll need to iterate over it, so best to look up for() or foreach() – kero Feb 13 '14 at 21:55
    
You can look for tutorials on inserting data from multiselects, which is very similar to what you're attempting. See for example, this question – Michael Plotke Feb 13 '14 at 21:58
up vote 2 down vote accepted

You need to loop through all values in the array $_POST['product_name'] and issue a DB insert query once for each member of the array. The form data for each field set is submitted and processed as an array in PHP, like:

$_POST['product_name'] = array( 0 => 'first name', 1 => 'second name', 2 => 'third name', etc. )

Here's the code:

if(isset($_POST['submit'])){
    $ct=0;
    foreach( $_POST['product_name'] as $k=> $value ){ // loop through array
        $product_name = addslashes( $value );  // set name based on value
        $quantity     = addslashes($_POST['quantity'][$ct] ); // set qty using $ct to identify # out of total submitted
        $price        = addslashes($_POST['price'][$ct] ); // same as set qty

        $db->query("INSERT INTO products (product_name, quantity, price) VALUES ('".$product_name."', '".$quantity."', '".$price."')");
        $ct++; // increment +1
    }
}

To UPDATE (not INSERT) you need to pass an ID number along with the input fields in your HTML.

<input type="hidden" name="modify_id[]" value="7" />
Product name: <input type="text" name="product_name[]" value="" />
Quantity: <input type="text" name="quantity[]" value="" />
Price: <input type="text" name="price[]" value="" /> <br /> <br />

Then using PHP:

if(isset($_POST['submit'])){
    $ct=0;
    foreach( $_POST['product_name'] as $k=> $value ){ // loop through array
        $product_name = addslashes( $value );  // set name based on value
        $quantity     = addslashes($_POST['quantity'][$ct] ); // set qty using $ct to identify # out of total submitted
        $price        = addslashes($_POST['price'][$ct] ); // same as set qty

        $id           = (int)$_POST['modify_id'][ $ct ];

        $db->query("UPDATE products SET product_name = '$product_name', quantity = '$quantity', price = '$price' WHERE id = '$id' LIMIT 1");
        $ct++; // increment +1
    }
}
share|improve this answer
1  
Why use $ct when you already have the $key? – kero Feb 13 '14 at 21:59
    
A valid point. You could substitute $k for all instances of $ct for the other arrays, and remove the $ct=0; and $ct++; lines. But, I think, the data in $k is string, not integer. – Patrick Moore Feb 13 '14 at 22:01
    
And how will this work for updating the current fields in one page? – dinkode.dk Feb 13 '14 at 22:03
    
This will loop multiple times, for each set of fields you've added in the JavaScript. So if there are 8 sets of 3 fields, it will loop over them and submit 8 times. – Patrick Moore Feb 13 '14 at 22:04
1  
Thanks man! I will definitely try this tomorrow. I am most grateful for your amazing help :) take care man! – dinkode.dk Feb 13 '14 at 23:27

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.