This question already has answers here:
What's the best way to store Checkbox Values in MySQL Database?
(3 answers)
Closed 2 years ago.
I created a form with multiple checkboxes to add to database, what do I need to change in the VALUE $_POST[penerima] to enter multiple checkboxes data into the database?
if(isset($_POST['simpan'])){
$simpan = mysqli_query($koneksi, "INSERT INTO umum (tanggal_terima, pengirim, no_surat, perihal, disposisi, penerima )
VALUES ('$_POST[tgl_terima]',
'$_POST[pengirim]',
'$_POST[no_surat]',
'$_POST[perihal]',
'$_POST[disposisi]',
'$_POST[penerima]')
");
I'm not going to address the SQL injection issues in the code, but please read:
How can I prevent SQL injection in PHP?
You can store array data in a database using json_encode($array) - this will convert your array of checkboxes to a string which can be stored. I suggest using the TEXT column type, otherwise, the sting may be cut off if your values are long.
https://www.php.net/manual/en/function.json-encode.php
You can then json_decode the data back to an array once it's selected.
https://www.php.net/manual/en/function.json-decode.php
Related
This question already has answers here:
Is storing a delimited list in a database column really that bad?
(10 answers)
Closed 3 years ago.
I have a table with contact codes. When contact code is not specified there are ^^ in the empty cell. If specified should be: ^Code123^,^Code321^,^Code987^
I want to update this cell, but I dont know how to rewrite empty cell with ^^?
With my query I get this result ^^,^Code123^,^Code321^,^Code987^. How to delete ^^ when updating cell?
$sql6 = "UPDATE contacts
SET clicks_c=IF(clicks_c='',
'^".$url_name."^',
CONCAT_WS(',',clicks_c,'^".$url_name."^'))
WHERE id_c='".$row_id."'";
If an empty cell contains ^^, you need to test for that in your IF(). Change:
IF(clicks_c='',
to:
IF(clicks_c IN ('', '^^),
Then it will replace ^^ with a nonempty code, instead of concatenating to it.
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 5 years ago.
Maybe a silly question, but I'm really struggling.
I've created a MySQL Database and Table and am trying to push data into it. The data in question is a unique ID and a load of Javascript.
Code is simple:
$sql = "INSERT INTO TableName (id, code)
VALUES ('$uniqueid', '$codeoutput')";
However, whilst I can get the ID in there, I can't get the DB to accept the Javascript (which is currently stored in the variable $codeoutput.
I get the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
I'm not that familiar with using MySQL, and I have played around with different data types in PhpMyAdmin, but sadly still no luck.
What am I doing wrong? Do I need to have a very specific setup on the column where I'm storing the code? I'm currently trying to store it as medium text.
Is it something to do with needing to escape special characters? Is there an easy solution to this?
simplest way to do it is
$sql = "INSERT INTO TableName ($uniqueid) VALUES ('id')";
$sql2 = "INSERT INTO TableName ($codeoutput) VALUES ('code')";
This question already has answers here:
Use an array in a mysqli prepared statement: `WHERE .. IN(..)` query [duplicate]
(8 answers)
How can I bind an array of strings with a mysqli prepared statement?
(7 answers)
Closed 11 months ago.
I have a simple component on a website that is performing a query of all the prod ids from a cluster of products on the page and storing them into an array in jquery. I then send that array to PHP via AJAX as a POST which will ultimately perform a db query on all the ids.
My question is, how can I protect the array coming from the AJAX/JS file into the PHP file in the POST, against user manipulation... meaning I can find the ids in the source code and change them to some random value or even something malicious.
Normally in a user input scenario, you could do a real escape string or similar functionality in the PHP to cover the incoming data. Since I'm sending over an array of numeric values, what would be the best to way to secure that POST request?
Thank you,
-S
Let's assume, that you want to receive array of integer values from a client.
If you write on a raw PHP, then your code can look like this:
if (isset($_POST['ids']) && is_array($_POST['ids'])) {
$ids = array_map('intval', $_POST['ids']);
$ids = array_unique($ids); // Optional.
print(implode(', ', $ids)); // Print values.
}
Sample of user input:
ids[]=1&ids[]=2&ids[]=3&ids[]=malicious_input&ids[]=1
Output:
1, 2, 3, 0
intval takes argument and returns it's integer representation. malicious_input becomes 0 and it's safe for using it in SQL queries.
Some related links:
PHP Prepared Statements.
I have an array of integers, how do I use each one in a mysql query (in php)?
This question already has answers here:
How to avoid duplicates while updating a MySQL database?
(5 answers)
Closed 8 years ago.
I am storing number of check boxes with delete ,add,view options in database,
if you check on that options,it storing some values.But if i click again that will store again and again.
how to avoid this duplicate values
You can set the column containing unique value as UNIQUE or do a condition :
if SELECT Query return this value , don't insert , else insert.
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 9 years ago.
I have a problem with inserting proper data into my DB with php...
I am trying insert some data with this code:
$query1 = "insert into `exercises`(`exercise_name`) values ('".$txtEName."');";
$query2 = "insert into `exercises_type`(`type_name`) values ('".$txtEType."');";
mysqli_query($connnect, $query1);
mysqli_query($connnect, $query2);
all data is russian text... all data is saving into the DB, but, in DB it looks like
so what I am doing wrong?
You can check for correct charset/collation. As this may help you to insert correct data in you table. also you can use character encoding for values your are getting by $_POST.
This link may help you