I'm a little confused here. I want to add 4 values to the db. Exept if the user only add < 4.
DB columns are:
ticket1, ticket2, ticket3, ticket4
There are multiple checkboxes 1-19.
<input class='' id='cbx' value='1' name='check_num[]' type='checkbox'/><label>1</label>
My code is...
if(!empty($_POST['check_num'])) {
foreach($_POST['check_num'] as $key => $value) {
//i just need the ARRAY or something to divide the numbers in peaces to put on the db.
}
} else {
echo "empty";
}
I'd use something like this, but there are plenty of alternatives.
if(!empty($_POST['check_num'])) {
$count = count($_POST['check_num']);
if($count <= 4){
$columns = "";
$values = "";
$i = 1;
while($i <= $count){
$columns .= "ticket".$i.", ";
$params .= "?, ";
$types .= "i";
$i++;
}
$columns = substr($columns, 0, 2);
$params = substr($columns, 0, 2);
$stmt = $mysqli->prepare("INSERT INTO [table_name] (".$columns.") VALUES (".$params.");";);
mysqli_stmt_bind_param($stmt, $types, ...$_POST['check_num']);
mysqli_stmt_execute($stmt);
}
else{
echo "Too many selections";
}
}
else{
echo "empty";
}
I haven't used anything but PDO for prepared in php in several years. Might be my bias but I'd recommend the switch, this seemed more complicated to me. You may need to update the portions using mysqli prepare and bind I haven't tested this code at all, just wrote it in the answer.
I also assumed each column was an integer type, and of course, update to use your table name in the query.
I added the substr() functions to remove trailing ", " from last entry of each, you could also check if $i == $count before those assignments, and use a different assignment set without the trailing ", " inside that if() with the current assignments in the following else. The $i++ would obviously be outside this if()/else.
Related
I need a little help. I have the following code. I wish that when all fields are not completed, not to introduce the empty fields in the database. Just upload the completed them.
for($i = 0; $i <count($_POST)+3; $i++){
mysql_query("INSERT INTO `predare`(`id_factura`,`id_student`, `id_produs`, `cantitate`)
VALUES('".$_POST['id_factura'][$i]."','".$_POST['id_student'][$i]."', '".$_POST['id_produs'][$i]."', '".$_POST['cantitate'][$i]."');");
}
<input class="input-1" name="cantitate[]" id="cantitate" value="">
<input class="input-1" name="id_factura[]" id="id_factura" value="">
<input class="input-1" name="id_student[]" id="id_student" value="">
<input class="input-1" name="id_produs[]" id="id_produs" value="">
Here's how I would suggest doing it. First initialize your SQL string and a separator (for inserting multiple records with one query.)
$sql = "INSERT INTO `predare` (`id_factura`,`id_student`, `id_produs`, `cantitate`) VALUES ";
$separator = '';
Then loop over the submitted rows and append to the SQL string if the rows have all four values.
for ($i = 0; $i < count($_POST['cantitate']); $i++) {
$values = array();
foreach (array('id_factura', 'id_student', 'id_produs', 'cantitate') as $column) {
// only add values to the $values array if something has been entered
// (empty fields will be present as '', which evaluates to false)
if ($_POST[$column][$i]) $values[] = $_POST[$column][$i];
}
if (count($values) == 4) { // only add the values to the SQL if all fields are present
$sql .= "$separator ('" . implode("','", $values) . "')";
$separator = ',';
}
}
Then you can execute the SQL statement to insert all the complete records at once.
If you wanted to include incomplete (but not empty) rows, you could use
if ($values) {... instead of if (count($values) == 4) {...
One benefit to setting it up this way is that it would be easier to convert the code to use a better database extension (such as PDO) with prepared statements instead of concatenating the values into the SQL like this.
You need to go through the $_POST['id_factura'] array and You need to check the values before the insert statement like this:
for($i = 0; $i <count($_POST['id_factura']); $i++){
if(isset($_POST['id_factura'][$i]) && isset($_POST['id_student'][$i]) && isset($_POST['id_produs'][$i]) && isset($_POST['cantitate'][$i])){
mysql_query("INSERT INTO `predare`(`id_factura`,`id_student`, `id_produs`, `cantitate`)
VALUES('".$_POST['id_factura'][$i]."','".$_POST['id_student'][$i]."', '".$_POST['id_produs'][$i]."', '".$_POST['cantitate'][$i]."');");
}
}
Or you can check if the integer values are greater then 0...
I have an array like the following:
tod_house
tod_bung
tod_flat
tod_barnc
tod_farm
tod_small
tod_build
tod_devland
tod_farmland
If any of these have a value, I want to add it to an SQL query, if it doesnt, I ignore it.
Further, if one has a value it needs to be added as an AND and any subsequent ones need to be an OR (but there is no way of telling which is going to be the first to have a value!)
Ive used the following snippet to check on the first value and append the query as needed, but I dont want to copy-and-paste this 9 times; one for each of the items in the array.
$i = 0;
if (isset($_GET['tod_house'])){
if ($i == 0){
$i=1;
$query .= " AND ";
} else {
$query .= " OR ";
}
$query .= "tod_house = 1";
}
Is there a way to loop through the array changing the names so I only have to use this code once (please note that $_GET['tod_house'] on the first line and tod_house on the last line are not the same thing! - the first is the name of the checkbox that passes the value, and the second one is just a string to add to the query)
Solution
The answer is based heavily upon the accepted answer, but I will show exactly what worked in case anyone else stumbles across this question....
I didnt want the answer to be as suggested:
tod_bung = 1 AND (tod_barnc = 1 OR tod_small = 1)
rather I wanted it like:
AND (tod_bung = 1 OR tod_barnc = 1 OR tod_small = 1)
so it could be appended to an existing query. Therefore his answer has been altered to the following:
$qOR = array();
foreach ($list as $var) {
if (isset($_GET[$var])) {
$qOR[] = "$var = 1";
}
}
$qOR = implode(' OR ', $qOR);
$query .= " AND (" .$qOR . ")";
IE there is no need for two different arrays - just loop through as he suggests, if the value is set add it to the new qOR array, then implode with OR statements, surround with parenthesis, and append to the original query.
The only slight issue with this is that if only one item is set, the query looks like:
AND (tod_bung = 1)
There are parenthesis but no OR statements inside. Strictly speaking they arent needed, but im sure it wont alter the workings of it so no worries!!
$list = array('tod_house', 'tod_bung', 'tod_flat', 'tod_barnc', 'tod_farm', 'tod_small', 'tod_build', 'tod_devland', 'tod_farmland');
$qOR = array();
$qAND = array();
foreach ($list as $var) {
if (isset($_GET[$var])) {
if (!empty($qAND)) {
$qOR[] = "$var = 1";
} else {
$qAND[] = "$var = 1";
}
$values[] = $_GET[$var];
}
}
$qOR = implode(' OR ', $qOR);
if ($qOR != '') {
$qOR = '(' . $qOR . ')';
}
$qAND[] = $qOR;
$qAND = implode(' AND ', $qAND);
echo $qAND;
This will output something like tod_bung = 1 AND (tod_barnc = 1 OR tod_small = 1)
As the parameter passed to $_GET is a string, you should build an array of strings containing all the keys above, iterating it and passing the values like if (isset($_GET[$key])) { ...
You could then even take the key for appending to the SQL string.
Their are a lot of ways out their
$list = array('tod_house', 'tod_bung', 'tod_flat', 'tod_barnc', 'tod_farm', 'tod_small', 'tod_build', 'tod_devland', 'tod_farmland');
if($_GET){
$query = "";
foreach ($_GET as $key=>$value){
$query .= (! $query) ? " AND ":" OR ";
if(in_array($key,$list) && $value){
$query .= $key." = '".$value."'";
}
}
}
Sure you have to take care about XSS and SQL injection
If the array elements are tested on the same column you should use IN (...) rather than :
AND ( ... OR ... OR ... )
If the values are 1 or 0 this should do it :
// If you need to get the values.
$values = $_GET;
$tod = array();
foreach($values as $key => $value) {
// if you only want the ones with a key like 'tod_'
// otherwise remove if statement
if(strpos($key, 'tod_') !== FALSE) {
$tod[$key] = $value;
}
}
// If you already have the values.
$tod = array(
'tod_house' => 1,
'tod_bung' => 0,
'tod_flat' => 1,
'tod_barnc' => 0
);
// remove all array elements with a value of 0.
if(($key = array_search(0, $tod)) !== FALSE) {
unset($tod[$key]);
}
// discard values (only keep keys).
$tod = array_keys($tod);
// build query which returns : AND column IN ('tod_house','tod_flat')
$query = "AND column IN ('" . implode("','", $tod) . "')";
I'm trying to write a Top-10 list with categories but it doesn't work in the way i want it to. There's an array with a dynamic number (n) of items and want to loop each item in this array 10 times to write n*10 rows into a MySQL table. ($i also increments the games rank).
If I echo, print_r or var_dump the code it works, but when I try to write it to the MySQL table it doesn't work.
Here's the code:
for ($i = 1; $i <= 10; $i++) {
foreach($titles as $val) {
$query .= "INSERT INTO charts (game_place, game_name, game_preweek, game_developer, game_release, game_link, game_image, game_category, charts_updated) VALUES (".$i.", '', '', '', '', '', '', '".$val."', '".time()."');";
mysql_query($query);
};
};
Does somebody know the answer to my problem?
$query .= "INSERT ....`
You're adding each new query onto the end of the previous query. That's going to produce invalid SQL after the first iteration. You just need to assign the query as:
$query = "INSERT ....`
You should also look at using PDO or mysqli_ instead - this sort of thing is an ideal use for a prepared statement.
$query = "INSERT INTO `charts`` (`game_place`, `game_category`, `charts_updated`) VALUES ";
foreach ($titles as $key => $val){
for ($i=1; $i<=10; $i++){
$query .= "(".$i.", '".$val."', ".time()."),";
}
}
$query = substr($query, 0, -1);//remove last comma
mysql_query($query);
I have this function in my CMS, which inserts a variable list of fields and values into two different tables; one is a static index table and one is dynamic. This is the function:
function insertFields($fields)
{
$stdfields = array();
$extfields = array();
/* Separate the fields based on if the fields is standard or extra. $this->fields is a csv list of the defined extra fields */
foreach($fields as $field => $value)
{
$fields[mysql_real_escape_string($field)] = mysql_real_escape_string($value);
if(strstr($this->fields, $field))
$extfields[$field] = $value;
else
$stdfields[$field] = $value;
}
//Build the 2 queries -- Maybe there is a better way to do this?
$extfieldcount = count($extfields);
$stdfieldcount = count($stdfields);
$stditers = 0;
$extiters = 0;
foreach($extfields as $field => $value)
{
if($extiters != $extfieldcount)
{
$extfields.= $field.", ";
$extvalues.= "'".$value."', ";
}
else
{
$extfields.= $field." ";
$extvalues.= "'".$value."' ";
}
$extiters++;
}
foreach($stdfields as $field => $value)
{
if($stditers != $stdfieldcount)
{
$newfields.= $field.", ";
$newvalues.= "'".$value."', ";
}
else
{
$newfields.= $field." ";
$newvalues.= "'".$value."' ";
}
$stditers++;
}
//Inset the standard fields
$stdquery = "INSERT INTO masteridx (".$newfields.") VALUES (".$newvalues.")";
$this->dbQuery($stdquery);
/* not perfect. I need a better way to find the id that was inserted, so I can combine three queries into at least two */
$findlastquery = "SELECT `id` FROM `masteridx` WHERE `slug`='".$fields['slug']."' LIMIT 1";
$result = $this->dbQuery($findlastquery);
$result = mysql_fetch_assoc($result);
$tempfield = "id, ";
$tempvalue = "'".$result['id']."', ";
//Insert the extra fields
$extquery = "INSERT INTO ".$this->type." (".$tempfield.$extfields.") VALUES (".$tempvalue.$extvalues.")";
$this->dbQuery($extquery);
}
So for a prepared statement, I can't Bind the fields, just the values, right? So I would still have to escape the fields if I did something like:
for ($i = 0; $i <= $stdfieldcount; $i++)
{
if($i < $stdfieldcount)
$qs.= '?, ';
else
$qs.= '? ';
}
$sth = $dbh->prepare("INSERT INTO masteridx ({$stdfields}) VALUES ({$qs})");
$sth->execute($array_of_stdfield_values);
What's the point here if I still have to escape the fields? This function will eventually take an array of multiple articles and their fields. The fields themselves would be different each time, as well.. I figured that when I first looked at prepared statements, I could just hand it an array of fields, and an array of values, but I guess that's not the case.
My question is really, how would you all accomplish this? I would like to start being database agnostic, and PDO looked like a great way to do this.
PHP provides quite a few convenience functions that do a lot of the stuff you're doing by hand.
PDO supports named parameters in your SQL statements, so you can then pass a key/value array where the keys match your named parameter placeholders.
The join() function is very useful for building comma-separated lists.
Many functions exist to manipulate arrays.
Some functions allow you to give a callback (which can be a closure in PHP 5.3), to process arrays dynamically.
Example (not tested):
function insertFields($fields) {
$columns = join(",", array_map(
function($col) { return "`".preg_replace("/`/gu","``",$col)."`"},
array_keys($fields)));
$params = join(",", array_map(
function($col) { return ":".preg_replace("/[`\s]/gu","",$col)},
array_keys($fields)));
$stdquery = "INSERT INTO masteridx ({$columns}) VALUES ({$params})";
$stmt = $pdo->prepare($stdQuery);
$stmt->execute($fields);
}
I have two arrays with anywhere from 1 to 5 set values. I want to insert these values into a table with two columns.
Here's my current query, given to me in another SO question:
INSERT INTO table_name (country, redirect)
VALUES ('$country[1]', '$redirect[1]'),
('$country[2]', '$redirect[2]'),
('$country[3]', '$redirect[3]'),
('$country[4]', '$redirect[4]'),
('$country[5]', '$redirect[5]')
ON DUPLICATE KEY UPDATE redirect=VALUES(redirect)
I'm a little concerned however with what happens if some of these array values aren't set, as I believe the above assumes there's 5 sets of values (10 values in total), which definitely isn't certain. If a value is null/0 does it automatically skip it?
Would something like this work better, would it be a lot more taxing on resources?
for($i = 0, $size = $sizeof($country); $i <= size; $i++) {
$query = "INSERT INTO table_name (country, redirect) VALUES ('$country[$i]', '$redirect[$i]) ON DUPLICATE KEY UPDATE redirect='$redirect[$i]'";
$result = mysql_query($query);
}
Questions highlighted in bold ;). Any answers would be very much appreciated :) :)!!
Do something like this:
$vals = array()
foreach($country as $key => $country_val) {
if (empty($country_val) || empty($redirect[$key])) {
continue;
}
$vals[] = "('" . mysql_real_escape_string($country_val) . "','" . mysql_real_escape_string($redirect[$key]) . "')";
}
$val_string = implode(',', $vals);
$sql = "INSERT INTO .... VALUES $val_string";
That'll built up the values section dynamically, skipping any that aren't set. Note, however, that there is a length limit to mysql query strings, set by the max_allowed_packet setting. If you're building a "huge" query, you'll have to split it into multiple smaller ones if it exceeds this limit.
If you are asking whether php will automatically skip inserting your values into the query if it is null or 0, the answer is no. Why dont you loop through the countries, if they have a matching redirect then include that portion of the insert statement.. something like this: (not tested, just showing an example). It's one query, all values. You can also incorporate some checking or default to null if they do not exist.
$query = "INSERT INTO table_name (country, redirect) VALUES ";
for($i = 0, $size = $sizeof($country); $i <= size; $i++) {
if(array_key_exists($i, $country && array_key_exists($i, $redirect)
if($i + 1 != $size){
$query .= "('".$country[$i]."', '".$redirect[$i]).",";
} else $query .= "('".$country[$i]."', '".$redirect[$i].")";
}
}
$query .= " ON DUPLICATE KEY UPDATE redirect=VALUES(redirect);"
$result = mysql_query($query);