Dynamic insert into with multiple values - php

This is my index.php file and it has a simple form but with jscript I'll add some more inputs dynamically, then I need to insert these inputs to my database.
<form action="insert.php" method="post">
<input type="text" name="uid" placeholder="uid">
<input type="text" name="cid_1" placeholder="cid1">
<input type="text" name="cid_2" placeholder="cid2">
<input type="submit" value="Register" name="submit" />
</form>
I've created insert.php as below. I just needed to type for each inputs but actually inputs will be added dynamically as I said, so I just need to apply while or foreach function I guess but I'm not that sure how to do, hope someone there can help me about this.
One more thing I need, In this case everything is working but it inserts everytime even if some inputs are empty. I could not found anything about this too.
Thank you for your help from now.
<?php
$link = mysqli_connect("localhost", "root", "", "test");
$uid = mysqli_real_escape_string($link, $_POST['uid']);
$cid1 = mysqli_real_escape_string($link, $_POST['cid_1']);
$cid2 = mysqli_real_escape_string($link, $_POST['cid_2']);
$sql = "INSERT INTO table (uid, cid) VALUES ('$uid', '$cid1'), ('$uid', '$cid2')";
mysqli_query($link, $sql)
?>


From your SQL query I understood that under uid, you are storing dynamic "cid" values from input. So you are adding dynamic input fields for "cid".
In order to capture dynamic fields on server, you have to name your input fields as given below which will be posted as an array on server.
<input type="text" name="cid[]" placeholder="cid1">
Next you will loop through that array and save each input data in your table.
Complete code:
HTML
<form action="insert.php" method="post">
<input type="text" name="uid" placeholder="uid">
<input type="text" name="cid[]" placeholder="cid1">
<input type="text" name="cid[]" placeholder="cid2">
<input type="submit" value="Register" name="submit" />
PHP
$mysqli = new mysqli('localhost','usename','password','table');
$uid = $mysqli->real_escape_string($_POST['uid']);
if($uid !== ''){
if(isset($_POST["cid"]) && is_array($_POST["cid"])){
foreach ($_POST["cid"] as $key => $value) {
$value = $mysqli->real_escape_string($value);
if($value !== ''){
// insert into table
$insert_row = $mysqli->query("INSERT INTO test ( uid, cid ) VALUES( '$uid', '$value' )");
}
else{
echo ($key+1)." no cid field is empty";
break;
}
}
}
}
else
echo "uid is empty";

Related

PHP - Add form input into database

I'm trying to add revived form input into database.
<form action="index.php" method="post">
<input type="text" name="firstname" id="firstname">
<br>
<input type="text" name="lastname" id="lastname">
<br>
<input type="submit" name="submit" value="Submit">
if(isset($_POST['submit'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$query = "INSERT INTO users (firstname, lastname) VALUES ($firstname, $lastname)";
if($conn->query($query) === true) {
echo "added";
}else {
echo $con->error;
}
Example : Firstname = Jason / Lastname = Haw
After clicking on submit button, i see error message : Unknown column 'Jason' in 'field list'
Where is the wrong thing to do?

$query = "INSERT INTO users (firstname, lastname) VALUES ('$firstname', '$lastname')";
put single quote for $firstname.
but this is not a proper approach, you should use prepared statement.
your query is risk of sql injection, because no escaping the input.

If clause does not give update only works insertion. Why update is not working?

I want to update and insert conditionally but query always goes "Insert" data. No "update" anyway. My code is below:
<form method="post" action="">
<label>ID: </label> <input type="text" name="id">
<label>Subject: </label> <input type="text" name="subject">
<input type="submit" name="submit">
</form>
<?php
$conn = new mysqli("localhost", "root", "", "zidm");
$id=$_POST['id'];
$subject=$_POST['subject'];
if (isset($_POST['submit'])){
$sql = "UPDATE exam SET subject = '$subject' WHERE id = '$id'";
mysqli_query($conn,$sql);
echo "Data Updated";
}
else {
$sql="INSERT INTO exam (subject) VALUES ( '$subject)";
mysqli_query($conn,$sql);
echo "Data Inserted";
}
?>

The issue is that you are checking for form submission but also have an else statement which will always fire on page load. You need to wrap your entire logic in the form submission check and then check for the id parameter.
// Form was submitted
if (isset($_POST['submit'])) {
if (!empty($_POST['id'])) {
// Update
} else {
// Insert
}
}

Form submission not working properly from wordpress page

I am trying to make an insert form directly inside wordpress post, the code is working partly fine i.e. it is adding blank row in "test" table in "webdatabase" with every submission but not adding any value in name and rollno column, it is also not displaying any error.
Please help so that value submitted through form can be inserted in to "test" table, thanks in advance.
My form with php code is as under:
<form action="http://localhost/wordpress" method="POST">
Name:<br><input type="text" name="name" value=""><br>
Roll No:<br><input type="text" name="rollno" value=""><br><br>
<input type="submit" value="Submit">
</form>
<?php
$testname = $_POST['name'];
$testrollno = $_POST['rollno'];
$conn = new mysqli("localhost","root", "","webdatabase");
$sql = "INSERT INTO test (name,rollno) VALUES (' " . $testname . " ', '" . $testrollno . "')";
mysqli_query($conn, $sql);
$conn->close();
?>
My table structure in mysql database is shown as under:
Column Type
ID int(15)
name varchar(20)
rollno varchar(20)

You can use the “isset” function on any variable to determine if it has been set or not. You can use this function on the $_POST array to determine if the variable was posted or not. This is often applied to the submit button value, so
The HTML will be;
<form action="http://localhost/wordpress" method="POST">
Name:<br><input type="text" name="name" value=""><br>
Roll No:<br><input type="text" name="rollno" value=""><br><br>
<input type="submit" name="action" value="Submit">
</form>
and PHP will be;
<?php
if (isset($_POST['action'])) {
$testname = mysqli_real_escape_string($_POST['name']);
$testrollno = mysqli_real_escape_string($_POST['rollno']);
$conn = new mysqli("localhost","root", "","webdatabase");
$sql = "INSERT INTO test (name,rollno) VALUES (' " . $testname . " ', '" . $testrollno . "')";
mysqli_query($conn, $sql);
$conn->close();
}
?>

Since you are using WordPress, you should use the WordPress DB API. https://codex.wordpress.org/Class_Reference/wpdb
Complete code:
<form action="http://localhost/wordpress" method="POST">
Name:<br /><input type="text" name="name" value=""><br />
Roll No:<br /><input type="text" name="rollno" value="" /><br /><br />
<input type="submit" value="Submit">
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$wpdb->insert('test', array('name' => $_POST['name'], 'rollno' => $_POST['rollno']));
}
Note: above code is untested

Php form submission-Error

<?php
include ("db.php");
if (isset($_POST['register'])) {
echo $name = ($_POST["name"]);
echo $email = ($_POST["email"]);
echo $uname = ($_POST["uname"]);
echo $password = ($_POST["pass"]);
$result = mysql_query($con,'SELECT * from company_profile where user_name = "'.$uname.'" or email = "'.$email.'"');
if(mysql_num_rows($result) > 0){
echo "Username or email already exists.";
}else{
$query = mysql_query($con,"INSERT INTO company_profile(user_name, password, company_name, email, phone, country, activation_string) VALUES ('$uname','$password','$name','$email','','','')");
if($query){
echo "data are inserted succesfully.";
}else{
echo "failed to insert data.";
}
}
}
?>
HTML form
<form action="register.php" method="post" id="reg" onsubmit='return validate();'>
Company Name:
<input type="text" class="inputs" name="name" id="name" /><br />
Email:
<input type="text" class="inputs" name="email" id="txtEmail" /><br />
User name:
<input type="text" class="inputs" name="uname" id="uname"/><br />
Password:
<input type="password" class="inputs" name="pass" id="pass1"/><br />
Conferm Password:
<input type="password" class="inputs" name="cpass" id="pass2"/><br /><br />
<input type="submit" value="Register" class="button" />
</form>
Trying to check whether username or email exist in database if yes alert user if no insert values to db. The code doesn't work for me. no error no echo no insertion. any solution?

You have no field with name register
Regarding this
if (isset($_POST['register'])) {
It will never evaluate to true.
<input type="submit" value="Register" class="button" />
needs name attribute name="register"
In addition:
http://php.net/mysql_query
You have wrong order of arguments. However, using mysql_* is highly NOT encouraged. It is an obsolette database API with a lot of vulnerabilities. Switch to mysqli or PDO instead

your first check isset($_POST['register']) is always false because there is no input in your form with the name="register"
and also you chould fix your query , $con should be the second parametre.
and keep in mind that your code is highly vulnerable don't publish this on a server except of your localhost

Try this:-
$result = mysql_query('SELECT * from company_profile where user_name = "'.$uname.'" or email = "'.$email.'"',$con);
mysql_query

as you are using mysql_query, the link identifier should be second paramater
$result = mysql_query('SELECT * from company_profile where user_name = "'.$uname.'" or email = "'.$email.'"', $con);

You are over complicating yourself...
First of all, to check the user, just do this when form submits:
var_dump(mysql_num_rows(mysql_query("select bla bla where username=`{$_GET['username']}`")));
//by bla bla i mean primary key, don't select *, affects performance.
Also, please see this, you have an error in your syntax... take a look at the right parameters for mysql_query
http://ro1.php.net/mysql_query
After you set your queries and do the above test and figure out if its good or not, you can cut the 3-4 lines you have above in 1 if line like this
if(mysql_num_rows(mysql_query("select bla bla where username=`{$_GET['username']}`"))) { //code here
}

Try Without $con in INSERT query
$query = mysql_query("INSERT INTO company_profile
(
user_name, password,
company_name, email,
phone, country,
activation_string
)
VALUES
(
'$uname', '$password',
'$name', '$email',
'', '',
''
)");

You need to specify the name to your input field and check for that:-
<input type="submit" name="register" value="register">
OR
<button type="submit" name="register">Register</buton>

Multiple form sign up not working

I have a sign up process which involves two forms being submitted. The problem is with the first form not being submitted. Also, I need a way to relate the two forms as information from both is inserted into the same table row, I think this can be done by taking the previous table row id.
It is supposed to work like this: First a user must search for an item in the search bar. Matches are then displayed with radio buttons next to each one and a submit button at the bottom. When submitted, the form data (which is the result of the search that they checked with the radio) goes into the database table 'users'. The 'users' table contains a row for id, username, password and radio.
The radio option is submitted into radio. This also creates an id, which is auto incremented. That is the first form. Once the radio option is picked and the data is in a table row, the user must fill out the second form which asks for an email and a password, which is submitted into the same row that the radio option is in.
When I go through this process, the email (referred to as username in table) and password appear in the table along with the id, but the radio is always blank. Not sure why the radio option is not being submitted. Also not sure if i need a way to relate the forms. I am a beginner at this so, please try to make answers understandable. Thanks in advance, heres the code:
<?php
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('The email '.$_POST['username'].' is already in use.');
}
// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password, radio)
VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['radio']."')";
$add_member = mysql_query($insert);
?>
<h2><font color="red">Registered</font></h2>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>
<font color = #000000><h1>Sign Up</h1></font>
<?php
// Search Engine
// Only execute when button is pressed
if (isset($_POST['keyword'])) {
// Filter
$keyword = trim ($_POST['keyword']);
// Select statement
$search = "SELECT * FROM tbl_name WHERE cause_name LIKE '%$keyword%'";
// Display
$result = mysql_query($search) or die('That query returned no results');
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<?php
while($result_arr = mysql_fetch_array( $result ))
{
?>
// Radio button
<input type="radio" name="radio">
<?php
echo $result_arr['cause_name'];
echo " ";
echo "<br>";
}
?>
<input type="submit" name="radio_submit" value="Select Item">
</form>
<?php
$anymatches=mysql_num_rows($result);
if ($anymatches == 0)
{
echo "We don't seem to have that cause. You may add a cause by filling out a short <a href='add.php'>form</a>.<br><br>";
}
}
?>
<!--Sign Up Form-->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="sign_up_form">
<input type="text" name="keyword" placeholder="Search" onFocus="this.select();" onMouseUp="return false;">
<input type="submit" name="search" value="Search">
<br />
<br />
<input type="email" name="username" maxlength="250" placeholder="Your email" onFocus="this.select();" onMouseUp="return false;">
<input type="password" name="pass" maxlength="50" placeholder="Password" onFocus="this.select();" onMouseUp="return false;">
<input type="password" name="pass2" maxlength="50" placeholder="Re-type Password" onFocus="this.select();" onMouseUp="return false;">
<br />
<input type="submit" name="submit" value="Sign Up">
</form>
<?php
}
?>

Modify your code like this
<input type="radio" name="radio" value="<?php echo $result_arr['cause_name']; ?>" >
and then submit it you should get the value
update the below query as well
<?php
echo $insert = "INSERT INTO users (username, password, radio) VALUES ('$_POST[username]', '$_POST[pass]', '$_REQUEST[radio]')";
$add_member = mysql_query($insert);
?>
change the below code
//This code runs if the form has been submitted
if (isset($_POST['radio_submit'])) {
/////
<?php
if (isset($_REQUEST['submit']))
{
$radio = $_REQUEST['radio'];
$insert = mysql_query("INSERT INTO users (radio) VALUE ('$radio')");
if (!$insert)
{
echo mysql_error();
}
}
?>
<form action="" method="get">
<input type="radio" name="radio" value="red">red
<input type="radio" name="radio" value="blue">blue
<input type="submit" name="submit" />
</form>

Categories