I have a form with 2 sections, each of which starts out with one row and to which further rows can be added using a script. You can see the form on the bottom of this page.
The form uses default values and I am looking for a way of not submitting rows that contain default values (to both MySQL database and via email). Because people may only complete one row (i.e. at Waged or Unwaged rate), often I will only want one row of information to be submitted. The current code for the form is below.
Thanks for any help in advance,
Nick
HTML:
<form method="post" name="booking" action="bookingengine.php">
<fieldset>
<h2>Waged/Organisation Rate</h2>
<p>
<input type="text" name="name[]">
<input type="text" name="email[]">
<input type="text" name="organisation[]">
<input type="text" name="position[]">
</p>
<p><span class="add">Add person</span></p>
</fieldset>
<fieldset>
<h2>Unwaged Rate</h2>
<p>
<input type="text" name="name2[]">
<input type="text" name="email2[]">
</p>
<p><span class="add">Add person</span></p>
</fieldset>
<p><input type="submit" name="submit" id="submit" value="Submit and proceed to payment page" class="submit-button" /></p>
</form>
Script:
<script>
$(function() {
var defaults = {
'name[]': 'Name',
'name2[]': 'Name',
'email[]': 'Email',
'email2[]': 'Email',
'organisation[]': 'Organisation',
'position[]': 'Position'
};
// separating set and remove
// note that you could add "defaults" as an arg if you had different
// defaults for different fieldsets
var setDefaults = function(inputElements) {
$(inputElements).each(function() {
var d = defaults[this.name];
if (d) {
// set with jQuery
// we don't need the data - just check on the class
$(this).val(d)
.addClass('default_value');
}
});
};
var removeDefaults = function(inputElements) {
$(inputElements).each(function() {
if ($(this).hasClass('default_value')) {
$(this).val('')
.removeClass('default_value');
}
});
};
setDefaults(jQuery('form[name=booking] input'));
$("span.add").click(function() {
// get the correct fieldset based on the current element
var $fieldset = $(this).closest('fieldset');
var $inputset = $('p', $fieldset)
.first()
.clone()
.insertBefore($('p', $fieldset).last());
// add a remove button
$inputset.append('<span class="remove">Remove</span>');
setDefaults($('input', $inputset));
// return false; (only needed if this is a link)
});
// use delegate here to avoid adding new
// handlers for new elements
$('fieldset').delegate("span.remove", {
'click': function() {
$(this).parent().remove();
}
});
// Toggles
$('form[name=booking]').delegate('input', {
'focus': function() {
removeDefaults($(this));
},
'blur': function() {
// switch to using .val() for consistency
if (!$(this).val()) setDefaults(this);
}
});
});
</script>
PHP:
<?php
$emailFrom = "****";
$emailTo = "****";
$subject = "****";
$body = "****" . "\n\n";
$row_count = count($_POST['name']);
$row_count2 = count($_POST['name2']);
$values = array();
for($i = 0; $i < $row_count; $i++) {
// variable sanitation...
$name = trim(stripslashes($_POST['name'][$i]));
$email = trim(stripslashes($_POST['email'][$i]));
$organisation = trim(stripslashes($_POST['organisation'][$i]));
$position = trim(stripslashes($_POST['position'][$i]));
// this assumes name, email, and telephone are required & present in each element
// otherwise you will have spurious line breaks.
$body .= "Name: " . $name . " Email: " . $email . " Organisation: " . $organisation . " Position: " . $position . "\n\n";
//prepare the values for MySQL
$values[] = '(\'' . $name . '\',\'' . $email . '\',\'' . $organisation . '\',\'' . $position . '\')';
}
mysql_select_db($database, $connection);
$query1 = "INSERT INTO conference (Name, Email, Organisation, Position) VALUES " . implode(',', $values);
$result1 = mysql_query($query1);
if (!$result1) {
die('Invalid query: ' . mysql_error());
}
$body .= "****" . "\n\n";
$values = array();
for($i = 0; $i < $row_count; $i++) {
// variable sanitation...
$name = trim(stripslashes($_POST['name2'][$i]));
$email = trim(stripslashes($_POST['email2'][$i]));
// this assumes name, email, and telephone are required & present in each element
// otherwise you will have spurious line breaks.
$body .= "Name: " . $name . " Email: " . $email . "\n\n";
//prepare the values for MySQL
$values2[] = '(\'' . $name . '\',\'' . $email . '\')';
}
$query2 = "INSERT INTO conference (Name, Email) VALUES " . implode(',', $values2);
$result2 = mysql_query($query2);
if (!$result2) {
die('Invalid query: ' . mysql_error());
}
// send email
$success = mail($emailTo, $subject, $body, "From: <$emailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=/conference/payment.html\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
I would use an IF statement in PHP assuming any validation you have has returned no errors.
For example
// SET VARIABLES
$name2 = $_POST['name2'];
// SET CORRECT VALUES
if($name2 == "Surname") { $name2 = ""; }
// RUN DB FUNCTIONS
I would do this for each default value allowing me to insert just what I need or want from the default values and remove or change the rest. It also means user data remains in tact.
I hope this helps you get on the right track :)
Related
I am trying to send email of which one of the data is from database, i tried to look on some post here in stack-overflow but they were different;
I tried to send without the data from the database and it works fine,but after adding database fetch its not working
<?php
include 'include/connect.php';
if (isset($_POST['book2'])) {
$id = mysqli_real_escape_string($conn, $_GET['id']);
$sql = "SELECT room_price FROM room_details WHERE id='$id';";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$room_price = $row['room_price'];
$email = $_POST['email'];
$room_type = $_POST['room_type'];
$checkin = $_POST['checkin'];
$checkout = $_POST['checkout'];
$adults = $_POST['adults'];
$children = $_POST['children'];
$mailTo = "booking#johndoexxx.com";
$headers = "Guest sent e-mail from: " . $email;
$txt = "New booking received, room for " . $adults . " adults and " . $children . " child / children, reservation starts on " . $checkin . " up to " . $checkout . " whereby " . $room_type . " room is selected, Please respond to the sender!";
$heading = "New Booking!";
mail($mailTo, $heading, $headers, $txt);
header("Location: index.php?bookingsent");
}
}
} else {
echo "Booking failed to process!, observe your inputs carefully!";
}
?>
was expecting it will fetch data from form and will send the data into the targeted email.
I'm currently working on a bit of PHP and I've 3 text inputs. The values are searched in the MySQL database and should return whatever amount of results correspond with the entered criteria.
here is the search form:
<form id='SearchPersonal' method='post' action='businessUsersSearch.php' accept-charset='UTF-8'>
<fieldset >
<legend>Search</legend>
<div class='container'>
<label for='C_Name' >Business Name: </label><br/>
<input type='text' name='C_Name' id='C_Name' maxlength="50" /><br/>
<label for='C_County' >City: </label><br/>
<input type='text' name='C_County' id='C_County' maxlength="50" /><br/>
<label for='Job_Type' >Job Type: </label><br/>
<input type='text' name='Job_Type' id='Job_Type' maxlength="50" /><br/>
</div>
<div class='container'>
<input type='submit' name='Submit' value='Search' />
</div>
</fieldset>
</form>
Here is the PHP script it links too in the action:
<?php
$mysqli_link = mysqli_connect("server", "database", "pass", "user");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])) {
// define the list of fields
$fields = array('C_Name', 'C_County', 'Job_Type');
$conditions = array();
// loop through the defined fields
foreach($fields as $field){
// if the field is set and not empty
if(isset($_POST[$field]) && $_POST[$field] != '') {
// create a new condition while escaping the value inputed by the user (SQL Injection)
$conditions[] = "'$field' LIKE '%" . mysqli_real_escape_string($mysqli_link, $_POST[$field]) . "%'";
}
}
// builds the query
$query = "SELECT C_Name, C_StreetNumber, C_StreetName, C_Postcode, C_County, C_Tele, C_Website, Contact_Forename, Contact_Surname, Contact_Email, Jobs.Job_Type, Jobs.Job_Price FROM Company INNER JOIN Jobs ON Company.Company_ID = Jobs.Company_ID";
// if there are conditions defined
if(count($conditions) > 0) {
// append the conditions
$query .= " WHERE " . implode (' AND ', $conditions); // you can change to 'OR', but I suggest to apply the filters cumulative
}
$result = mysqli_query($mysqli_link, $query) or die(mysql_error());
mysqli_close($mysqli_link);
if(isset($_POST['submit'])) {
while($row = mysqli_fetch_assoc($result)) {
$C_Name = $row['C_Name'];
$C_StreetNumber = $row['C_StreetNumber'];
$C_StreetName = $row['C_StreetName'];
$C_Postcode = $row['C_Postcode'];
$C_County = $row['C_County'];
$C_Tele = $row['C_Tele'];
$C_Website = $row['C_Website'];
$Contact_Forename = $row['Contact_Forename'];
$Contact_Surname = $row['Contact_Surname'];
$Contact_Email = $row['Contact_Email'];
$Job_Type = $row['Job_Type'];
$Job_Price = $row['Job_Price'];
echo "<b>Name: $C_Name</b><br>Street Number: $C_StreetNumber<br>Street Name: $C_StreetName<br>Postcode: $C_Postcode<br>County: $C_County<br>Telephone: $C_Tele<br>Website: $C_Website<br>Contact Name: $Contact_Forename $Contact_Surname<br>Email: $Contact_Email<br>Job Type: $Job_Type<br>Job Price: $Job_Price<hr><br>";
}
}
}
?>
For some reason it is returning that there is "
unexpected end of file
" however I've checked the code and all the codes is closed off correctly (from what I can see) when I add another '}' in at the end the script doesn't return anything at all. Anyone know why this would be happening?
Source:
Search MySQL Database with Multiple Fields in a Form
Because you forget to close
if(isset($_POST['submit'])) {// you not close the condition
At the end of your file
Just add } at end of your file
Fixed:
if(isset($_POST['submit'])) {
// define the list of fields
$fields = array('C_Name', 'C_City', 'Job_Type', 'Review_Rate');
$conditions = array();
}
// builds the query
$query = "SELECT Company.C_Name, Company.C_StreetNumber, C_StreetName, C_Postcode, C_City, C_County, C_Tele, C_Website, Contact_Forename, Contact_Surname, Contact_Email, Job_Type, Job_Price, Review_Rate, Review_Comment
FROM Company
INNER JOIN Jobs ON Company.Company_ID = Jobs.Company_ID
INNER JOIN Review ON Jobs.Job_ID = Review.Job_ID";
// loop through the defined fields
foreach($fields as $field){
// if the field is set and not empty
if(isset($_POST[$field]) && !empty($_POST[$field])) {
// create a new condition while escaping the value inputed by the user (SQL Injection)
$conditions[] = "$field LIKE '%" . mysqli_real_escape_string($mysqli_link, $_POST[$field]) . "%'";
}
}
// if there are conditions defined
if(count($conditions) > 0) {
// append the conditions
$query .= " WHERE " . implode (' AND ', $conditions); // you can change to 'OR', but I suggest to apply the filters cumulative
}
echo "$query";
$result = mysqli_query($mysqli_link, $query);
mysqli_close($mysqli_link);
if(isset($_POST['submit'])) {
while($row = mysqli_fetch_array($result)) {
$C_Name = $row['C_Name'];
$C_StreetNumber = $row['C_StreetNumber'];
$C_StreetName = $row['C_StreetName'];
$C_Postcode = $row['C_Postcode'];
$C_City = $row['C_City'];
$C_County = $row['C_County'];
$C_Tele = $row['C_Tele'];
$C_Website = $row['C_Website'];
$Contact_Forename = $row['Contact_Forename'];
$Contact_Surname = $row['Contact_Surname'];
$Contact_Email = $row['Contact_Email'];
$Job_Type = $row['Job_Type'];
$Job_Price = $row['Job_Price'];
$Rating = $row['Review_Rate'];
$Comment = $row['Review_Comment'];
echo "<b>Name: $C_Name</b><br>Street Number: $C_StreetNumber<br>Street Name: $C_StreetName<br>City: $C_City<br>Postcode: $C_Postcode<br>County: $C_County<br>Telephone: $C_Tele<br>Website: $C_Website<br>Contact Name: $Contact_Forename $Contact_Surname<br>Email: $Contact_Email<br>Job Type: $Job_Type<br>Job Price: $Job_Price<br>Rating: $Rating<br>Comment: $Comment<hr><br>";
}
}
?>
I'm learning PHP and I am now on creating an all in one web form that adds a new subscriber record to the subscribers table in the newsletter database. This is my first time on this site, so excuse any n00biness.
The comments explain the portion of code which determines whether the form will be processed. I'm not sure if it needs to go inside the if..else statement that validates the submitted form data, or if it goes after the validation in its own if..else.
When I put it inside the validation, the html form shows, but when I hit submit, all the info refreshes and nothing happens.
When I put it after the validation, the html form does not show, I get an error saying undefined variable: FormErrorCount. It then tells gives me the id number I'm supposed to get, but I did not enter a name or email (due to the html form not showing) and that is left blank.
There is an include file, but that is just fine.
I'm sure once this gets figured out, I will have the feeling to want to slap myself, but I have been staring at the screen way too long. Thank you
<?php
$ShowForm = FALSE;
$SubscriberName = "";
$SubscriberEmail = "";
if (isset($_POST['submit'])) {
$FormErrorCount = 0;
if (isset($_POST['SubName'])) {
$SubscriberName = stripslashes($_POST['SubName']);
$SubscriberName = trim($SubscriberName);
if (strlen($SubscriberName) == 0) {
echo "<p>You must include your name</p>\n";
++$FormErrorCount;
}
}else{
echo "<p>Form submittal error (No 'SubName' field)!</p>\n";
++$FormErrorCount;
}
if (isset($_POST['SubEmail'])) {
$SubscriberEmail = stripslashes($_POST['SubEmail']);
$SubscriberEmail = trim($SubscriberEmail);
if (strlen($SubscriberEmail == 0)) {
echo "<p>You must include your email address!</p>\n";
++$FormErrorCount;
}
}else{
echo "<p>Form submittal error (No 'SubEmail' field)!</p>\n";
++$FormErrorCount;
}
//CODE BELOW IS THE SAME AS THE COMMENTED OUT CODE TOWARDS THE END. NOT SURE WHERE IT GOES.
if ($FormErrorCount == 0) {
$ShowForm = FALSE;
include("inc_db_newsletter.php");
if ($DBConnect !== FALSE) {
$TableName = "subscribers";
$SubscriberDate = date("Y-m-d");
$SQLstring = "INSERT INTO $TableName " .
" (name, email, subscribe_date) " .
" VALUES('$SubscriberName', '$SubscriberEmail', '$SubscriberDate')";
$QueryResult = #mysql_query($SQLstring, $DBConnect);
if ($QueryResult === FALSE) {
echo "<p>Unable to insert the values into the subscriber table.</p>" .
"<p>Error code " . mysql_errno($DBConnect) . ": " .
mysql_error($DBConnect) . "</p>";
}else{
$SubscriberID = mysql_insert_id($DBConnect);
echo "<p>" . htmlentities($SubscriberName) . ", you are now subscribed to our
newsletter.<br />";
echo "Your subscriber ID is $SubscriberID.<br />";
echo "Your email address is " . htmlentities($SubscriberEmail) . ".</p>";
}
mysql_close($DBConnect);
}
}else{
$ShowForm = TRUE;
}
//CODE ABOVE IS THE SAME AS THE COMMENTED OUT CODE TOWARDS THE END. NOT SURE WHERE IT GOES.
}else{
$ShowForm = TRUE;
}
/* CODE BELOW IS SAME AS THE CODE BETWEEN THE COMMENTS ABOVE, BUT NOT SURE WHERE IT BELONGS
if ($FormErrorCount == 0) {
$ShowForm = FALSE;
include("inc_db_newsletter.php");
if ($DBConnect !== FALSE) {
$TableName = "subscribers";
$SubscriberDate = date("Y-m-d");
$SQLstring = "INSERT INTO $TableName (name, email, subscribe_date) " .
"VALUES ('$SubscriberName', '$SubscriberEmail', '$SubscriberDate')";
$QueryResult = #mysql_query($SQLstring, $DBConnect);
if ($QueryResult === FALSE) {
echo "<p>Unable to insert the values into the subscriber table.</p>" .
"<p>Error code " . mysql_errno($DBConnect) . ": " .
mysql_error($DBConnect) . "</p>";
}else{
$SubscriberID = mysql_insert_id($DBConnect);
echo "<p>" . htmlentities($SubscriberName) . ", you are now subscribed to our
newsletter.<br />";
echo "Your subscriber ID is $SubscriberID.<br />";
echo "Your email address is " . htmlentities($SubscriberEmail) . ".</p>";
}
mysql_close($DBConnect);
}
}else{
$ShowForm = TRUE;
}
*/CODE ABOVE IS SAME AS THE CODE BETWEEN THE COMMENTS ABOVE SECTION, BUT NOT SURE WHERE IT BELONGS
//HTML PORTION
if ($ShowForm) {
?>
<form action = "NewsletterSubscribe.php" method = "POST">
<p><strong>Your Name: </strong>
<input type = "text" name = "SubName" value = "<?php echo $SubscriberName; ?>" /></p>
<p><strong>Your Email Address: </strong>
<input type = "text" name = "SubEmail" value = "<?php echo $SubscriberEmail; ?>" /></p>
<p><input type = "Submit" name = "Submit" value = "Submit" /></p>
</form>
<?php
}
?>
Your code, ignoring for now the ShowForm part at the end, is structured like this:
if this is a submit {
validate the form data
if there are no errors {
save the form data
}
}
This looks reasonable. Maybe your form isn't being submitted as a POST? Check your <form action> and also use Firebug to make sure the form data is being submitted.
If you were to move the error check, you would have:
if this is a submit {
validate the form data
}
if there are no errors {
save the form data
}
And that's wrong because if the form were not being submitted, then you'd have no errors (hence the "undefined variable" error) and then it would attempt to save the nonexistent form data.
I'm trying to create a PHP forum page uses sessions. Every time I try to post a comment I keep getting the same error, not sure where I'm going wrong with this
Here's my code for the form:
session_start();
if(!isset($_SESSION['user_id'])){
require('login_tools.php');
load();
}
$page_title = 'Post Message';
include('includes/header.html');
echo "<h1>Home</h1>
<p>You are now logged in, {$_SESSION['first_name']}
{$_SESSION['last_name']}
</p>";
echo '<form action = "post_action.php" method = "POST" accept-charset = "utf-8">
<p>Subject:<br/>
<input name = "subject" type = "text" size = "64"</p>`
<p>Message:<br/>
<textarea name = "message" rows = "5" cols = "50">
</textarea></p>
<p><input type = "submit" value = "Submit"></p>
</form>';
Here's the code for the post action:
session_start();
require('login_tools.php');
if(!isset($_SESSION['user_id'])){
load();
}
$page_title = 'Post Error';
include('includes/header.html');
echo '<div id = "content">';
if($_SERVER['REQUEST_METHOD']=='POST'){
if(empty($_POST["subject"])){
echo '<p class = "main">Please enter a subject for this post</p>';
}
if(empty($_POST["message"])){
echo '<p class = "main">Please enter a message for this
post';
}
if(!empty($_POST['subject']) && !empty($_POST['message'])){
require('../connect_db.php');
$q = "INSERT INTO forum
(first_name,last_name,subject,messsage,post_date)
VALUES(
'{$_SESSION[first_name]}',
'{$_SESSION[last_name]}',
'{$_POST[subject]}',
'{$_POST[message]}',
NOW())";
$r = mysqli_query($dbc,$q);
if(mysqli_affected_rows($dbc)!=1){
echo '<p>Error</p>'.mysqli_error($dbc);
}
else{
load('forum.php');
}
mysqli_close($dbc);
}
}
There is a spelling mistake
$q = "INSERT INTO forum
(first_name,last_name,subject,messsage,post_date)
It should be message
The PHP statement which generates the SQL is missing quote marks around the member names of $_SESSION.
I would write
$q = "INSERT INTO forum
(first_name,last_name,subject,messsage,post_date)
VALUES('" .
$_SESSION['first_name'] . "','" .
$_SESSION['last_name'] . "','" .
$_POST['subject'] . "','" .
$_POST['message'] . "'," .
"NOW())";
First off, i have checked to make sure that the const.php is in the directory where the page is.
I am creating a page that would allow admin to add multiple entries to a MySQL table through the website. It uses a JavaScript to expand the array of textbox input fields so that an admin does not have to enter any more entries than he/she has to. But if the entry the admin is trying to add is already there, then it won't be added. After the code is run the user is told which entries were added to the table and which entries were not added because there was already such an entry.
Here is the form which passes input arrays to the PHP code.
form id=userform action="addplayers.php" method="post" >
<legend>Player Info</legend>
<ol>
<div id="dynamicInput">
<li>
<label for=player>Player</label>
<input id=player type="text" name="player[]">
</li>
<li>
<label for=team>Team</label>
<input id=team type="text" name="team[]">
</li>
<li>
<label for=path>Player page path</label>
<input id=path type="text" name="path[]">
</li>
<li>
<label for=image>Player image path</label>
<input id=image type="text" name="image[]">
</li>
<br/>
</div>
</ol>
<input type="button" value="ADD ANOTHER PLAYER" onClick="addInput();">
<button type=submit name=submit> Submit </button>
</form>
Here the javascript code dynamically creates textbox input fields which expands the input array.
<script language="Javascript" type="text/javascript">
function addInput(){
var newdiv = document.createElement('div');
newdiv.innerHTML = "<li><label for=player>Player</label><input id=player type='text' name='player[]'></li>";
document.getElementById('dynamicInput').appendChild(newdiv);
var newdiv = document.createElement('div');
newdiv.innerHTML = "<li><label for=team>Team</label><input id=team type='text' name='team[]'></li>";
document.getElementById('dynamicInput').appendChild(newdiv);
var newdiv = document.createElement('div');
newdiv.innerHTML = "<li><label for=path>Player page path</label><input id=path type='text' name='path[]'></li>";
document.getElementById('dynamicInput').appendChild(newdiv);
var newdiv = document.createElement('div');
newdiv.innerHTML = "<li><label for=image>Player image path</label><input id=image type='text' name='image[]'></li><br/>";
document.getElementById('dynamicInput').appendChild(newdiv);
}
</script>
Here is the php code that form posts to.
include "const.php";
$entry_results = "";
if( isset($_POST['submit']) )
{
$conn = mysql_connect(MYSQL_HOST, MYSQL_LOGIN, MYSQL_PASSWORD) or die("Could not connect: " . mysql_error());
mysql_select_db(MYSQL_DB);
$player = $_POST['player'];
$team = $_POST['team'];
$path = $_POST['path'];
$image = $_POST['image'];
$invalid = array();
$valid = array();
$j = 0;
$k = 0;
for($i=0; $i<count($player);$i++)
{
//Check to see if player is in the database
$query = "Select name FROM tblPlayers where name = '" . $player[i] ."'";
$result = mysql_query($query);
if(!empty($result))//if query gives a result add player to list of invalid entries
{
$invalid[$j++] = $player[$i];
}
else//otherwise add to database
{
$valid[$k++] = $player[$i];
if(empty($image[$i]))
{$image[$i] = '#';}
if(empty($path[$i]))
{$path[$i] = '#';}
$query = "SELECT entity_id FROM tblTeams WHERE team = '" . $team[$i] . "'";
$result = mysql_query($query);
$query = "INSERT INTO tblPlayers ( team_id, name, image, path) VALUES (
'" . $result . "',
'" . $player[$i] . "',
'" . $image[$i] . "',
'" . $path[$i] . "'
)";
$result = mysql_query($query);
}
}
if(!empty($invalid[0]))
{
for($i=0;$i<count($invalid);$i++){
$entry_results .= $invalid[$i];
if(($i+1)!=count($invalid))
$entry_results .= ', ';
}
$entry_results .= "were found in the database and were not enterered to prevent duplicant record. ";
}
if(!empty($valid[0]))
{
for($i=0;$i<count($valid);$i++){
$entry_results .= $invalid[$i];
if(($i+1)!=count($valid))
$entry_results .= ', ';
}
$entry_results .= "were entered into the players table.";
}
mysql_close($conn);
}
?>
This separate line of PHP code tells admin the result of the entry.
<?php
if( !empty($entry_results) )
{
echo "<h3>$register_message</h3><br />\n";
}
?>
You are not handling result sets properly. Take a look at this bit of code:
$query = "SELECT entity_id FROM tblTeams WHERE team = '" . $team[$i] . "'";
$result = mysql_query($query);
$query = "INSERT INTO tblPlayers ( team_id, name, image, path) VALUES (
'" . $result . "',
'" . $player[$i] . "',
'" . $image[$i] . "',
'" . $path[$i] . "'
)";
After the first query, $result will be a result resource, not the value of the "entity_id" column. That code should be rewritten as:
$query = "SELECT entity_id FROM tblTeams WHERE team = '" . $team[$i] . "'";
$result = mysql_query($query);
if ($row = mysql_fetch_assoc($result)) {
$query = "INSERT INTO tblPlayers ( team_id, name, image, path) VALUES (
'" . $row['entity_id'] . "',
'" . mysql_real_escape_string($player[$i]) . "',
'" . mysql_real_escape_string($image[$i]) . "',
'" . mysql_real_escape_string($path[$i]) . "'
)";
} else {
die "Couldn't find entity_id for this team.";
}
Also, you should properly escape ALL user input that you use in database queries. I did this above using the "mysql_real_escape_string" function.
change all your form elements names from e.g: 'player[]' to 'player', and do so as well in your javascript.Submitting the form will automatically put all elements with the same name in an array.