I have a form that has a checkbox list generated dynamically: name="cursoID[]"
Each value correspond to cursoID ( $curso['cursoID']
), which is a value taken from a mySQL SELECT
query that shows me a list of items IDs.
The user may select N number of items, and I need to take each one of those (ie. $cursoID = $_POST['cursoID'];
) in order to save them into an INSERT
query.
In the form, I generate each item with a while loop:
<?php
$conectar = mysqli_connect(HOST, USER, PASS, DATABASE);
$query = " SELECT cursoID, nombreCurso, cursoFechaInicio, modalidadCurso, estadoCurso
FROM cursos
WHERE estadoCurso='abierto'";
$buscarCurso = mysqli_query($conectar,$query);
echo '<div class="checkbox">';
while ($curso=mysqli_fetch_assoc($buscarCurso)) {
echo '<input type="checkbox" name="cursoID[]" value="'.$curso['cursoID'].'">'.$curso['nombreCurso'];
}
echo '</div>';
?>
My database consultation in order to insert that field is a simple select:
INSERT INTO cursosUsuarios
(userID, cursoID)
VALUES
('$userID', '$cursoID')
I have no issues with $userID, as is a single value.
How may I use $cursoID = $_POST['cursoID']
to add it to the database? I've been reading some other questions (like this one , or this other one ), but couldn't manage to apply it to my case, as I don't know how would I insert it into the database.
I dk how to use mysqli_* so i'll write in PDO. If i could understand correctly this's what u need.
ps: Security ignored.
$cursors = $_POST['cursorID'];
$user = $_POST['user'];
foreach ($cursors as $cursor) {
$query = $DB->prepare('INSERT INTO table (user, cursor) VALUES (:user, :cursor)');
$query->bindValue(':user', $user, PDO::PARAM_INT);
$query->bindValue(':cursor', $cursor, PDO::PARAM_INT);
$query->execute();
}
There's two main ways you can insert a variable amount of data into your database:
Like so:
$fields = array();
$values = array();
$fields[] = 'field1';
$fields[] = 'field2';
...
$values[] = 1;
$values[] = 2;
...
$query = 'INSERT INTO table (' . implode(', ', $fields) . ') VALUES (' . implode(',', $values) . ')';
// Execute $query
or:
Like so (if your checkboxes are named "cursoID[]", the corresponding POST variable will be an array, and you can use anything that'll work with arrays):
$userID_int = (int)$userID;
foreach ($_POST['cursoID'] as $singleID) {
$singleID_int = (int)$singleID;
// Execute: INSERT INTO cursosUsuarios (userID, cursoID) VALUES ('$userID_int', '$singleID_int')
}
However, be very careful - at the moment, your code is vulnerable to SQL injections (for example, if $_POST['cursoID'] is set to something like
'; DROP DATABASE X
you might - depending on your configuration - allow someone to do a lot of nasty stuff, ranging from bypassing your logins to removing your database. As such, I would recommend taking a step back and looking into how you can parameterize your queries, so you don't have to worry about a hostile visitor injecting data in your SQL query. See, for example, this answer .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.