stackoom
  简体   繁体   中英

MySQL and PHP multiple checklist db insert

 原文  2012-03-07 15:24:41       php/ mysql

Question

I am trying to insert the value of this multiple checklist into the db column. This code not working. Can anyone spot the problem?

My database consists of a table called "colors" and one column called "color". 

<?php
// connect to database
require "mysql_connect.php";
?>


<?php
// get value from the form
$color = $_POST['color'];

foreach($_POST['color'] as $colors){
$insert = mysql_query("INSERT INTO colors (color) VALUES ('$color')");
}
?>

<form action="add_color.php" method="post" enctype="multipart/form-data" name="colorform"     id="colorform">

<input type="checkbox" name="color[]" value="black" /> Black
<input type="checkbox" name="color[]" value="red" /> Red
<input type="checkbox" name="color[]" value="blue" /> Blue
<input type="checkbox" name="color[]" value="white" /> White

<input name="submit" type="submit" value="Add color" />

</form>

Thanks

5 answers

solution1
 1  2012-03-07 15:28:08

I would also suggest that you sanitize your from inputs before inserting into your database. You don't mention what type your color column is, could be a mismatch there as well.

When you say INSERT INTO $colors -- is that what you mean? Your table name is variable? You should probably have a proper table name in place of $colors .

In addition, you have used $color which I don't see defined, you probably meant to use $colors so it should be more like this: 

INSERT INTO tblColors (color) VALUES ('$colors')

To check your return value to see what error you're getting: 

$query = "INSERT INTO tblColors (color) VALUES ('$colors')";
$insert = mysql_query($query) or die("A MySQL error has occurred.<br />Your Query: " . $query . "<br /> Error: (" . mysql_errno() . ") " . mysql_error());

solution2
 1 ACCPTED  2012-03-07 15:46:47

This is a nice way to add your colors 

<?php

        require "mysql_connect.php";
    // connect to database
    $colors=array();
    // get value from the form
     if (isset($_POST['color']))  $colors = $_POST['color'];

    foreach($colors as $color)
    {
        mysql_query ("INSERT INTO colors ('color') VALUES ('$color')");
    }
?>

<form action="add_color.php" method="post" enctype="multipart/form-data" name="colorform"     id="colorform">

<input type="checkbox" name="color[]" value="black" /> Black
<input type="checkbox" name="color[]" value="red" /> Red
<input type="checkbox" name="color[]" value="blue" /> Blue
<input type="checkbox" name="color[]" value="white" /> White

<td><input name="submit" type="submit" value="Add color" />
</form>

if (isset($_POST['color']) ) This condition is important because it will prevent an indexing error in case the array is empty

$colors=array(); Also, do declare your variables to prevent getting undeclared varibles, previously, in your code, this will happen if the user does not specify any color

Remember PHP is server-side and thus getting errors on PHP create loopholes for attacks. Try to read about PHP Best Practices, Its very impotant

Hopes it helps :-)

solution3
 0  2012-03-07 15:28:16

$insert = mysql_query("INSERT INTO $colors (color) VALUES ($color)");

Change it to: 

$insert = mysql_query("INSERT INTO colors_table_name (color) VALUES ($color)");

Also, please check the return value of insert, maybe you are getting errors? First obvious problem was that the table name was being replaced with the color because of the variable, is this the desired effect?

solution4
 0  2012-03-07 15:28:26

<?php
// connect to database
require "mysql_connect.php";
?>


<?php
// get value from the form
$colors = $_POST['color'];

foreach($colors as $color){
    $insert = mysql_query("INSERT INTO colors (color) VALUES ($color)");
}


<form action="add_color.php" method="post" enctype="multipart/form-data" name="colorform"     id="colorform">

<input type="checkbox" name="color[]" value="black" /> Black
<input type="checkbox" name="color[]" value="red" /> Red
<input type="checkbox" name="color[]" value="blue" /> Blue
<input type="checkbox" name="color[]" value="white" /> White

<td><input name="submit" type="submit" value="Add color" />

</form>

solution5
 0  2012-03-07 15:46:04

You've got your variables backwards, SQL syntax errors, SQL injection vulnerabilities, and a total lack of error handling 

$color = $_POST['color'];   <---stuff the POST data array into $color

foreach($_POST['color'] as $colors){   <--- loop over the POST data directly

$insert = mysql_query("INSERT INTO colors (color) VALUES ($color)");
                                                          ^^^^^^---insert the array
                                                          ^^^^^^---no quotes

You use $colors (with an S) to store the individual colors, but then insert $color, which is an array.

Never assume that a query has suceeded. If you'd have the bare minimum or die(...) error handling, you've have seen why your queries were failing: 

foreach($_POST['color'] as $color) {
    $safe_color = mysql_real_escape_string($color);
    $result = mysql_query("INSERT INTO colors (color) VALUES ('$safe_color');") or die(mysql_error());
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to insert multiple HTML checklist values into PHP? Storing multiple checklist data in MySQL using PHP Using PHP to INSERT multiple rows into mysql DB INSERT maintenance checklist table form PHP HTML MYSQL Php, MySql - Multiple DB connections and mysql_insert_id() How to insert multiple rows of data into Mysql DB with php Best way to insert multiple values in to DB - PHP MySQL PHP Insert Record into MySQL DB (Multiple recorded are being added) Insert array into MySQL DB with PHP insert in DB php+mysql
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM