MySQL, PHP - Forms Help

Hello,

I have the following code

          <?       
        include("conn.php");
        $sn=$_GET["sn"];
        $sql="select * from kpi where no='$sn'";

        $result=mysql_query($sql,$connection) or die(mysql_error());
        while($row=mysql_fetch_array($result)) {
            $sn=$row['id'];
            $no=$row['no'];
            $pdetails=$row['pdetails'];
            $kpistatus=$row['kpistatus'];
            $status=$row['status'];
            $cols=$row['cols'];
            $rows=$row['rows'];
        }
    ?>

    <form name="form1" method="post" action="formsubmit.php?mode=addtable">
        <table width="100%" border="1" align="center" cellpadding="2" cellspacing="2">
          <tr>
            <td colspan="2"><strong>Add Table</strong></td>
               </td>
          </tr>
          <tr>
            <td>NO</td>
            <td><input name="no" type="text" id="no" value="<? echo $no; ?>"></td>
          </tr>
          <tr>
            <td>PROJECT DETAILS</td>
            <td><textarea name="pdetails" rows="10" cols="100"><? echo $pdetails; ?></textarea></td>
          </tr>
                        <tr>
            <td>KPISTATUS</td>
            <td>
            <?
            echo "<table border=\"1\" align=\"left\">\n";
            $j=0;
            while ($j < $rows) 
            {
            echo "<tr>\n";
            $i=0;
            while ($i < $cols) 
            {
            ?>
            <td><input type="text" name="kpistatus" id="kpistatus"></td>
            <?
            $i++;
            }       
            echo "</tr>\n";
            $j++;
            }
            echo "</table>\n";
            ?>
            </td>
            </tr>
            <tr>
            <td>STATUS</td>
            <td><textarea name="status" rows="10" cols="100"><? echo $status; ?></textarea></td>
          </tr>
          <tr>
            <td colspan="2"><input type="submit" name="Submit" value="ADD TABLE"></td>
          </tr>
        </table>
      </form>

      

        elseif($mode=="addtable") {
        $no=$_POST["no"];
        $pdetails=$_POST["pdetails"];
        $kpistatus=$_POST["kpistatus"];
        $status=$_POST["status"];
        $sn=$_POST["id"];
        $sql="update kpi set pdetails='$pdetails',kpistatus='$kpistatus',status='$status' where no='$no'";
        //echo $sql;
        $result=mysql_query($sql,$connection) or die(mysql_error());
        //header("location: index.php");
      }
      ?>

      

Screenshot of the form: http://img395.imageshack.us/my.php?image=1226818203913yi6.png

Users can enter the number of rows and columns they need to insert data. In the screenshot, my rows are 10 and column is 5.

Now the part where I am stuck, how can I make sure all data entered in <input type = "text" name = "kpistatus" id = "kpistatus"> get saved in the kpistatus mysql table.

Please help me.

Thank.

0


source to share


1 answer


If you put square brackets in the name input

php will automatically turn them into an array for you in the post array. Then you can just loop over that and save them as needed. In your form, you would put

<input type="text" name="kpistatus[]" id="kpistatus">

(Note the addition of two parentheses).

Then in your form processing code you will have it $_POST['kpistatus']

as an array. You can use a PHP function implode

to turn it into a comma separated list by doing something like implode(',', $_POST['kpistatus']

.



Quick note:

In your code, you need to use mysql_real_escape_string on all your variables before inserting them. Otherwise, the user can enter SQL code into one of the inputs and can do whatever he wants (this is called SQL injection).

Imagine what would happen if someone had a single quote in their status bar. At best it will throw an error, at worst they might overwrite or erase your data.

Sorry if this is obvious to you, but I just want it to be closed.

+4


source







All Articles