All geek questions in one place

Insert all $ _POST data into mysql using PHP?

once again I have a question for hivemind STACKOVERFLOW. Here's the deal, I'm trying to insert all my $ _POST data from a form into a mysql table. I used to do:

    INSERT INTO forms (Place, Date, Find, username, who_sponsored, hours, comments, howdiditgo, studentleader_name, studentleader_email, description)
VALUES ('$place', '$date','$where', '$username', '$who', '$hours', '$comments', '$how', '$description',)");

where all $ values ​​were declared as $ _POST ['Place'], $ _POST ['Date'], etc. Now, every time I add a new form to the form (for example, a different text area or something else), I just want to create a new column in mysql instead of adding another $ _POST ['foo']. Here is what I tried to do:

// In the previous form, I have set all input ids to "service[]", so all this data would be in a more specific array than just $POST.  Turns out all the $_POST['service'] stuff is null...  Here an example: <input name="placeofservice" type="text" id="service[]">


$forms = serialize($_POST['service']);
var_dump($forms);

mysql_query("INSERT INTO forms VALUES('$forms')")
 or die(mysql_error());

The error I get is: The number of columns does not match the number of values ​​in row 1. I understand that this means that I am trying to put too much data in the database because there are not enough columns for the data. I checked back and forth to see if I was right (which, I think, is). For reference, here is my code for mysql form and table:

<form name="form1" method="post" action="process_form.php">
Place of Service</br>
<input name="placeofservice" type="text" id="service[]"></br>

Date of Service</br>
<input name="dateofservice" type="text" id="service[]"></br>

Where did you find this opportunity?</br>
<input name="where" type="text" id="service[]"></br>

What organization sponsored this opportunity?</br>
<input name="who_sponsored" type="text" id="service[]"></br>

How many hours did you work?</br>
<input name="hours" type="text" id="service[]"></br>

How did it go?</br>
<input type="text" id="service[]" name="howdiditgo" maxlength="100" /></br>

Description of Service:
<textarea name="description" id="service[]" COLS=40 ROWS=6></textarea></br>

Comments:
<textarea name="comments" id="service[]" COLS=40 ROWS=6></textarea></br>

Student Leader Name (If Applicable)</br>
<input name="studentleader_name" type="text" id="service[]"></br>

Student Leader Email(If Applicable)</br>
<input name="studentleader_email" type="text" id="service[]"></br>
<input type="submit" name="Submit" value="Submit">
</form>

Mysql table:

Place | Date | Find | form_id | who_sponsored | watch | comments | howdiditgo | description | studentleader_name | studentleader_email | Username

NOTE. I also plan to sanitize my DB / $ POST data, but for my own purposes I left it! If you have any questions, feel free to ask and I will post here with EDIT: tags :)

+3
source share
4

:

function i($table, $array) {
  $query = "INSERT INTO ".$table;
  $fis = array(); 
  $vas = array();
  foreach($array as $field=>$val) {
    $fis[] = "`$field`"; //you must verify keys of array outside of function;
                         //unknown keys will cause mysql errors;
                         //there is also sql injection risc;
    $vas[] = "'".mysql_real_escape_string($val)."'";
  }
  $query .= " (".implode(", ", $fis).") VALUES (".implode(", ", $vas).")";
  if (mysql_query($query))
    return mysql_insert_id();
  else return false;
}
+15

... . (, , , 25, 26 2010 ) , insert , , Riateche.

, mysqli bind.

+6

:

function incomingdump($array){
    $tablename="incomingdump";

    $currentID = generateID($tablename);

    $query = "INSERT INTO $tablename (ID) VALUES('$currentID');";  
    sendquery($query);
      foreach($array AS $key => $value){

        $query = "ALTER TABLE $tablename ADD `$key` VARCHAR(".strlen($value).");";  
        sendquery($query);
        $query = "ALTER TABLE $tablename MODIFY `$key`VARCHAR(".strlen($value).");";  
        sendquery($query);
        $query = "UPDATE $tablename SET `$key` = '$value' WHERE ID=$currentID";
        sendquery($query);
      }


}
function generateID($tablename){
    $query = "SELECT count(*) FROM $tablename"; 
    $result = sendquery($query);
    $row = mysql_fetch_row($result);
    return $row[0] + 1;

}

sendquery() - sql. :

incomingdump($_POST);
0

, .

  • I plan to sanitize my DB contents/$POST data -
    . , " ", . , SQL-. , POST - . DB , , . POST, , . .
    , mysql_real_escape_string "" -.

  • every time I add a new part to the form - .
    , . , . , , . .

  • $forms = serialize($_POST['service']); - .
    , - . Mysql, , PHP. , - , ? Weird.

- .
, :

function dbSet($fields, $data = array()) {
  if (!$data) $data = &$_POST;
  $set='';
  foreach ($fields as $field) {
    if (isset($data[$field])) {
      $set.="`$field`='".mysql_real_escape_string($data[$field])."', ";
    }
  }
  return substr($set, 0, -2); 
}

this will return you a SET statement limited to a previously defined set of fields.
Using

$fields = explode(" ","name surname lastname address zip fax phone");
$query  = "INSERT INTO $table SET ".dbSet($fields);
$result = mysql_query($query) or trigger_error(mysql_error().$query);

or

$id     = intval($_POST['id']);
$fields = explode(" ","name surname lastname address zip fax phone");
$query  = "UPDATE $table SET ".dbSet($fields)." WHERE id=$id";
$result = mysql_query($query) or trigger_error(mysql_error().$query);

So, in your case you only need to add one word to the list of fields

-1
source

Source: https://habr.com/ru/post/1756624/

More articles:


All Articles