Stuck on the logic of creating tags for posts (like SO tags) (PHP)

Question

I am stuck on how to create tags for each post on my site. I am not sure how to add the tags into database. Currently... I have 3 tables:

+---------------------+    +--------------------+    +---------------------+
| Tags                |    | Posting            |    | PostingTags         |
+---------------------+    +--------------------+    +---------------------+
| + TagID             |    | + posting_id       |    | + posting_id        |
+---------------------+    +--------------------+    +---------------------+
| + TagName           |    | + title            |    | + tagid             |
+---------------------+    +--------------------+    +---------------------+

The Tags table is just the name of the tags(ex: 1 PHP, 2 MySQL,3 HTML) The posting (ex: 1 What is PHP?, 2 What is CSS?, 3 What is HTML?) The postingtags shows the relation between posting and tags.

When users type a posting, I insert the data into the "posting" table. It automatically inserts the posting_id for each post(posting_id is a primary key).

    $title = mysqli_real_escape_string($dbc, trim($_POST['title']));
    $query4 = "INSERT INTO posting (title) VALUES ('$title')";
    mysqli_query($dbc, $query4);

HOWEVER, how do I insert the tags for each post? When users are filling out the form, there is a checkbox area for all the tags available and they check off whatever tags they want. (I am not doing where users type in the tags they want just yet)

This shows each tag with a checkbox. When users check off each tag, it gets stored in an array called "postingtag[]".

<label class="styled">Select Tags:</label>
    <?php

 $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
 $query5 = "SELECT * FROM tags  ORDER BY tagname";
 $data5 = mysqli_query($dbc, $query5);
 while ($row5 = mysqli_fetch_array($data5)) {
    echo '<li><input type="checkbox" name="postingtag[]"
        value="'.$row5['tagname'].'" ">'.$row5['tagname'].'</li>';
    }

 ?>

My question is how do I insert the tags in the array ("postingtag") into my "postingtags" table? Should I...

    $postingtag = $_POST["postingtag"];
foreach($postingtag as $value){
$query5 = "INSERT INTO postingtags (posting_id, tagID) 
               VALUES (____, $value)";
mysqli_query($dbc, $query5);
}       

1.In this query, how do I get the posting_id value of the post?

I am stuck on the logic here, so if someone can help me explain the next step, I would appreciate it!

Is there an easier way to insert tags?

Answer 1

PostingTags is a Many-To-Many mapping table. You are correct in your assessment of the data you need, but I don't see how we can help you find it.

1.In this query, how do I get the posting_id value of the post?
Does your application not know this when the user is selecting tags? You're going to need to know what post is actually being edited before you can assign tags to it. Is this a completely separate page where the user is picking tags? If it is, you'll need to create a hidden field in your webform that passes the posting_id from one page to the next.

Otherwise, it just becomes an issue of determining the last primary key used when you inserted into the postings table. For that, you need to call mysqli::insert_id like this:

//This is the first snippet of code you posted
$title = mysqli_real_escape_string($dbc, trim($_POST['title']));
$query4 = "INSERT INTO posting (title) VALUES ('$title')";
mysqli_query($dbc, $query4);
$posting_id = $dbc->insert_id;

I am stuck on the logic here, so if someone can help me explain the next step, I would appreciate it!
Do you understand now?

Is there an easier way to insert tags?
Not if you want your users to be able to insert an arbitrary number of tags to a post.

My question is how do I insert the tags in the array ("postingtag") into my "postingtags" table?
Your code does the job fine, though I would be doing everything as prepared statements. Prepared statements prevent SQL injection attacks so that you don't have to remember to escape everything that goes into the query. It's also a much less verbose way of doing things:

//This is the last snippet of code you posted
//Populate postid as specified in the first part of this answer.
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
foreach($postingtag as $tag) {
    $sql = 'INSERT INTO postingtags (posting_id, tagID) VALUES (?, ?);';
    $insertStatement = $dbc->prepare($sql);
    $insertStatement->bind_param('ii', $postid, $tag);
    $insertStatement->execute();
}