views:

61

answers:

2

Good afternoon,

I will first start with the goal I am trying to accomplish and then give a very basic sample of what I need to do.

Goal

Instead of collecting several variables and naming them with keys individually, I have decided to give in and use an array structure to handle all inputs of the same type and rules. Once I have the variables, I will validate against them and if 'ok' store them in a MySQL table. The table will hold consumer information and will need to store multiple rows of the same type of information.

First Pass

I will leave out the validation portion of this question because I feel I need to first understand the basics.

<form action="?" method="POST" name="Form">
Member 1 First Name:<input type="text" name="MemberFirstName[]" /><br />
Member 1 Last Name: <input type="text" name="MemberLastName[]" /><br />
Member 1 Email: <input type="text" name="MemberEmail[]" /><br />

Member 2 First Name:<input type="text" name="MemberFirstName[]" /><br />
Member 2 Last Name: <input type="text" name="MemberLastName[]" /><br />
Member 2 Email: <input type="text" name="MemberEmail[]" /><br />

Member 3 First Name:<input type="text" name="MemberFirstName[]" /><br />
Member 3 Last Name: <input type="text" name="MemberLastName[]" /><br />
Member 3 Email: <input type="text" name="MemberEmail[]" /><br />

<input type="submit" name="submit" value="Continue" />          
</form>

I am hoping that each input given for First Name (a required field) will generate a unique key for that particular entry and not overwrite any data entered. Because I am carrying information from page to page (checkout form), I am turning the POST variables into SESSION variables then storing in a mysql database in the end. My hope is to have:

<?php

$conn = mysql_connect("localhost", "username", "password");
mysql_select_db("DBname",$conn);

$sql = "INSERT INTO tablename VALUES ('$_SESSION[Member1FirstName]', '$_SESSION[Member1LastName]', '$_SESSION[Member1Email]', '$_SESSION[Member2FirstName]', '$_SESSION[Member2LastName]', '$_SESSION[Member2Email]', '$_SESSION[Member1FirstName]', '$_SESSION[Member3LastName]', '$_SESSION[Member3Email]')";


$result = mysql_query($sql, $conn) or die(mysql_error());
Header ("Location: completed.php");
?>

Where Member1, Member2, and Member3 values will appear on their own row within the table. I KNOW my code is wrong but I am giving a first shot at the overall business purpose I am trying to achieve and trying to learn how to code the right way.

I am very, very new to programming so any 'baby advice' is greatly appreciated.

+1  A: 

If you want to need to associate fields in a specific number of sets and still want them in an array then you should put an index in the name. An empty index is only useful when you don't know how many elements the final array will contain.

Member 1 First Name:<input type="text" name="MemberFirstName[1]" /><br />
Member 1 Last Name: <input type="text" name="MemberLastName[1]" /><br />
Member 1 Email: <input type="text" name="MemberEmail[1]" /><br />
Ignacio Vazquez-Abrams
+1  A: 

Depending on your column names the following

INSERT INTO tablename 
VALUES ('$_SESSION[Member1FirstName]', '$_SESSION[Member1LastName]', '$_SESSION[Member1Email]'),
       ('$_SESSION[Member2FirstName]', '$_SESSION[Member2LastName]', '$_SESSION[Member2Email]'), 
       ('$_SESSION[Member1FirstName]', '$_SESSION[Member3LastName]', '$_SESSION[Member3Email]')"

would work on mysql, see INSERT.

However this is an answer that will lead into much trouble if you do not sanitize the input.

EDIT: Sanitizing refers to the sql injection attack, where strings passed directly to database may contain constructs that would allow attacker to change database passwords or update or destroy data.

EDIT2: As for php syntax, I think this question has reasonable answers from which you can learn.

Unreason
@Unreason - my overall goal is to use the arrays to figure out how to loop the 'insert' statement. If I use the method above (which i already do, I have 12 inputs for over 20 members) which takes a lot of code.Can you explain 'sanitizing the input'?
JM4
@JM4 - I expanded my answer re sanitzing/injection problems. As for looping over array in PHP, what seems to be the problem? foreach and other methods are at your disposal.
Unreason
@Unreason - I think the area I am stuck in while looping in the example you give above is that I wont know how many Members are being entered so I'm not sure where to run the loop. The enroller can choose to enroll from 1 to up to 20 members at a time so the only guarantee in the 'INSERT INTO tablename' is '$_SESSION['Member1FirstName'] values. It is my estimation i need to change it altogether to something like: INSERT INTO tablename VALUES ('MemberFirstName[0]', 'MemberLastName[0]... and so on with the key changing determined by the Number of Enrollee's entered
JM4
@JMR - added a link to so question on inserting multiple rows into mysql via php
Unreason