Array within Form collecting multiple values with the same name possible?

Question

Good afternoon,

I will first start with the goal I am trying to accomplish and then give a very basic sample of what I need to do.

Goal

Instead of collecting several variables and naming them with keys individually, I have decided to give in and use an array structure to handle all inputs of the same type and rules. Once I have the variables, I will validate against them and if 'ok' store them in a MySQL table. The table will hold consumer information and will need to store multiple rows of the same type of information.

First Pass

I will leave out the validation portion of this question because I feel I need to first understand the basics.

<form action="?" method="POST" name="Form">
Member 1 First Name:<input type="text" name="MemberFirstName[]" /><br />
Member 1 Last Name: <input type="text" name="MemberLastName[]" /><br />
Member 1 Email: <input type="text" name="MemberEmail[]" /><br />

Member 2 First Name:<input type="text" name="MemberFirstName[]" /><br />
Member 2 Last Name: <input type="text" name="MemberLastName[]" /><br />
Member 2 Email: <input type="text" name="MemberEmail[]" /><br />

Member 3 First Name:<input type="text" name="MemberFirstName[]" /><br />
Member 3 Last Name: <input type="text" name="MemberLastName[]" /><br />
Member 3 Email: <input type="text" name="MemberEmail[]" /><br />

<input type="submit" name="submit" value="Continue" />          
</form>

I am hoping that each input given for First Name (a required field) will generate a unique key for that particular entry and not overwrite any data entered. Because I am carrying information from page to page (checkout form), I am turning the POST variables into SESSION variables then storing in a mysql database in the end. My hope is to have:

<?php

$conn = mysql_connect("localhost", "username", "password");
mysql_select_db("DBname",$conn);

$sql = "INSERT INTO tablename VALUES ('$_SESSION[Member1FirstName]', '$_SESSION[Member1LastName]', '$_SESSION[Member1Email]', '$_SESSION[Member2FirstName]', '$_SESSION[Member2LastName]', '$_SESSION[Member2Email]', '$_SESSION[Member1FirstName]', '$_SESSION[Member3LastName]', '$_SESSION[Member3Email]')";


$result = mysql_query($sql, $conn) or die(mysql_error());
Header ("Location: completed.php");
?>

Where Member1, Member2, and Member3 values will appear on their own row within the table. I KNOW my code is wrong but I am giving a first shot at the overall business purpose I am trying to achieve and trying to learn how to code the right way.

I am very, very new to programming so any 'baby advice' is greatly appreciated.

Answer 1

If you want to need to associate fields in a specific number of sets and still want them in an array then you should put an index in the name. An empty index is only useful when you don't know how many elements the final array will contain.

Member 1 First Name:<input type="text" name="MemberFirstName[1]" /><br />
Member 1 Last Name: <input type="text" name="MemberLastName[1]" /><br />
Member 1 Email: <input type="text" name="MemberEmail[1]" /><br />

Answer 2

Depending on your column names the following

INSERT INTO tablename 
VALUES ('$_SESSION[Member1FirstName]', '$_SESSION[Member1LastName]', '$_SESSION[Member1Email]'),
       ('$_SESSION[Member2FirstName]', '$_SESSION[Member2LastName]', '$_SESSION[Member2Email]'), 
       ('$_SESSION[Member1FirstName]', '$_SESSION[Member3LastName]', '$_SESSION[Member3Email]')"

would work on mysql, see INSERT.

However this is an answer that will lead into much trouble if you do not sanitize the input.

EDIT: Sanitizing refers to the sql injection attack, where strings passed directly to database may contain constructs that would allow attacker to change database passwords or update or destroy data.

EDIT2: As for php syntax, I think this question has reasonable answers from which you can learn.