MySQL, PHP - Forms Help.

Question

Greetings,

I have the following code

          <?       
        include("conn.php");
        $sn=$_GET["sn"];
        $sql="select * from kpi where no='$sn'";

        $result=mysql_query($sql,$connection) or die(mysql_error());
        while($row=mysql_fetch_array($result)) {
            $sn=$row['id'];
            $no=$row['no'];
            $pdetails=$row['pdetails'];
   $kpistatus=$row['kpistatus'];
   $status=$row['status'];
   $cols=$row['cols'];
   $rows=$row['rows'];
        }
    ?>

    <form name="form1" method="post" action="formsubmit.php?mode=addtable">
        <table width="100%" border="1" align="center" cellpadding="2" cellspacing="2">
          <tr>
            <td colspan="2"><strong>Add Table</strong></td>
               </td>
          </tr>
          <tr>
            <td>NO</td>
            <td><input name="no" type="text" id="no" value="<? echo $no; ?>"></td>
          </tr>
          <tr>
            <td>PROJECT DETAILS</td>
            <td><textarea name="pdetails" rows="10" cols="100"><? echo $pdetails; ?></textarea></td>
          </tr>
                  <tr>
            <td>KPISTATUS</td>
            <td>
   <?
   echo "<table border=\"1\" align=\"left\">\n";
   $j=0;
   while ($j < $rows) 
   {
   echo "<tr>\n";
   $i=0;
   while ($i < $cols) 
   {
   ?>
   <td><input type="text" name="kpistatus" id="kpistatus"></td>
   <?
   $i++;
   }  
   echo "</tr>\n";
   $j++;
   }
   echo "</table>\n";
   ?>
   </td>
   </tr>
      <tr>
            <td>STATUS</td>
            <td><textarea name="status" rows="10" cols="100"><? echo $status; ?></textarea></td>
          </tr>
          <tr>
            <td colspan="2"><input type="submit" name="Submit" value="ADD TABLE"></td>
          </tr>
        </table>
      </form>

     elseif($mode=="addtable") {
        $no=$_POST["no"];
        $pdetails=$_POST["pdetails"];
  $kpistatus=$_POST["kpistatus"];
  $status=$_POST["status"];
        $sn=$_POST["id"];
        $sql="update kpi set pdetails='$pdetails',kpistatus='$kpistatus',status='$status' where no='$no'";
        //echo $sql;
        $result=mysql_query($sql,$connection) or die(mysql_error());
        //header("location: index.php");
      }
      ?>

Screenshot of the form : http://img395.imageshack.us/my.php?image=1226818203913yi6.png

Users can input how many rows and column they need to insert data. In screenshot my rows is 10 whereas column is 5.

Now the part where i stuck is, how can i make sure, all inputted data in < input type="text" name="kpistatus" id="kpistatus"> get saved in kpistatus mysql table..

Please help me.

Thanks.

Answer 1

If you put square brackets in an input name, php will automatically turn them into an array for you in the post array. Then you can just iterate through that and save them as needed. In your form, you would put

<input type="text" name="kpistatus[]" id="kpistatus">

(Note the addition of the two brackets).

Then, in your form handling code, you would have $_POST['kpistatus'] as an array. You could use PHP's implode function to turn this into a comma-seperated list by doing something like implode(',', $_POST['kpistatus'].

A quick note:

In your code, you need to use mysql_real_escape_string on all of your variables before you insert them. Otherwise, a user could enter SQL code into one of the inputs and be able to do whatever they wanted (this is called SQL injection).

Imagine what would happen if someone had a single-quote in their status string. At best it would cause an error, at worst they could overwrite or erase your data.

Sorry if this is obvious to you, but I just want to make sure to cover it.

Answer 2

THANKS VERY MUCH MATE!