0

Recently I'm trying to pass text boxes , radio buttons and checkboxes vaues to database. For that for the clear understanding I'll provide simple way of form.

<form method="post">
            <input type="text" name="KKK"><br>
            <input type="text" name="val[]"><br>
            <input type="text" name="val[]"><br>
            <input type="text" name="val[]"><br>
            <input type="radio" class="form-check-input" value="new" name="val[]">New
            <input type="radio" class="form-check-input" value="recondition" name="val[]">Reconditioned
            <input type="radio" class="form-check-input" value="used" name="val[]">Used<br>
            <select class="form-control" name="val[]">
                <option>Convertible</option>
                <option>Coupe / Sports</option>
                <option>Hatchback</option>
                <option>MPV</option><option>Saloon</option>
                <option>Station Wagon</option>
                <option>SUV / 4x4</option> 
            </select><br>

            <input type="submit" name="sub" value="send !">
        </form>

You see except first textbox other input elements' values should be pass through array. I echo those values without problem. So there is no error in form code. What I need is perform mysqli_real_escape_string function on 'val'. For that i used following php code snip..

<?php
        require('./exec/connect.php');
        if(isset($_POST['sub']))
        {

            $myarr[]=mysqli_real_escape_string($con,$_POST['val']);
            for($i=0; $i<5; $i++){
                //echo "The number is " . $_POST['val'][$i] . "<br>";

            }
        }
        ?>

In above I got error message saying that : Warning: mysqli_real_escape_string() expects parameter 2 to be string, array given

I really want to inspect code before it insert to database. I comented echo line because furthor I also wanted to help from you guys to insert read array to database as 6 rows.
Database table is structure is ID | values

2
Contributors
4
Replies
41
Views
1 Week
Discussion Span
Last Post by alan.davies
0

Heed the warning. You've got val[] (array) as a name in your form so the resulting superglobals will also be an array. You can't sanitize an array like that. Your markup logic seems a little suspect. You shouldn't need to throw everything into an array like that. You may benefit from using prepared statements. This obviates the need for explicit sanitising.

0

can you explain how to use above array in php ? I tried with many references like adding
[] to end of php variable and many ways. but nothing give correct respond :/

1

I'm assuming you mean this:

        if(isset($_POST['sub']))
        {
            $myarr[]=mysqli_real_escape_string($con,$_POST['val']);
            for($i=0; $i<5; $i++){
                //echo "The number is " . $_POST['val'][$i] . "<br>";
            }
        }

If I had to do it...

$cleanArray = [];
foreach( $_POST['val'] as $val )
    $cleanArray[] = mysqli_real_escape_string( $con, $val );
//check
print_r( $cleanArray );
Votes + Comments
great ! what happen if I use for loop instead foreach
1

Do you need to limit yourself? OK:

$limit = 5;
$cleanArray = [];
for( $i = 0; $i < $limit; $i++ )
{
    if(isset($_POST['val'][$i])){
            $val = $_POST['val'][$i];
            $cleanArray[] = mysqli_real_escape_string( $con, $val );
    }
}   
//check
print_r( $cleanArray );

A disadvantage with this is that if you change the html (name), you will need to change this snippet too. Also if you use checkboxes and they are not checked, that data will not be sent so the number of val[] items posted to the server will be less than those printed in the form.
This can all get very messy very soon. Hence, my warning about using this type of approach.
Your radiobuttons would usually have a numeric value attached to the "value", e.g. the id of the item stored in the DB (are you using a DB?!). Anyway, your project, not mine.

Votes + Comments
hey thanks for clear clarifications :) thanks.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.