2

I have four fields. Two name fields and two email fields. I have to insert all fields data by foreach loop but when I insert data through foreach loop, a blank entry also inserts in database.

sample code

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <title></title>
    </head>
    <body>
        <form method="post">
            Name : <input type="text" name="name[]"><br>
            Email : <input type="text" name="email[]"><br>
            Name : <input type="text" name="name[]"><br>
            Email : <input type="text" name="email[]"><br>
            <input type="submit" name="submit">
        </form>
    </body>
</html>

[![<?php
if(isset($_POST['submit']))
{
    $conn = mysqli_connect("localhost", "root", "", "practice");
    $i=0;

    foreach($_POST as $val)
    {
        $name=$_POST['name'][$i];
        $email=$_POST['email'][$i];

        $sql = "insert into interview (Name, Email) values ('$name', '$email')";
        $result = mysqli_query($conn, $sql);
        $i++;

    }

}
?>

Can anybody help me ?

This is my database table screen shot.

Improve this question
2
  • It's an sample code for dynamic created input fields. In above code , I used hard coded input fields two times. Literally it is not like this. Mainly I had faced problem during dynamic created input fields. Commented Oct 7, 2016 at 21:41
  • Do this now! stackoverflow.com/questions/60174/… Commented Oct 8, 2016 at 2:03

3 Answers 3

Reset to default
3

First, see here How can I prevent SQL injection in PHP? Do your query differently or you're screwed.

Since name and email are indexed the same, just loop one and reference the other by key:

foreach($_POST['name'] as $key => $val) {
    $name  = $val;
    $email = $_POST['email'][$key];

   // prepared statement query
}

Or you could do inputs like this to get arrays more like database rows:

Name  : <input type="text" name="data[0][name]"><br>
Email : <input type="text" name="data[0][email]"><br>

Then loop it easily:

foreach($_POST['data'] as $val) {
    $name  = $val['name'];
    $email = $val['email'];
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3 
#Simple Answer!
foreach($_POST['name'] as $index => $val) {
    $name  = $val;
    $email = $_POST['email'][$index];

    $sql = "insert into interview (Name, Email) values ('$name', '$email')";
    $result = mysqli_query($DB_Connection, $sql);
}
Improve this answer

Comments

1

We note that 'submit' is also a value in $_POST.

It looks like the code will go through the loop three times, one time for each of 'submit', 'name' and 'email'. (It might be going through the loop five times, not sure? I'd just echo $val in the loop to see what's going on.)

It looks like you are attempting to loop through either $_POST['name'] or $_POST['email'], rather than just $_POST.

As long as you get an equal number in each of those, it shouldn't matter which.

Code appears to be vulnerable to SQL Injection.

If there is some (unfathomable) reason you can't use prepared statement with bind placeholder, any potentially unsafe values need to be properly escaped. PHP has a mysqli_real_escape_string function which is expressly designed for this purpose.

Also, there doesn't appear to be any check for an error being returned from mysqli_query. It looks like the code is putting its figurative pinky finger to the corner of its mouth, Dr.Evil style, and saying "I just assume it will all go to plan. What?"

Improve this answer

1 Comment

Ah, good catch. Totally forgot about submit input type. ;-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.