SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Addict WebMachine's Avatar
    Join Date
    Jun 2007
    Location
    Ontario, Canada
    Posts
    392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Inserting contents of html table into database ...

    I have a form that consists of a 9 x 9 table in which each cell contains an input box. I want to gather the contents of all the input boxes and insert each one, along with its row # and column # into a database. I have a stripped down version of what I am trying to do below:
    PHP Code:
    <?php
    require_once('inc/connect_db.php');

    if (ISSET(
    $_POST['submit'])) {
            
        for (
    $i 1$i <= 9$i++) {
            for (
    $j 1$j <= 9$j++) {
                
    $contents $_POST['contents[$i][$j]'];
                
                
    $cell_query "INSERT INTO cells (row, column, contents)
                VALUES ('
    $i', '$j', '$contents') ";
                
                
    $cell_result mysql_query($cell_query$mysql_link);
            }
        }
    ?>

    <!DOCTYPE html>

    <html>

    <head>
    <title></title>
    </head>

    <body>
        <form name="newForm" method="post" action="sample.php">
            <table>
                <?php    
                    
    for ($i=1$i<=9$i++) {
                        print(
    "<tr>");
                        for (
    $j=1$j<=9$j++) {
                            print(
    "<td><input type=\"text\" class=\"contents\" name=\"contents[[$i][$j]]\" /></td>");    
                        }                        
                            print(
    "</tr>");
                    }
                
    ?>
                </table>
                <input type="submit" name="submit" value="Enter Game Values" id="submit" />
            </form>    
        
    </body>

    </html>
    There are no problems with inserting other data including the row and column numbers into the database. I just can't figure out how to capture the grid of input values. Each input value is supposed to generate its own row in the database table.

    Any suggestions? Am I on the right track?

  2. #2
    SitePoint Wizard frank1's Avatar
    Join Date
    Oct 2005
    Posts
    1,392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by WebMachine View Post
    I just can't figure out how to capture the grid of input values. Each input value is supposed to generate its own row in the database table.

    Any suggestions? Am I on the right track?
    I didn't get it.You are already capturing the data.(Ya model can be different but i think it will work)

    One suggestion having 9x9 fields data entry form i bet your data entry operator will make mistakes in entry atleast 2 out of 4 times and verification after entry will be very time consuming so if possible divide the entry form.
    Just a suggestion.

    Thanks

  3. #3
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,183
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    From what i can tell the following is the problem.

    Code:
    $_POST['contents[$i][$j]']
    When you call an multidimensional array you need to call each index as a subsequent index for each step in the array that you go down, see the below code which does what you need.

    PHP Code:
    $_POST['contents'][$i][$j
    Blog/Portfolio | Evolution Xtreme | DFG Design | DFG Hosting | CSS-Tricks | Stack Overflow | Paul Irish
    Having lame problems with your code? Let us help by using a jsFiddle

  4. #4
    SitePoint Addict WebMachine's Avatar
    Join Date
    Jun 2007
    Location
    Ontario, Canada
    Posts
    392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay, that makes sense. But then in the form, how do I use the multi-dimensional array to pick up the values from my input boxes? I'm not sure what name to give the input box that will get the value and the two indices of the array element. I really don't think the 'name' that I gave the box is right, but I wasn't sure what else to do.

    I know with checkboxes, you can give a name that is an array, such as name = ="item[]". But how would that apply to a two-dimensional array?

    By the way, I am trying to code a sudoku game just for fun, so there will be no data entry operator. This code is just part of the code I have to set up a game initially.

    ...

    I changed the 'name' to the format you suggested also, and it works. I didn't realize you could use that syntax in the html part of the form also. Thank you very much.
    Last edited by WebMachine; Jun 23, 2012 at 18:45. Reason: I think I got it.

  5. #5
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    This...

    PHP Code:
    $contents $_POST['contents[$i][$j]']; 
    ...should probably be...

    PHP Code:
    $contents $_POST['contents'][$i][$j]; 
    ...and this...

    PHP Code:
    name=\"contents[[$i][$j]]\" 
    ...should probably be...

    PHP Code:
    name=\"contents[$i][$j]\" 
    In addition, I would probaly code the transaction like this...

    PHP Code:
    $cell_query "INSERT INTO cells (row, column, contents) VALUES ('%d', '%d', '%s') ";
    $compiled_cell_query sprintf($cell_query$i$j$contents);
    $cell_result mysql_query($compiled_cell_query$mysql_link); 
    ...hope it helps.

  6. #6
    SitePoint Addict WebMachine's Avatar
    Join Date
    Jun 2007
    Location
    Ontario, Canada
    Posts
    392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, I got it working now. But could you please explain to me your line $compiled_cell_query ...

    It's these finer points of php that I'm not sure of yet. Why did you use sprintf here?

  7. #7
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    Sure. I suggested it just so you would ask this question.

    SQL injection is when somebody inputs a malformed value into a form submission box on a webpage, knowing that the data will be send through an sql statement. Usually done in such a way as to destroy, or cause havoc with a website. To be fair, my example was a bit incomplete. It was late and I was tired.

    Consider:
    PHP Code:
    // simulate a form posted value
    $searchCriteria "bob";

    // asssemble a query
    $sql "select * from people where name = $searchCriteria"
    While the above will work, consider the alternative:
    PHP Code:
    // simulate a form posted value
    $searchCriteria "bob; drop table people";

    // asssemble a query
    $sql "select * from people where name = $searchCriteria"
    The ; character delimits sequential sql statements. The user just deleted your people table.

    sprintf alone will not handle all situations. I used it to get your attention. The sprintf syntax %d, for example, doesn't just substitute values in, it casts them, so the value '1; drop table people' becomes merely '1', a decimal. It doesn't do anything really for strings though. For strings, you'll need to run them through mysql_real_escape_string() before combining them with the query. If your needs are simple, this is usually enough. But as you grow, or your needs change (say mysql to sqlite) you may find an abstraction layer more to your liking. I would take a look at the PDO extension. I was recently introduced to this myself, and am in the process today of recoding some of my core classes to use it.

  8. #8
    SitePoint Addict WebMachine's Avatar
    Join Date
    Jun 2007
    Location
    Ontario, Canada
    Posts
    392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the excellent explanation. I only know the basics of sql injection, so that was very helpful. I took a couple of classes in php where we were taught to use addslashes and stripslashes to avoid sql injection, but I guess that was pretty simplistic and doesn't always do the trick.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •