mainly we can use $_REQUEST['something'] to show the variables have been sent by the form
try
var_export($_REQUES
in the page receiving form data
Main Topics
Browse All TopicsI may be going about this all wrong...
I built a way to generate a form based on how many registrations a person has paid for. There are a bunch of different scenarios, so I built it to generate the form as a check to make sure they only get what they paid for. I also made it so that each field's id is auto increments.
So, the form generated looks like
id=firstName12
id=firstName13
id=lastName21
id=lastName22
etc.
Now, I need a way to insert the results of the form into a mySql table.
Is there a way to build a looping insert statement in php that is similar to an "insert where firstName is like..." like you can do in SQL?
Thanks,
MH
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
agamal,
Wasn't sure which sample you're looking for so...
Here's a sample of what generates the form:
switch ($data[1])
{
case ($data[1]= 60):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="text" name="firstName'.$x.$j.'" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName'.$x.$j.'" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName'.$x.$j.'" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membTye" type="text" id="membTye'.$x.$j.'" value="3-day Adult Pass">
</label>
<td><input type="text" name="emailAddr'.$x.$j.'" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />';
$j++;
}
$j=1;
break;
And here's a sample of the form.
<tr align="center">
<td><input type="text" name="firstName11" size="10" id="firstName11">
<td><input type="text" name="lastName11" size="10" id="lastName11">
</td>
<td><input type="text" name="badgeName11" size="10" id="badgeName11">
</td>
<td><label>
<input name="membTye" type="text" id="membTye11" value="3-day Adult Pass">
</label>
<td><input type="text" name="emailAddr11" size="14" id="emailAddr11"></td>
</tr>
<br /><tr align="center">
<td><input type="text" name="firstName12" size="10" id="firstName12">
<td><input type="text" name="lastName12" size="10" id="lastName12">
</td>
<td><input type="text" name="badgeName12" size="10" id="badgeName12">
</td>
<td><label>
<input name="membTye" type="text" id="membTye12" value="3-day Adult Pass">
</label>
<td><input type="text" name="emailAddr12" size="14" id="emailAddr12"></td>
</tr>
<tr align="center">
<td><input type="text" name="firstName21" size="10" id="firstName21">
<td><input type="text" name="lastName21" size="10" id="lastName21">
</td>
<td><input type="text" name="badgeName21" size="10" id="badgeName21">
</td>
<td><label>
<input name="membTye" type="text" id="membTye21" value="3-day Student Pass">
</label>
<td><input type="text" name="emailAddr21" size="14" id="emailAddr21"></td>
</tr>
<br />
</div><tr align="center">
<td><input type="text" name="firstName22" size="10" id="firstName22">
<td><input type="text" name="lastName22" size="10" id="lastName22">
</td>
<td><input type="text" name="badgeName22" size="10" id="badgeName22">
</td>
<td><label>
<input name="membTye" type="text" id="membTye22" value="3-day Student Pass">
</label>
<td><input type="text" name="emailAddr22" size="14" id="emailAddr22"></td>
</tr>
Thanks,
MH
1.) You should consider using current best practices and drop the dependency on PHP derived IDs and use an auto increment column (database dependency) for your IDs
2.) You should use [ and ] after the input
<input name="firstname[]">
This will effectively create an array
You can cycle through the arrays to obtain essentially "rows" to insert to a table (which of course you would loop it through a SQL INSERT per "row"
3.) Lastly you SHOULD reference the group in a way such that the group will control the offspring records
Example Structure:
*** first we auto increment the group ***
Group ID
GroupID, FirstName, LastName, Email // MAIN CONTACT
1, John, Doe, john@fake.com
2, John, Smith, john@fakes.com
3, Charlie, Brown, harlie@faker.com
*** Then we auto increment the attendees ***
where the badgeID is autoinremented by database automatically and the group can be referenced by groupID which was previously auto incremented by main contact.
tblGroup: // ATTENDEES
BadgeID, GroupID, FirstName, LastName, Email, TypePass
1, 1, John, Doe, john@fake.com, Adult 3-Day Pass
2, 1, Jane, Doe, jane@fake.com, Adult 3-Day Pass
3, 1, Johny, Doe, johny@fake.com, Student 3-Day Pass
4, 1, Janey, Doe, janey@fake.com, Student 3-Day Pass
5, 2, John, Smith, john@fakes.com, Adult 3-Day Pass
6, 2, Jake, Smith, jake@fakes.com, Student 3-Day Pass
7, 3, Charlie, Brown, charlie@faker.com, Student 3-Day Pass
This type of 1:M (1-to-many) structure is a reliable setup for this type of a job.
=NerdsOfTech
Actually on second thought as far as the form generation goes I would just stick with one incrementing value for the sets and leave the ID creation to the database as mentioned before.
$x=0;
echo '<input name="firstname'.$x.'">';
$x++;
On the processing page:
Create group then
Loop through each set of names and insert badges
=NerdsOfTech
NerdsOfTech,
I like your idear of the array, but just to be verify:
I tried sticking with just one value, but I have to loop through the switch/case statements in case the quantity is more than one. So that loop would create the same values.
For example, if the first case has quantity 2, it would do firstName1 and firstName2. Then if case 2 has quantity 1, because of the loop going through the second time, it would also generate firstName2.
Would the array you're talking about work inside this other loop? Or is there a better way for the case/switch?
Best,
MH
agamal,
I've been trying the following but it doesn't appear to be working. I have a feeling it's the insert statement?
<?php
//Connect To Database
mysql_select_db($database_
$i = 0;
foreach ($_POST as $key => $value){
$query[] = $value;
if ($i == 4) {
//run the query here using $query[0] to $query[4]
$query = 'INSERT INTO attendeenames (col1,col2,col3,col4,col5)
$query = array();
$i = 0;
} else { $i++ ;}
}
?>
Best,
MH
Here's the form
<form action="submitReg.php" method="POST">
<table border="0" cellspacing="0" cellpadding="2" width="80%" align="top">
<?php
mysql_select_db($database_
$datax = array();
$datay = array();
$dataz = array();
$cartNumber = $_SESSION["CartId"];
$query
if ($result = mysql_query($query)) {
$x=1;
$j=1;
while($data = mysql_fetch_array($result,
$var_name='cartNumber'.$x;
$$var_name = $data[0];
$var_name='orderSKU'.$x;
$$var_name = $data[1];
$var_name='quantity'.$x;
$$var_name = $data[2];
switch ($data[1])
{
case ($data[1]= 60):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Adult Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />';
$j++;
}
$j=1;
break;
case ($data[1]= 61):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Student Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
case ($data[1]= 62):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Child Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
case ($data[1]= 63):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="Friday Only Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
}
$x++;
}
}
?>
</table>
<input name="submitReg" type="button" value="submit" />
</form><form action="submitReg.php" method="POST">
<table border="0" cellspacing="0" cellpadding="2" width="80%" align="top">
<?php
mysql_select_db($database_
$datax = array();
$datay = array();
$dataz = array();
$cartNumber = $_SESSION["CartId"];
$query
if ($result = mysql_query($query)) {
$x=1;
$j=1;
while($data = mysql_fetch_array($result,
$var_name='cartNumber'.$x;
$$var_name = $data[0];
$var_name='orderSKU'.$x;
$$var_name = $data[1];
$var_name='quantity'.$x;
$$var_name = $data[2];
switch ($data[1])
{
case ($data[1]= 60):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Adult Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />';
$j++;
}
$j=1;
break;
case ($data[1]= 61):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Student Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
case ($data[1]= 62):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Child Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
case ($data[1]= 63):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="Friday Only Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
}
$x++;
}
}
?>
</table>
<input name="submitReg" type="button" value="submit" />
</form>
And here's what I've been trying for the submit action
<?php
$i = 0;
foreach ($_POST as $key => $value){
$newQuery[] = $value;
if ($i == 4) {
//run the query here using $query[0] to $query[4]
$newQuery=mssql_query('INS
$newQuery = array();
$i = 0;
} else { $i++ ;}
}
?>
Not sure what you mean by database dump?
The table this is going into has no dependencies foreign keys or anything. It's just a floating table until I can figure out a better solution.
Right now, that table is empty and is staying empty because I can't get this insert to work! ;)
It has:
attendeeID as the ID field, customerID_cart, firstName, lastName, badgeName, email, membType
All the fields except for attendeeID are setup as varChar 150.
Is that enough?
Best,
MH
Yikes forget that!
1.) Output code improvement (less work = less errors)
What you need is a while loop with 1 switch for the sku inside of the loop.
2.) Next I would build the table as I suggested before with a tblGroup that will recieve the auto ID via the database and loop through the array to tblBadge (using the Group ID as a foregin key) for the individual badges.
3.) As I corrected myself earlier [ and ] won't work in this case becuase if one field is empty it will gap inside the array (giving an undesirable result); thus, I would say only reserve [ and ] for checkboxes (mulitple selection)
=NerdsOfTech
I added the maxRows input so that in your code you can double check the maximum "rows" you will need to insert to tblBadges.
Basically after you create your groupid in tblGroup (1 insert) you can loop the badges and insert into tblBadges the information (let the database auto increment BadgeID) letting the GroupID foreign key of tblBadges be the connection for your badges "group".
Previous Quote:
"
Example Structure:
*** first we auto increment the group ***
Group ID
GroupID, FirstName, LastName, Email // MAIN CONTACT
1, John, Doe, john@fake.com
2, John, Smith, john@fakes.com
3, Charlie, Brown, harlie@faker.com
*** Then we auto increment the attendees ***
where the badgeID is autoinremented by database automatically and the group can be referenced by groupID which was previously auto incremented by main contact.
tblGroup: // ATTENDEES
BadgeID, GroupID, FirstName, LastName, Email, TypePass
1, 1, John, Doe, john@fake.com, Adult 3-Day Pass
2, 1, Jane, Doe, jane@fake.com, Adult 3-Day Pass
3, 1, Johny, Doe, johny@fake.com, Student 3-Day Pass
4, 1, Janey, Doe, janey@fake.com, Student 3-Day Pass
5, 2, John, Smith, john@fakes.com, Adult 3-Day Pass
6, 2, Jake, Smith, jake@fakes.com, Student 3-Day Pass
7, 3, Charlie, Brown, charlie@faker.com, Student 3-Day Pass
This type of 1:M (1-to-many) structure is a reliable setup for this type of a job.
"
=NerdsOfTech
CORRECTION (Table Names)"
Example Structure:
*** first we auto increment the group ***
tblGroup
GroupID, FirstName, LastName, Email // MAIN CONTACT
1, John, Doe, john@fake.com
2, John, Smith, john@fakes.com
3, Charlie, Brown, harlie@faker.com
*** Then we auto increment the attendees ***
where the badgeID is autoinremented by database automatically and the group can be referenced by groupID which was previously auto incremented by main contact.
tblBadges: // ATTENDEES
BadgeID, GroupID, FirstName, LastName, Email, TypePass
1, 1, John, Doe, john@fake.com, Adult 3-Day Pass
2, 1, Jane, Doe, jane@fake.com, Adult 3-Day Pass
3, 1, Johny, Doe, johny@fake.com, Student 3-Day Pass
4, 1, Janey, Doe, janey@fake.com, Student 3-Day Pass
5, 2, John, Smith, john@fakes.com, Adult 3-Day Pass
6, 2, Jake, Smith, jake@fakes.com, Student 3-Day Pass
7, 3, Charlie, Brown, charlie@faker.com, Student 3-Day Pass
This type of 1:M (1-to-many) structure is a reliable setup for this type of a job.
"
NerdsOfTech,
Looks like I copied the form in there twice. Sheesh. Too many late nights on this...
I'm not sure exactly what you mean by #2?
2.) Next I would build the table as I suggested before with a tblGroup that will recieve the auto ID via the database and loop through the array to tblBadge (using the Group ID as a foregin key) for the individual badges.
I don't know how to do that. It sounds great but I don't know what you mean or how to do it. Could you show a sample or provide a link that shows how?
By the way, if they leave a blank field, I would like to insert a blank space just as a placeholder. On another page, I intend to build a edit/update for the data. Got a way to do that too?
Thanks,
MH
Therefore after the form is submitted:
1.) determine total badge quantity
2.) insert main contact into tblGroup (1 insert)
3.) get tblGroupID via mysql_insert_id() command
4.) loop through badge input data and insert into tblBadge (make sure GroupID foreign key is equal to result from 3)
That's the deal.
=NerdsOfTech
Therefore after the form is submitted:
1.) determine total badge quantity
2.) insert main contact into tblGroup (1 insert)
3.) get tblGroupID via mysql_insert_id() command
4.) loop through badge input data and insert into tblBadge (make sure GroupID foreign key is equal to result from 3) for each badge (multiple individual inserts)
=NerdsOfTech
NerdsOfTech,
Thanks for your efforts!
I do like the way you cleaned up the form.
I'm still a little unclear on what you mean by the tables but I'll give it a shot this evening.
Glad you think it's a challenge. To me, it's been one helluva headache! I got in over my head, but I guess that's how we learn...
Thanks again for the help,
MH
NerdsOfTech,
Well, I wish it was better news...
It still doesn't do anything. I press the button and nothing happens.
Worse though, as items are added, it no longer gets the quantity. It only creates one line in the form for each SKU.
Is it because the form is being generated inside an echo? I don't know why it wouldn't work, but it isn't.
Still up for the challenge? ;)
Best,
MH
Here's the way I had it setup before so that it would capture the different quantities. Without the double pasting this time!
<?php
echo ' <form action="submitReg.php" method="POST">
<table border="0" cellspacing="0" cellpadding="2" width="80%" align="top">
<tr>
<td> </td>
<td>First Name</td>
<td>Last Name</td>
<td>Badge Name</td>
<td>Membership Type</td>
<td>E-mail Address</td>
</tr>';
mysql_select_db($database_
$datax = array();
$datay = array();
$dataz = array();
$cartNumber = $_SESSION["CartId"];
$query = "SELECT tbl_cart.cart_custcart_ID AS cartNumber, tbl_cart.cart_sku_ID AS orderSKU, tbl_cart.cart_sku_qty AS quantity FROM tbl_cart WHERE tbl_cart.cart_custcart_ID = '$cartNumber'";
if ($result = mysql_query($query)) {
$x=1;
$j=1;
while($data = mysql_fetch_array($result,
$var_name='cartNumber'.$x;
$$var_name = $data[0];
$var_name='orderSKU'.$x;
$$var_name = $data[1];
$var_name='quantity'.$x;
$$var_name = $data[2];
switch ($data[1])
{
case ($data[1]= 60):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Adult Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />';
$j++;
}
$j=1;
break;
case ($data[1]= 61):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Student Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
case ($data[1]= 62):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="3-day Child Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
case ($data[1]= 63):
while ($j <= $data[2]) {
echo '<tr align="center">
<td><input type="hidden" name="customerID_cart" value="'.$cartNumber.'">
<td><input type="text" name="firstName[]" size="10" id="firstName'.$x.$j.'">
<td><input type="text" name="lastName[]" size="10" id="lastName'.$x.$j.'">
</td>
<td><input type="text" name="badgeName[]" size="10" id="badgeName'.$x.$j.'">
</td>
<td><label>
<input name="membType" type="text" id="membType'.$x.$j.'" value="Friday Only Pass">
</label>
<td><input type="text" name="emailAddr[]" size="14" id="emailAddr'.$x.$j.'"></td
</tr>
<br />
</div>';
$j++;
}
$j=1;
break;
}
$x++;
}
}
echo '</table>
<input name="submitReg" type="button" value="submit" />
</form>'
?>
NerdsOfTech,
Yeah, I figured that out. It still didn't work. Like I said, your version doesn't collect multiple quantities. If someone orders three of the 3-day pass, your version only prints out one line in the form.
That and I can't get it to process the form. It still just sits there without generating any errors or anything. Just looks like no code is being run.
Best,
MH
ok, so it looks like my real problem is that the form won't submit. I don't know if it will insert or not.
Until I figure out why it won't process, I can't find out if it will insert.
So, I'm going to open another question just for that. Hopefully, I can come up with an answer for that and then move back here for the submit.
Thanks,
MH
Awesome! Your welcome. One word of advise also to finalize your processing page:
You should also secure the submitted form values against injection attacks and other sql type attacks.
Basically instead of inputting the raw values into the database CHECK the VALUES and UNESCAPE any INVALID chartacters so that someone doesn't input their first name as:
'; WHERE 1; DELETE * FROM'
etc.
Best Wishes,
=NerdsOfTech
NerdsOfTech,
Could you point me in the direction of a decent tutorial or something that illustrates that? I have been reading up on it but most seem to require magic quotes or other extras. I'm not sure if that's going to be an option in this case.
Thanks again. After I went through it more carefully, I noticed I had a missing [ after one of the fields. When I put that in, it worked just fine.
Well, after I changed the mssql to mysql! Seeing that didn't make me feel quite so bad about hosing the submit button! ;)
Best,
MH
mysql_real_escape_string($
http://en.wikipedia.org/wi
Good luck,
=NerdsOfTech
Business Accounts
Answer for Membership
by: agamalPosted on 2009-03-07 at 23:18:28ID: 23828319
sure there is a way ... can i see a sample of your form code and i will send you a sample code to do you the looping insert