SQL - Insert statement from array

I am using a SQL insert statement into a table taking field from a survey form.  It worked fine until they wanted to add some questions with checkbox answers.  I created a checkbox array and have to sanitize the input.  I can't figure out where the echo goes, I tried a couple of positions but it bombed the page - if I don't use the echo I get "array" inserted into the table instead of the value of the checkbox.

exploring is the checkbox array

Here is an example of the insert statement
INSERT INTO survey SET
		,$exploring='" .$this->real_escape_string(implode(',', $_POST['exploring'])). "' 
			,stay_informed_yes='" . $this->real_escape_string($_POST['stay_informed_yes']) . "'
			,stay_informed_no='" . $this->real_escape_string($_POST['stay_informed_no']) . "'

Open in new window

Thanks
JohnMac328Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Moussa MokhtariEnterpreneurCommented:
@ JohnMac328
How did you create exploring in client side ?
JohnMac328Author Commented:
  <input  type="checkbox" name="exploring[]" id="field id" value="value for table" class="form-control">

Open in new window

Moussa MokhtariEnterpreneurCommented:
Are you running  $this->real_escape_string(implode(',', $_POST['exploring']))
inside your query if so try to put it in variable and insert the variable instead.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

JohnMac328Author Commented:
That is inside the query and it is trying to insert the variable - won't work without echo like they explained here

stack overflow
Moussa MokhtariEnterpreneurCommented:
do this :
$exploringList = $this->real_escape_string(implode(',', $_POST['exploring']));

Open in new window

//now $exploringList  is a string that holds exploring values //tested

then
INSERT into survey
,exploring='" .$exploringList. "' 
			,stay_informed_yes='" . $this->real_escape_string($_POST['stay_informed_yes']) . "'
			,stay_informed_no='" . $this->real_escape_string($_POST['stay_informed_no']) . "'

Open in new window

//also tested and it insert the values of the checkboxes

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnMac328Author Commented:
Ok I will try that tomorrow at work
JohnMac328Author Commented:
Looks like you have two different things happening with the same line - Here is a better explanation of what is happening

Here is the insert statement - after the insert the values are passed to an email function which sends the results of the survey to a recipient.  Here are some of the form fields that handle the checkbox array - what I get now is "Array" instead of the items that they checked.

			<div class="form-group">
    <label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
    <div class="col-xs-8 col-sm-9">
        <input  type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
    </div>
</div> 
<div class="form-group">
    <label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
    <div class="col-xs-8 col-sm-9">
  <input  type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
    </div>
</div> 
<div class="form-group">
    <label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
    <div class="col-xs-8 col-sm-9">
<input  type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
    </div>
</div> 

                                          

Open in new window


			$sql_3 = "INSERT INTO survey SET
			id='" .  $this->real_escape_string($_POST['id']) . "'
			,company='"  . $this->real_escape_string($_POST['company']) . "'
			,address1='" . $this->real_escape_string($_POST['address1']) . "'
			,address2='" . $this->real_escape_string($_POST['address2']) . "'
			,city='" . $this->real_escape_string($_POST['city']) . "'
			,state='" . $this->real_escape_string($_POST['state']) . "'
			,postal_code='" . $this->real_escape_string($_POST['postal_code']) . "'
			,email='" . $this->real_escape_string($_POST['email']) . "'
			,field='" . $this->real_escape_string((int)$_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,$exploring='" .$this->real_escape_string(implode(',', $_POST['exploring'])). "' 
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			" . $this->usual_fields('survey);
			$result = $this->query($sql_3);

                                          

Open in new window

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Query Syntax

From novice to tech pro — start learning today.