SQL - Insert statement from array
I am using a SQL insert statement into a table taking field from a survey form. It worked fine until they wanted to add some questions with checkbox answers. I created a checkbox array and have to sanitize the input. I can't figure out where the echo goes, I tried a couple of positions but it bombed the page - if I don't use the echo I get "array" inserted into the table instead of the value of the checkbox.
exploring is the checkbox array
Here is an example of the insert statement
INSERT INTO survey SET
exploring is the checkbox array
Here is an example of the insert statement
INSERT INTO survey SET
,$exploring='" .$this->real_escape_string(implode(',', $_POST['exploring'])). "'
,stay_informed_yes='" . $this->real_escape_string($_POST['stay_informed_yes']) . "'
,stay_informed_no='" . $this->real_escape_string($_POST['stay_informed_no']) . "'ASKER
<input type="checkbox" name="exploring[]" id="field id" value="value for table" class="form-control">
Are you running $this->real_escape_string(
inside your query if so try to put it in variable and insert the variable instead.
inside your query if so try to put it in variable and insert the variable instead.
ASKER
That is inside the query and it is trying to insert the variable - won't work without echo like they explained here
stack overflow
stack overflow
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I will try that tomorrow at work
ASKER
Looks like you have two different things happening with the same line - Here is a better explanation of what is happening
Here is the insert statement - after the insert the values are passed to an email function which sends the results of the survey to a recipient. Here are some of the form fields that handle the checkbox array - what I get now is "Array" instead of the items that they checked.
Here is the insert statement - after the insert the values are passed to an email function which sends the results of the survey to a recipient. Here are some of the form fields that handle the checkbox array - what I get now is "Array" instead of the items that they checked.
<div class="form-group">
<label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
<div class="col-xs-8 col-sm-9">
<input type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
</div>
</div>
<div class="form-group">
<label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
<div class="col-xs-8 col-sm-9">
<input type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
</div>
</div>
<div class="form-group">
<label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
<div class="col-xs-8 col-sm-9">
<input type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
</div>
</div>
$sql_3 = "INSERT INTO survey SET
id='" . $this->real_escape_string($_POST['id']) . "'
,company='" . $this->real_escape_string($_POST['company']) . "'
,address1='" . $this->real_escape_string($_POST['address1']) . "'
,address2='" . $this->real_escape_string($_POST['address2']) . "'
,city='" . $this->real_escape_string($_POST['city']) . "'
,state='" . $this->real_escape_string($_POST['state']) . "'
,postal_code='" . $this->real_escape_string($_POST['postal_code']) . "'
,email='" . $this->real_escape_string($_POST['email']) . "'
,field='" . $this->real_escape_string((int)$_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,$exploring='" .$this->real_escape_string(implode(',', $_POST['exploring'])). "'
,field='" . $this->real_escape_string($_POST['field']) . "'
,field='" . $this->real_escape_string($_POST['field']) . "'
" . $this->usual_fields('survey);
$result = $this->query($sql_3);
How did you create exploring in client side ?