SQL - Insert statement from array

JohnMac328
JohnMac328 used Ask the Experts™
on
I am using a SQL insert statement into a table taking field from a survey form.  It worked fine until they wanted to add some questions with checkbox answers.  I created a checkbox array and have to sanitize the input.  I can't figure out where the echo goes, I tried a couple of positions but it bombed the page - if I don't use the echo I get "array" inserted into the table instead of the value of the checkbox.

exploring is the checkbox array

Here is an example of the insert statement
INSERT INTO survey SET
		,$exploring='" .$this->real_escape_string(implode(',', $_POST['exploring'])). "' 
			,stay_informed_yes='" . $this->real_escape_string($_POST['stay_informed_yes']) . "'
			,stay_informed_no='" . $this->real_escape_string($_POST['stay_informed_no']) . "'

Open in new window

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Moussa MokhtariEnterpreneur
Top Expert 2016

Commented:
@ JohnMac328
How did you create exploring in client side ?

Author

Commented:
  <input  type="checkbox" name="exploring[]" id="field id" value="value for table" class="form-control">

Open in new window

Moussa MokhtariEnterpreneur
Top Expert 2016

Commented:
Are you running  $this->real_escape_string(implode(',', $_POST['exploring']))
inside your query if so try to put it in variable and insert the variable instead.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
That is inside the query and it is trying to insert the variable - won't work without echo like they explained here

stack overflow
Enterpreneur
Top Expert 2016
Commented:
do this :
$exploringList = $this->real_escape_string(implode(',', $_POST['exploring']));

Open in new window

//now $exploringList  is a string that holds exploring values //tested

then
INSERT into survey
,exploring='" .$exploringList. "' 
			,stay_informed_yes='" . $this->real_escape_string($_POST['stay_informed_yes']) . "'
			,stay_informed_no='" . $this->real_escape_string($_POST['stay_informed_no']) . "'

Open in new window

//also tested and it insert the values of the checkboxes

Author

Commented:
Ok I will try that tomorrow at work

Author

Commented:
Looks like you have two different things happening with the same line - Here is a better explanation of what is happening

Here is the insert statement - after the insert the values are passed to an email function which sends the results of the survey to a recipient.  Here are some of the form fields that handle the checkbox array - what I get now is "Array" instead of the items that they checked.

			<div class="form-group">
    <label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
    <div class="col-xs-8 col-sm-9">
        <input  type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
    </div>
</div> 
<div class="form-group">
    <label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
    <div class="col-xs-8 col-sm-9">
  <input  type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
    </div>
</div> 
<div class="form-group">
    <label for="Title" class="control-label col-xs-4 col-sm-3">Title</label>
    <div class="col-xs-8 col-sm-9">
<input  type="checkbox" name="exploring[]" id="id field" value="Value passed to the insert" class="form-control">
    </div>
</div> 

                                          

Open in new window


			$sql_3 = "INSERT INTO survey SET
			id='" .  $this->real_escape_string($_POST['id']) . "'
			,company='"  . $this->real_escape_string($_POST['company']) . "'
			,address1='" . $this->real_escape_string($_POST['address1']) . "'
			,address2='" . $this->real_escape_string($_POST['address2']) . "'
			,city='" . $this->real_escape_string($_POST['city']) . "'
			,state='" . $this->real_escape_string($_POST['state']) . "'
			,postal_code='" . $this->real_escape_string($_POST['postal_code']) . "'
			,email='" . $this->real_escape_string($_POST['email']) . "'
			,field='" . $this->real_escape_string((int)$_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,$exploring='" .$this->real_escape_string(implode(',', $_POST['exploring'])). "' 
			,field='" . $this->real_escape_string($_POST['field']) . "'
			,field='" . $this->real_escape_string($_POST['field']) . "'
			" . $this->usual_fields('survey);
			$result = $this->query($sql_3);

                                          

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial