Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts

    inserting multipage form into mysql

    Hi Everyone!

    I'm hoping someone here can help me. I have a 5 page form with roughly 175
    fields/checkboxes that I'm trying to get inserted into a mysql database.
    My deadline on this whole project was only 3 days so I had to figure out a quick method of doing things. Rather than using sessions and/or standard php arrays I found a snippet of code that takes all $_POST data from a previous page and creates hidden fields in the next page. That works just fine for this project.
    here's that bit of code:

    PHP Code:
    <?php foreach ($_POST as $key => $val) {
      echo 
    '<input type="hidden" name="' $key '" value="' 
        
    htmlentities($valENT_QUOTES) . '" />' "\r\n";

    ?>
    Ok, so this as I said is spread out through pages 2 through 5 and each page posts to the next page. Then page 5 posts to process.php which is supposed to take all the previous fields and insert into a database. But I can't get it to work. here's what I have in process.php

    PHP Code:
    <?php include("../Connections/wtrcapp.php"); ?>
    <?php 
    foreach ($_POST as $key => $val) {
      echo 
    '<input type="hidden" name="' $key '" value="' 
        
    htmlentities($valENT_QUOTES) . '" />' "\r\n";
     }
     foreach(
    $key as $val) {
    $insert="INSERT INTO westoco6_app (".implode(","array_keys($key)).") VALUES ('".implode("','"array_values($val))."')";
    }
    mysql_query($insert) OR die(mysql_error())
    ?>
    Now I don't know that I'm even close to the mark on this but i think I am...most of my errors originate from line 6, the second foreach statement.
    If anyone can give me a clue as to what I'm doing wrong here or point me in a better direction I'd be very appreciative. My deadline ends in the morning.

    Thanks much for your time,
    Michael Smith

  • #2
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    My best guess is this part

    Code:
    '".implode("','",
    which is in the insert query. It may be using the single quote as an ending to the first insert value. Maybe it needs a slash in it?

  • #3
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    so change this:

    ('".implode("','",

    to this?

    ('/".implode("','",

  • #4
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    I guess I should have mentioned the error I get is:


    Warning: Invalid argument supplied for foreach() in /home/westoco6/public_html/app/process.php on line 6
    Query was empty

  • #5
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    foreach() requires an array which $key is not.

  • Users who have thanked PappaJohn for this post:

    LegionSmith (12-18-2008)

  • #6
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    right, ok...I get that. the script that creates the hidden fields is creating an array is it not? I haven't used arrays much so I'm out of my comfort zone here.
    I realize this method might not even be close to what I should be doing, but I assumed that I could foreach of the values from all the previous pages and implode into the db, all of this without manually typing 175 fields into an array.


    Does that make sense? any clue as to what I should do here?
    I'm pretty well stuck and a bit confused here.

    Thanks much!
    Michael

  • #7
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    This line, pulls the values from the $_POST array:
    PHP Code:
    <?php foreach ($_POST as $key => $val)
    By the time you get to here:
    PHP Code:
    foreach($key as $val
    The loop above has already run through all the variables in the $_POST array, and so $key is the name of the last variable the loop ran through. That is why it is not an array by the time you get to this line.

    I don't know what the data looks like from your $_POST array, but you could well run into problem simply imploding them into the SQL statement due to not presenting the data to MySQL in the form it expects (ie: missing quotes around string variables, etc). I guess if you're careful with your data, you could make it work.

    Additionally, simply imploding the data into your SQL statement is not providing any security. Since the $_POST array comes from the browser, the data contained in it can be altered by the user, regardless of whether it is in hidden fields or not. Therefore, it cannot be trusted, and you should be using mysql_real_escape_string().
    Last edited by PappaJohn; 12-18-2008 at 05:54 AM. Reason: typo

  • Users who have thanked PappaJohn for this post:

    LegionSmith (12-18-2008)

  • #8
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Ok I understand what you're saying about it not being an array anymore...I see your point there.
    I also get the issue with imploding, I'm just using code provided at a snippet site, none of this really isn't my strong suit.
    Supposedly all the code I had would do exactly what I needed it to do, but obviously it didn't.
    I'm just trying to find a viable solution to inserting all those fields into mysql without manually typing everything, as I said before. There just wasn't time for all of that.

    Regarding security of the data, it's really not an issue as it's on an intranet and apparently is going to be totally revamped in phase 2 anyway. So I'm not worried about escaping characters for now. This is just how they want it for now (like the next 2 weeks) and after that it's just going straight to pdf. But that will never happen if I don't get this part down first.

    Do you have any suggestions as to what I should actually be doing with this processing script? Is there another way of accomplishing this without the implode?

    This is my latest iteration of the code, having added the $array variable and changing the foreach, but this just returns even more errors.

    PHP Code:
    <?php include("../Connections/wtrcapp.php"); ?>
    <?php 
    foreach ($_POST as $key => $val) {
      echo 
    '<input type="hidden" name="' $key '" value="' 
        
    htmlentities($valENT_QUOTES) . '" />' "\r\n";
     }
     
    $array = array('$key','$val');
     foreach (
    $array as $insert) {
    $insert="INSERT INTO application (".implode(","array_keys($key)).") VALUES ('".implode("','"array_values($val))."')";
    }
    mysql_query($insert) OR die(mysql_error())
    ?>
    I get the feeling that I'm going about the process.php page totally wrong, but again this out way out of my realm.

    Thanks very much for the help you've been giving.

    Michael

  • #9
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    OK, your getting closer.

    Remove this line:
    PHP Code:
    $array = array('$key','$val'); 
    For the reasons I explained above, by the time you get to this line, $key & $val only contain the values from the last iteration of the loop above.

    However, all of the $_POST variables are still intact.

    So, change:
    PHP Code:
     foreach ($array as $insert) {
    $insert="INSERT INTO application (".implode(","array_keys($key)).") VALUES ('".implode("','"array_values($val))."')";

    to
    PHP Code:
     foreach ($_POST as $key => $val) {
    $insert="INSERT INTO application (".implode(","array_keys($key)).") VALUES ('".implode("','"array_values($val))."')";

    I can't be certain without seeing the form and incoming data if this will succeed or not.

    If it does not succeed. Add this line immediately after mysql_query($insert) OR die(mysql_error());
    PHP Code:
    echo $insert '<br>'
    Last edited by PappaJohn; 12-18-2008 at 06:27 AM. Reason: i can't spell

  • Users who have thanked PappaJohn for this post:

    LegionSmith (12-18-2008)

  • #10
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Ok cool, I see where you're going with this. all the $_POST is still in memory so I just need to access the $_POST at this point, not necessarily the array. I'm confused by all the implode and array_keys though. That's what I get for using code I don't understand i guess.

    Anyway, I tried what you just said and I got a whole slew of errors on line 8. you can see it here: http://westtexasrehab.org/app/process.php
    You can just go to /app to see the start of the form. There's only validation
    on the first part of page one. After that nothing is necessarily required.

    I also tried the echo statement and that returned an error on line 11...the echo lline.

    Since we're now just using $_POST, are the array keys and implode
    still necessary? Does $_POST save all of the information or just the last submitted?

    I know all of this seems silly as it's going to be revamped anyway...the form
    used to work in a completely different manner, then the server got hacked
    and all the pages were totally jacked up. They gave me 3 days to build the original form again but stated that they'd want to go a totally different route.
    they also said they didn't care about security whatsoever this time around. Whatever, I just do as I'm asked.

    That last bit of help was awesome, thank you so much for that.
    Michael

  • #11
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    Well, some of that was my bad, I honestly never looked past the foreach issue.

    Let's try a new query
    PHP Code:
    $insert="INSERT INTO application (".implode(","array_keys($_POST)).") VALUES ('".implode("','"array_values($_POST))."')"
    This is assuming that the field names in your database, match the input field names from $_POST. If not, this will not work. Assuming they do ...

    You don't need the foreach here at all, because you're using array_keys() and array_values().

    array_keys() returns the keys from an array, and array_values() returns the values. So, imploding array_keys() will set the field names and imploding array_values() will set the values to be inserted in the fields.

    So, replace:
    PHP Code:
     foreach ($_POST as $key => $val) {
    $insert="INSERT INTO application (".implode(","array_keys($key)).") VALUES ('".implode("','"array_values($val))."')";

    with
    PHP Code:
    $insert="INSERT INTO application (".implode(","array_keys($_POST)).") VALUES ('".implode("','"array_values($_POST))."')"
    Again, if it fails with no errors, echo $insert to see what it contains.

    Edit:
    Q. Does $_POST save all of the information or just the last submitted?

    A. Only the last submitted. When this script terminates, $_POST will be cleared.

  • Users who have thanked PappaJohn for this post:

    LegionSmith (12-18-2008)

  • #12
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    On a side note, this is where I found the "pass form fields in a multi page form" snippet:
    http://www.earn-web-cash.com/2008/02...form-revisted/

  • #13
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Ok, that's looking much better. Now I'm just getting a "No Database selected" error. which is weird. I've got navicat running and double checked everything in my connection script, not sure whats going on there.

    when I try to echo to see what values it's getting I get the error:
    Parse error: syntax error, unexpected T_ECHO in /home/westoco6/public_html/app/process.php on line 9

    Let me see if I can figure out why it's giving the no database error, but I'm really hopeful that you may have got it figured out.

    Michael

  • #14
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    Hmm, that's a little harder to say from here. I'm assuming this line
    PHP Code:
    <?php include("../Connections/wtrcapp.php"); ?>
    includes the db connection code.

    It should include a mysql_connect() statement with the proper parameters and a mysql_select_db() statement. Make sure each of these includes an or die(mysql_error()).

    You can post the contents of the file if you'd like, but first, be sure to edit out any sensitive info.

    Parse error: syntax error, unexpected T_ECHO in /home/westoco6/public_html/app/process.php on line 9
    Post the code on a few lines surrounding line 9, although it could well be a missing semi-colon ; .

  • Users who have thanked PappaJohn for this post:

    LegionSmith (12-18-2008)

  • #15
    New Coder
    Join Date
    Dec 2008
    Posts
    13
    Thanks
    8
    Thanked 0 Times in 0 Posts
    yeah, it's obviously the connection script. I've been double checking it and it looks good to me. here it is minus the sensitive info:

    PHP Code:
    <?php
    # Type="MYSQL"
    # HTTP="true"
    $hostname_wtrcapp "myhost";
    $database_wtrcapp "mydb";
    $username_wtrcapp "myusername";
    $password_wtrcapp "mypass";
    $wtrcapp mysql_pconnect($hostname_wtrcapp$username_wtrcapp$password_wtrcapp) or trigger_error(mysql_error(),E_USER_ERROR); 
    ?>
    Now I just noticed that my connection has mysql_pconnect and my process.php script is using mysql_query. I tried changing the process to mysql_pconnect and I get this error:
    Warning: mysql_pconnect() [function.mysql-pconnect]: Unknown MySQL server host 'INSERT INTO application (Position,date_mm,date_dd,date_yy,Relative,Other,Last_Name,First_Name,Middle' (3) in /home/westoco6/public_html/app/process.php on line 8
    arrghh this is so frustrating. I think you've got it, I checked the source and all the fields are there, I think they'd submit if it could find the db. I don't understand why it's not, I've used this same connection script in the past and it's always worked.

    I also did change line 1 of process.php to
    PHP Code:
    <?php require_once('../Connections/wtrcapp.php'); ?>
    instead of include.

    Thank you so much for all the help you've been giving, I owe you a beer for sure.

    Michael


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •