-1

I am a self learner but I am stuck here. I hope you guys can help me out of this. Department value is different every time and I want to insert the value to mysql database. I don't know how to do it. But I did the following to get this done.

<tr>
    <td> 

        <?php echo $result['dep']; ?><input type="hidden" name="department" value="<?php echo $result['dep']; ?>">

    </td>
    <td>

        <input type="radio" name="attendance[<?php echo $result['roll'] ?>]" required="1" value="present"> Present

        <input type="radio" name="attendance[<?php echo $result['roll'] ?>]" required="1" value="absent"> Absent

    </td>
</tr>

And here is my iteration code to insert the form data to mysql database:

if(isset($_POST['submit'])){

$attendance = $_POST['attendance'];

$dep = $_POST['department'];

$current_date = date('Y-m-d');

$getAttendance = $user->insertAttendance($dep, $attendance, $current_date);

}

Here is the insert function: public function insertAttendance($dep, $attendance = array(), $date){ foreach ($attendance as $att_key => $att_value) {

    $sql = "INSERT INTO tcr_attendance (roll, department, attendance, attendance_date) VALUES ('$att_key', '$dep', '$att_value', '$date')";

    $insert_row = $this->db->insert($sql);

}

But all I get is first value for the department. Please, someone help me out of to get iteration for department values inside the foreach loop for attencance.

Shahadat Hossen
  • 1
  • 1
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 05 '18 at 15:43
  • If the `department` value changes from row to row, shouldn't you submit it using an array like the `attendance` values? – Nico Haase Mar 05 '18 at 16:06
  • Either your code is incomplete, or you completly missed the point of
    . Look at examples on how to define a form and put it's inputs into a database using PHP. There are many examples on the web of this.
     – Nic3500 Mar 05 '18 at 17:46

1 Answers1

1

You probably want to look into PDO's prepared queries as presently you are vulnerable to SQL Injection.

i.e.

$pdo = new PDO($dsn, $user, $password);

foreach ($attendance as $roll => $present) {
    $statement = $pdo->prepare('
        INSERT INTO tcr_attendance (roll, department, attendance, attendance_date) 
        VALUES (:roll, :department, :attendance, :attendance_date)
    ');

    $statement->bindParam(':roll', $roll);
    $statement->bindParam(':department', $department);
    $statement->bindParam(':attendance', $present);
    $statement->bindParam(':attendance_date', $date);

    $statement->execute();
}

The above would give you better protection against malicious values being passed directly into your queries.

As for your question:

Its hard to tell exactly without the rest of your code, and how your form is working so I can only really give rough guidance, a basic approach would be.

  • Submit your Form
  • Loop through your $_POST values for the form data.
  • Perform an Insert query on each iteration

A more optimal way (depending on the amount of inserts) would probably be to do a singular insert query (this means you don't have to connect for each query), so you you would want to loop through your data, build up the insert, and then execute it.

Mikey
  • 2,606
  • 1
  • 12
  • 20
  • if(isset($_POST['submit'])){ $attendance = $_POST['attendance']; $dep = $_POST['department']; $current_date = date('Y-m-d'); $getAttendance = $user->insertAttendance($dep, $attendance, $current_date); } @Mikey – Shahadat Hossen Mar 06 '18 at 02:26
  • Thanks a lot, Mikey for your kind helpful answer. I could use an array to get department values from the form but what I don't know is how to get those values inside the foreach loop of attendance. Can you please, suggest me how to get values from an array(department) inside a foreach iteration for another array(attendance)? At this moment I am getting different values(expected) for attendance in every row but same value(unexpected) for department. @Mikey – Shahadat Hossen Mar 06 '18 at 02:51
  • You could potentially change your form `name` attributes so the department is within the same array as attendance. – Mikey Mar 06 '18 at 08:41