PHP Array_$POST to SQL

I am trying to get the current PHP code and insert into the database. Currently I am able to save the first name, last name, and email but unable to get the rest of my form data "gender", and "console" to be saved. Here is the code

<!Doctype html public>

<html>
<body>

fill out the following form:

<table border="1" cellpadding="10">
<td>
<h1> Devices owned Survey </h1>
<form action="submit_answer.php" method = "POST"> 
First Name: <br /> <input type="text" name="first" /><br />
<br />
Last Name: <br /> <input type="text" name="last" /> <br />
<br />
Email: <br /> <input type="text" name="email" /> <br />
<br />
<u>Gender</u>: <br />
<br />
<input type="radio" name="gender" value="male" /> Male<br />
<input type="radio" name="gender" value="female" /> Female <br />
<br />
<u>I Have The Following:</u> <br />
<br />
<input type="checkbox" name="console" value="Playstation3" /> Playstation 3<br />
<input type="checkbox" name="console" value="Xbox360" />  Xbox 360 <br />
<input type="checkbox" name="console" value="Wii" />  Wii <br />
<input type="checkbox" name="console" value="Iphone" />  Iphone <br />
<input type="checkbox" name="console" value="MacBook" />  MacBook <br />
<br />
<input type="submit"/>
</form>

</td>
</table>
</body>
</html>



 PHP //SUMBMIT FORM
<?php

define('DB_NAME', 'survey');
define('DB_USER', 'root');
define('DB_PASSWORD', 'XXXX');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

 if (!$link)
{
die('Could NOT Connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) 
{
die ('Cant\'t use' . DB_NAME. ':' . mysql_error());
}
echo 'Connected Sucessfully';

$first = $_POST["first"]; // Since method=”post” in the form
$last = $_POST["last"];
$email = $_POST["email"];
$gender = $_POST["gender"];
$console = $_POST["console"];


$sql = "INSERT INTO survey (first, last, email) VALUES                   
( '$_POST[first]','$_POST[last]','$_POST[email]','$_POST[gender]','$_POST[console]')";
$result = mysql_query($sql);

$result = mysql_query($sql) or die ("could not save record");

mysql_close();
?>
//Also trying to validate the form so each question is answered

Answers


The method you're using to save data to your DB is extremely risky. You're open to SQL injection attacks. That being said, you should read up on SQL injection attacks with mysql_query.

I'm not going to rewrite your code completely to fix the SQL injection vulnerabilities, but to fix the problem you're currently having...

In your code you have:

$sql = "INSERT INTO survey (first, last, email) VALUES                   
( '$_POST[first]','$_POST[last]','$_POST[email]','$_POST[gender]','$_POST[console]')";

You're specifying 3 columns, but passing in 5 columns. You need to add the other 2 columns

$sql = "INSERT INTO survey (first, last, email, gender, console) VALUES                   
( '$_POST[first]','$_POST[last]','$_POST[email]','$_POST[gender]','$_POST[console]')";

But seriously, change your code!

EDIT:

If you want to take an array of $_POST['console'] and turn it into a string that has comma separated values, try this:

Add array brackets to your name attribute:

<input type="checkbox" name="console[]" value="Playstation3" /> Playstation 3<br />
<input type="checkbox" name="console[]" value="Xbox360" />  Xbox 360 <br />
<input type="checkbox" name="console[]" value="Wii" />  Wii <br />
<input type="checkbox" name="console[]" value="Iphone" />  Iphone <br />
<input type="checkbox" name="console[]" value="MacBook" />  MacBook <br />

Iterate array and append values to a string:

<?PHP
$consoleArray = $_POST['console'];
$consoleCommaString = "";
if ($consoleArray != null && is_array($consoleArray)) {
    foreach ($consoleArray as $consoleValue) {
        $consoleCommaString .= $consoleValue .", ";
    }
}

$sql = "INSERT INTO survey (first, last, email, gender, console) VALUES ('$_POST[first]','$_POST[last]','$_POST[email]','$_POST[gender]','$consoleCommaString')";
?>

Need Your Help

System.Web.Mvc version not found

c# asp.net-mvc visual-studio-2013

I receive the following error after compiling my MVC app.

How to get data in database & then display specific data in view (codeigniter)

php html mysql codeigniter model-view-controller

I am a newbie to codeigniter framework, I have created a simple app that will fetch data from database and then display with condition in views. I'm trying to display specific data from database to...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.