Elxis CMS Forum
Support => General => Topic started by: ROUBOS on April 18, 2013, 11:45:18
-
Hi using this code:
<?php
$sql = "SELECT * FROM blocks_table WHERE series='100 Series'"; // 100 SERIES --------------------------------------------------------------------
$result = mysql_query($sql)or die(mysql_error());
$series = 100;
$rowcounter = 0;
echo '<table class="styled-table">';
echo '<tr><th>100 Series</th><th>Per Pallet</th><th>Quantity</th><th>Pallets</th><th>Extras</th></tr>';
while($row = mysql_fetch_array($result)){
$rowcounter++;
$output = <<<DATADATA
<tr><td>{$row["type"]}</td></td>
<td><input type="text" name="{$series}perpallet[{$rowcounter}]" id="{$series}perpallet{$rowcounter}" style="width:50px;" value="{$row['per_pallet']}" readonly /></td>
<td><input type="text" name="{$series}quantity[{$rowcounter}]" id="{$series}quantity{$rowcounter}" style="width:50px;" value="0" onChange="getTotal({$series},{$rowcounter});" /></td>
<td><input type="text" name="{$series}pallets[{$rowcounter}]" id="{$series}pallets{$rowcounter}" style="width:50px;" value="0" class="pallets" readonly /></td>
<td><input type="text" name="{$series}extras[{$rowcounter}]" id="{$series}extras{$rowcounter}" style="width:50px;" value="0" class="extras" readonly /></td>
</tr>
DATADATA;
echo $output;
}
echo '</table>';
?>
and this:
<?php
print_r($_POST);
?>
gives me this outcome:
Array ( [companyname] => NACA [deliveryaddress] => Stuart Park [orderdate] => 2013-04-18 [deliverydate] => 2013-05-16 [status] => Completed [checked] => Yes [loadedby] => MANOLIS [sumpallets] => 3 [sumextras] => 624 [makeup] => 2 [grandtotal] => 5 [submit] => Submit Order [100perpallet] => Array ( [1] => 180 [2] => 240 [3] => 360 [4] => 576 [5] => 144 [6] => 288 [7] => 280 [8] => 560 [9] => 360 [10] => 480 [11] => 720 [12] => 1152 ) [100quantity] => Array ( [1] => 654 [2] => 154 [3] => 356 [4] => 0 [5] => 0 [6] => 0 [7] => 0 [8] => 0 [9] => 0 [10] => 0 [11] => 0 [12] => 0 ) [100pallets] => Array ( [1] => 3 [2] => 0 [3] => 0 [4] => 0 [5] => 0 [6] => 0 [7] => 0 [8] => 0 [9] => 0 [10] => 0 [11] => 0 [12] => 0 ) [100extras] => Array ( [1] => 114 [2] => 154 [3] => 356 [4] => 0 [5] => 0 [6] => 0 [7] => 0 [8] => 0 [9] => 0 [10] => 0 [11] => 0 [12] => 0 ) )
How do I go about selectively inserting data from this post data into two different tables?
Note: the above 100 Series table is repeated for more series... 150Series, 200Series etc. ...
thanks
-
I tried this with no luck:
<?php
include('db.php'); //connect
print_r($_POST);
foreach($_POST AS $key=>$value) {
$sql="INSERT INTO order_table ('extra_blocks') VALUES ('$_POST[sumextras]')";
$result = mysql_query($sql) or die("didn't work");
}
?>
-
with this:
<?php
include('db.php'); //connect
//print_r($_POST);
echo '<pre style="text-align: left;">' . print_r($_POST, true) . '</pre>';
foreach($_POST["id"] AS $key=>$value) {
$sql="INSERT INTO order_table ('company_name') VALUES ('$_POST[companyname]')";
$result = mysql_query($sql) or die("didn't work");
}
?>
I get:
Array
(
[companyname] => InfoShell
[deliveryaddress] => Kavlia street
[orderdate] => 2013-04-18
[deliverydate] => 2013-05-23
[status] => Pending
[checked] => No
[loadedby] => Kavlifei
[sumpallets] => 3
[sumextras] => 187
[makeup] => 1
[grandtotal] => 4
[submit] => Submit Order
[100perpallet] => Array
(
[1] => 180
[2] => 240
[3] => 360
[4] => 576
[5] => 144
[6] => 288
[7] => 280
[8] => 560
[9] => 360
[10] => 480
[11] => 720
[12] => 1152
)
[100quantity] => Array
(
[1] => 354
[2] => 245
[3] => 368
[4] => 0
[5] => 0
[6] => 0
[7] => 0
[8] => 0
[9] => 0
[10] => 0
[11] => 0
[12] => 0
)
[100pallets] => Array
(
[1] => 1
[2] => 1
[3] => 1
[4] => 0
[5] => 0
[6] => 0
[7] => 0
[8] => 0
[9] => 0
[10] => 0
[11] => 0
[12] => 0
)
[100extras] => Array
(
[1] => 174
[2] => 5
[3] => 8
[4] => 0
[5] => 0
[6] => 0
[7] => 0
[8] => 0
[9] => 0
[10] => 0
[11] => 0
[12] => 0
)
)
didn't work
Any help?
How do I selectively get values from this array post an insert them into a mysql table???
-
Super global variable $_POST is an array and should be handled as all php arrays.
Let's say you have a db table with these columns: id, title, description
Your $_POST may have the same named as the db table column or different, these depends on your form.
<form>
<input type="text" name="mytitle" value ="" />
<input type="text" name="mydescription" value ="" />
<button type="submit">Submit</button>
</form>
after submit you get the values like that:
$_POST['mytitle'] and $_POST['mydescription']
So the insert sql statement will look like that:
$sql = "INSERT INTO table_name (id, title, description) VALUES (null, '".$_POST['mytitle']."', '".$_POST['mydescription']."')";
Attention: It is a huge security threat to use user submitted variables like $_POST directly and without validating them first. Use filter_input function to sanitize your variables. Example:
$mytitle = filter_input(INPUT_POST, 'mytitle', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$mydesc = filter_input(INPUT_POST, 'mydescription', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
if (trim($mytitle) == '') {
exit('title cannot be empty!');
}
if (trim($mydesc ) == '') {
exit('description cannot be empty!');
}
$sql = "INSERT INTO table_name (id, title, description) VALUES (null, '".$mytitle."', '".$mydesc."')";
Also, as you don't use PDO, you must escape quotes!
If you don't take these security meters your site will be easily hacked...
Elxis 4.x with PDO and data bindings is super secure in this area.
If your application was an Elxis extension all you would have to do is this:
$row = new sometableDB();
$row->bind($_POST);
$row->store();
Do you see the difference? Everything easy and secure. You don't even have to write sql queries! Elxis does all the dirty job automatically.
This is why we say to built Elxis extensions and not autonomous scripts.
-
Thanks for your reply,
I can insert the values for these:
[companyname] => InfoShell
[deliveryaddress] => Kavlia street
[orderdate] => 2013-04-18
[deliverydate] => 2013-05-23
[status] => Pending
[checked] => No
[loadedby] => Kavlifei
[sumpallets] => 3
[sumextras] => 187
[makeup] => 1
[grandtotal] => 4
[submit] => Submit Order
The problem I have is with looping and inserting the following in a different table:
[100perpallet] => Array
(
[1] => 180
[2] => 240
[3] => 360
[4] => 576
[5] => 144
[6] => 288
[7] => 280
[8] => 560
[9] => 360
[10] => 480
[11] => 720
[12] => 1152
)
[100quantity] => Array
(
[1] => 354
[2] => 245
[3] => 368
[4] => 0
[5] => 0
[6] => 0
[7] => 0
[8] => 0
[9] => 0
[10] => 0
[11] => 0
[12] => 0
)
[100pallets] => Array
(
[1] => 1
[2] => 1
[3] => 1
[4] => 0
[5] => 0
[6] => 0
[7] => 0
[8] => 0
[9] => 0
[10] => 0
[11] => 0
[12] => 0
)
[100extras] => Array
(
[1] => 174
[2] => 5
[3] => 8
[4] => 0
[5] => 0
[6] => 0
[7] => 0
[8] => 0
[9] => 0
[10] => 0
[11] => 0
[12] => 0
)
I would have used Elxis and with the help of this forum I'm sure that this would have been finished a lot quicker. Just that I'm in Australia right now doing this for a friend, and it's going to be a standalone page on a local server.
I want to check out Elxis 4.0 and I have no time while I'm here. Be back in Greece in a few days and I'll have free time to play around with Elxis 4.0 :)
-
foreach ($_POST['100perpallet']) as $pp) {
$sql = "INSERT INTO table (id, perpalet) VALUES (null, '".$pp."')";
}
-
:D
<?php
include('db.php'); //connect
echo '<pre style="text-align: left;">' . print_r($_POST, true) . '</pre>';
mysql_query("INSERT INTO order_table (company_name, delivery_address, order_date, delivery_date, status, hb_checked, loaded_by, pallets, extra_blocks, extra_pallets, total_pallets)
VALUES
('$_POST[companyname]','$_POST[deliveryaddress]','$_POST[orderdate]','$_POST[deliverydate]','$_POST[status]','$_POST[checked]','$_POST[loadedby]','$_POST[sumpallets]','$_POST[sumextras]','$_POST[makeup]','$_POST[grandtotal]')");
$currentid = mysql_insert_id();
foreach($_POST['100type'] AS $key=>$value) {
$sql = "INSERT INTO order_details_table
(order_id, block_type, block_quantity, block_pallets, block_extras)
VALUES ('$currentid', '{$_POST['100type'][$key]}','{$_POST['100quantity'][$key]}','{$_POST['100pallets'][$key]}','{$_POST['100extras'][$key]}')";
$result = mysql_query($sql) or die('Could not insert data');
}
?>
Well I could not get the relationship to work (phpmyadmin foreign keys), so I did it using $currentid = mysql_insert_id();
Does the job. Now need to work on security.