mysql - php mysqli insert multiple rows to 1 table and 1 row to another table -


i've been working on site. can insert players table multiple rows (based on $add-rows value). need to, also, insert events table 1 row. when submit form, inserts players fine not events

this form values needed 2 queries

<form id="form-add" name="form-add" method="post" enctype="multipart/form-data" action="page.php"> <input name="add-name" id="add-name" type="text" value="event"> <input name="add-start" id="add-start" type="text" value=""> <input name="add-end" id="add-end" type="text" value=""> <input name="add-loc" id="add-loc" type="text" value=""> <input name="add-rows" id="add-rows" type="text" value=""> <input name="add-submit" id="add-submit" type="submit" value="add" /> <input type="hidden" name="submitted" value="true" /> </form> 

these values i'm posting form

<?php $add_name = $_post['add-name']; $add_start = $_post['add-start']; $add_end = $_post['add-end']; $add_loc = $_post['add-loc']; $add_rows = $_post['add-rows']; $add_url = date('y-m-d',strtotime($add_start)).'-'.str_replace('-',' ',($add_name));  if(isset($_post['submitted'])) { //check if form submitted     //connection     $mysqli = new mysqli('host', 'user', 'pass', 'db_name');      //this first query - insert multiple rows in players table (from same form)     $query  = "insert players (position, event, start, end, name, one, two, three, four, five, six)          values ('', '$add_url', '$add_start', '$add_end', '', 'yes', 'no', 'no', 'no', 'no', 'no');" .         str_repeat(", ('', '$add_url', '$add_start', '$add_end', '', 'yes', 'no', 'no', 'no', 'no', 'no')", $add_rows - 1);      //this 2nd query - insert events table (from same form)     $query .= "insert events (ur, name, start, end, loc) values ('$add_url', '$add_name' '$add_start', '$add_end', '$add_loc');";      // execute query - $result false if first query failed     $result = mysqli_multi_query($mysqli, $query);      if ($result) {         {             // grab result of next query             if (($result = mysqli_store_result($mysqli)) === false && mysqli_error($mysqli) != '') {                 echo "query failed: " . mysqli_error($mysqli);             }         } while (mysqli_more_results($mysqli) && mysqli_next_result($mysqli)); // while there more results     } else {         echo "first query failed..." . mysqli_error($mysqli);     } }//end of form submit if ?> 

there 3 main faults code

  1. you using mysqli_multi_query() useless here , makes code overcomplicated.
  2. you not using placeholders, makes code vulnerable injection
  3. you inserting identical rows in database, crime against database laws.

so, make 2 queries: 1 inserts 1 record players table , - 1 events.
run them in 2 separate calls using prepared statements.
mysqli unusable them - use pdo instead.


Comments

Popular posts from this blog

c++ - llvm function pass ReplaceInstWithInst malloc -

Cross-Compiling Linux Kernel for Raspberry Pi - ${CCPREFIX}gcc -v does not work -

java.lang.NoClassDefFoundError When Creating New Android Project -