Insert multiple rows into mysql with php using foreach arrays

Question

Im stuck, been trying to figure this out for 2 hours now. I have figured out the foreach loop, but cant figure out how to insert the data now.

here is my php, what am I doing wrong?

    $query = "INSERT INTO images (thumb_path, image_path, main_image, project_id) VALUES ";  
foreach($_POST as $key => $value) {
    $query .= "$thumb_path,$image_path,$main_image,$_POST[project_id])";
    $result = mysql_query($query, $connection);
}

Thanks!

Should I lay it out like this, sorry still a newbie to foreach and how it works.

foreach($_POST as $key => $value) {
    $query = "INSERT INTO images VALUES (thumb_path, image_path, main_image, project_id),";  
    $query .= "$value[thumb_path], $value[$image_path], $value[$main_image], '$_POST[project_id'])";
}

$result = mysql_query($query, $connection);

Answer 1

Several things wrong here:

1. You're missing an opening bracket on your list of values (after VALUES)
2. You are running mysql_query on every iteration of the foreach. Instead, you probably want to build the string first (using multiple values lists), and run mysql_query outside the loop.
3. You can't interpolate the $_POST['project_id'] variable into a string in that way
4. You need to escape the $_POST data before putting it into the database!
5. You are not actually using the $key or $value from your foreach in your query, you're just discarding it.
6. The variables inside the loop ($thumb_path etc.) will be the same for every iteration of the loop—so you're going to insert the same data every time.
7. The logic of the loop just doesn't make sense. You don't know how long $_POST is, or what might be in it, so why are you looping over $_POST?

Some hints to help you fix all this:

1. Check your error log.
2. var_dump the string of SQL before you execute the query to check if it is syntactically and logically correct.

If you want further help, I'd suggest you var_dump what is in $_POST, try to write what you think the query ought to look like, and then post both here. Then maybe someone will help you go from one to the other.

Answer 2

I find something like this is far easier to maintain than a repeated string concatenation as you're doing:

$values = array();
foreach ($_POST as $key => $value) {
    $qvalue = mysql_real_escape_string($value);
    $values[] = "($field1, $field2, $field3, $qvalue)"; // quoted value, not the raw value
}

$query_values = implode(',', $values);

$query = "INSERT INTO images (field1, field2, field3, field4) VALUES $query_values";
$result = mysql_query($query, $connection);

Just keep in mind that when building a query like this, it's entirely possible to build a query large enough to except the max_packet length, in which case you'd have to split the insert into multiple smaller queries.

Answer 3

First, escape $_POST[project_id] with mysql_real_esape_string.

Then, the syntax is INSERT INTO table VALUES ( ... ), ( ... )

Answer 4

// escape your input
$_POST = array_map('addslashes', $_POST);

// rather than recursively calling mysql_query, you can insert all your rows with one query
// INSERT INTO table (columns) VALUES (data), (data), (data), ...
$values = array();
foreach($_POST as $key => $value) {
    $values[] = "('{$_POST['thumb_path']}', '{$_POST['image_path']}', '{$_POST['main_image']}', '{$_POST['project_id']}')";
}
if(sizeof($values)) {
    $query = "INSERT INTO images (thumb_path, image_path, main_image, project_id) VALUES ".implode(',', $values);
    $result = mysql_query($query, $connection);
}