Inserting multivalues from textbox into the MySQL Database using PHP
-
11-04-2021 - |
Question
I'm having a problem with my PHP and MySQL project . I wanted to insert multi collumn value into the database but the truth is, im already confused by the codes. it's like this if you would like to take a look:
if(!empty($_POST['brando'])){ $A="brand = '$brando'";} else{ $A=" ";} if(!empty($_POST['prnameo'])){ $B="product_name = '$prnameo'";} else{ $B=" ";} if(!empty($_POST['prido'])){ $C="product_id = '$prido'";} else{ $C=" ";} if(!empty($_POST['prcolo'])){ $D="color = '$prcolo'";} else{ $D=" ";} if(!empty($_POST['priceo'])){ $E="price = '$priceo'";} else{ $E=" ";} $sqlq="UPDATE $tbl_name2 SET $A $B $C $D $E where id='$id'"; mysql_query($sqlq);
I noticed that querying multivalue command into a database requires comma such as:
mysql_query("UPDATE $tablename SET collumn1='value', collum2='value' where id='value'");
and now i cant put any comma or "," in any of those codes, making the PHP page unable to send other variable values into the server.
even if i change the coding to this:
$sqlq="UPDATE $tbl_name2 SET $A , $B , $C , $D , $E where id='$id'";
it'll produce what else but damn errors.
so i would like to ask for help if you know what i'm talking about. i know, it sounds like i've been stressed out by the codings.
ooh, this code too, i forgot to put it for these.
for ($help_given=1, $help_given++) { echo "Thanks"; }
Solution
Try to implode() an array with "," ,like this:
<?php
if(!empty($_POST['brando'])){
$value[] ="brand = '$brando'";
}
if(!empty($_POST['prnameo'])){
$value[] ="product_name = '$prnameo'";
}
if(!empty($_POST['prido'])){
$value[] ="product_id = '$prido'";
}
if(!empty($_POST['prcolo'])){
$value[] ="color = '$prcolo'";
}
if(!empty($_POST['priceo'])){
$value[] ="price = '$priceo'";
}
$sqlq="UPDATE $tbl_name2 SET " . implode(",",$value)." where id='$id'";
mysql_query($sqlq);
?>
Then, you'd better to use "mysql_escape_string" or "PDO::prepare" method to prevent SQL injection.
OTHER TIPS
if(isset($_POST['brando']))
{
$brando=mysql_escape_string($_POST['brando']);
$A="brand = ".$brando;
}
else
{
$A=" ";
}
if(isset($_POST['prnameo']))
{
$prnameo=mysql_escape_string($_POST['prnameo']);
$B="product_name = ".$prnameo;
}
else
{
$B=" ";
}
if(isset($_POST['prido']))
{
$prido=mysql_escape_string($_POST['prido']);
$C="product_id = ".$prido;
}
else
{
$C=" ";
}
if(isset($_POST['prcolo']))
{
$prcolo=mysql_escape_string($_POST['prcolo']);
$D="color= ".$prcolo;
}
else
{
$D=" ";
}
if(isset($_POST['priceo']))
{
$priceo=mysql_escape_string($_POST['priceo']);
$E="price = ".$brando;
}
else
{
$E=" ";
}
$tbl_name="mytable";//to set
$id='primary_key';//to set
$sqlq="UPDATE $tbl_name SET $A, $B, $C, $D, $E where id='$id'";
mysql_query($sqlq);
Just put values where I have commented as //to set...