Getting multiple data and them adding them into multiple database entries

Question

Hi have made a php script which the user can pick or add multiple entry into the database for example a user can add 10 items at once the 10 area's show but the main problem is that only the last one is added into the database and not all the data into multiple entries and here is the code and its name is final.php

      <?php
      if(isset($_POST['multi'])){
      echo "<form action='final.php' method='POST'>";
      $a = $_POST['number'];
      $b = 0 ;
      $c = $_POST['country'];
      $d = $_POST['state'];
      echo"<table border='1'><tr><td colspan='7'>Country:<input type='text'  
      name='country' value='$c'></td></tr>";
      while($a != $b){
      $b++;
      echo "
      <tr>
     <td>State</td>
 <td>Name</td>
     <td>Main Information</td>
     <td>Second Information</td>
      </tr>
      <tr>
     <td><input type='text' name='state".$b."' value='$d'></td>
     <td><textarea name='name".$b."'></textarea></td>
    <td><textarea name='info1".$b."'></textarea></td>
    <td><textarea name='info2".$b."'></textarea></td>
      </tr>
      ";

      };
      echo "</table></br>Total:<input type='text' name='total' value='$a'>";
      echo"<input type='submit' name='Add' value='Add'></form>";

      }

      elseif(isset($_POST['Add'])){
          $a1 = $_POST['total'];
          $b1 = 0;
          $c1 = $_POST['country'];
          echo "There is $a1 types in here";

          $cn = mysql_connect("127.0.0.1","root","");
          if(!$cn)
          {
          die('Could not connect:'.mysql_error());
          }
          mysql_select_db("test",$cn);


          while($a1 != $b1){
              $b1++;        
              $state = "state".$b1;
              $name = "name".$b1;
              $info1 = "info1".$b1;
              $info2 = "info2".$b1;

              $sq="INSERT INTO ftable(Country, State, Name, First, Second ) VALUE('$c1', '$_POST[$state]', '$_POST[$name]', '$_POST[$info1]', '$_POST[$info2]')";

              echo "</br>Country:$c1</br> 
                  State:".$_POST[$state]."</br>
                  Name:".$_POST[$name]."</br>
                  Info1:".$_POST[$info1]."</br>
                  Info2:".$_POST[$info2]."</br>";
          }


          if (!mysql_query($sq,$cn))
          {
           die('Error:'.mysql_error());
          }
          echo"<palign='center'>You have added $a to the dbms</br>";




      }

      else{
      echo"<form action='final.php' method='POST'>
      <input type='number' name='number'>
      <input type='text' name='country' value='country'>
      <input type='submit' value='Generate' name='multi'>
      </form>";
      }

      ?>

And thanks , would really appreciate it if someone could help me with this on and im only a noob in coding so sorry

Answer 1

This is because you are executing your query outside the while loop. The solution would be to move your mysql_query($sq, $cn) inside the while loop. Also your insert query has VALUE instead of VALUES, please see the insert syntax.

       while($a1 != $b1){
          $b1++;        
          $state = "state".$b1;
          $name = "name".$b1;
          $info1 = "info1".$b1;
          $info2 = "info2".$b1;

          $sq="INSERT INTO ftable(Country, State, Name, First, Second ) VALUES('$c1', '$_POST[$state]', '$_POST[$name]', '$_POST[$info1]', '$_POST[$info2]')";

          echo "</br>Country:$c1</br> 
              State:".$_POST[$state]."</br>
              Name:".$_POST[$name]."</br>
              Info1:".$_POST[$info1]."</br>
              Info2:".$_POST[$info2]."</br>";

          if (!mysql_query($sq,$cn))
          {
            die('Error:'.mysql_error());
          }
          echo"<palign='center'>You have added $a to the dbms</br>";
       }

Note that your code is vulnerable to SQL injection, you should look into using mysql_real_escape_string like follows:

  $a = mysql_real_escape_string($_POST['number']);
  $c = mysql_real_escape_string($_POST['country']);
  $d = mysql_real_escape_string($_POST['state']);

Also note that mysql_ extensions are deprecated so you should look into either mysqli or PDO.