I am making one of my first databases and am using one table to contain all resposnes in a php/mysql survey. The responses, however, are posting to the one table but in three different rows. I suspect it has to do with the query being executed 3x for the three section responses. Do I need to concactenate this and, if so, how? Is there another solution.
Here’s the HTML Form:
<html>
<?php include 'C:\xampp\htdocs\paxdb\head.php';
include 'config/menu.php';?>
<div id="dataentry">
<!--This section is the demographic text field area-->
<form method="post" action="dataentered.php">
First Name: <input type="text" name="First_Name"/></br>
</br>
Last Name: <input type="text" name="Last_Name"/></br>
</br>
E-mail: <input type="text" name="email"/></br>
</br>
<!--This section is the age range checkbox selection area-->
<p><u><b>Age Range</b></u></p>
<input type="checkbox" name="age[]" id="20-25" value="20-25"/> 20-25</br>
<input type="checkbox" name="age[]" id="26-30" value="26-30"/> 26-30</br>
<input type="checkbox" name="age[]" id="31-35" value="31-35"/> 31-35</br>
</div>
<div id="checkboxes">
</div>
<!--This section is the trips take checkbox area-->
<div id="tripstodatetype">
<p><u><b>WHAT TYPE OF TRIPS TO DATE HAVE YOU TAKEN?</b></u></p>
<input type="checkbox" name="trip2date[]" id="Bus" value="Bus"> Bus </br>
<input type="checkbox" name="trip2date[]" id="Car" value="Car"> Car</br>
<input type="checkbox" name="trip2date[]" id="Weekend fly-in" value="Weekend fly-in"> Weekend fly-in </br>
</div>
<div id="tripstodateborder">
</div>
<!--This section is the type of trip client likes best checkbox area-->
<div id="triplikebest">
<p><u><b>WHAT TYPE OF TRIP DO YOU LIKE BEST?</b></u></p>
<input type="checkbox" name="triplikebest[]" value="Bus"> Bus </br>
<input type="checkbox" name="triplikebest[]" value="Car"> Car</br>
<input type="checkbox" name="triplikebest[]" value="Weekend fly-in"> Weekend fly-in </br>
</div>
<div id="triplikeborder">
</div>
and the corresponding PHP:
<html>
<?php
include 'head.php';
include 'config/menu.php';
$host="localhost";
$username="someusername";
$password="somepass";
$dbname="somedb";
$dbc = mysql_connect($host, $username, $password, $dbname);
if (!$dbc)
{
die('Error connecting to MySQL server' . mysql_error());
}
mysql_select_db($dbname, $dbc);
//send user data to the database table
$first_name=$_POST['First_Name'];
$last_name=$_POST['Last_Name'];
$email=$_POST['email'];
mysql_query("INSERT INTO pax (First_Name, Last_Name, email)
VALUES('$first_name','$last_name','$email')");
//send age data to the database table
$age = $_POST['age'];
$my_range = "";
foreach($age as $range)
$my_range = $my_range . $range . " ";
mysql_query("INSERT INTO pax(age) VALUES ('$my_range')") or die (mysql_error());
//send trip to date data to the database table
$trip2date = $_POST['trip2date'];
$my_triprange = "";
foreach($trip2date as $triprange)
$my_triprange = $my_triprange . $triprange . ", ";
mysql_query("INSERT INTO pax(trip2date) VALUES ('$my_triprange')") or die (mysql_error());
mysql_close($dbc);
?>
Your help is greatly appreciated.
Wow okay, I agree with ManseUK
1) Your queries are extremely vulnerable to SQL Injection. See – How does the SQL injection from the "Bobby Tables" XKCD comic work?
2)
mysqllibrary is deprecated, the library is no longer being developed. You should use MySQLi or PDO – see http://www.php.net/manual/en/mysqlinfo.api.choosing.php3) Your database is not normalised. That is you have multiple values going into one field of a row (all the trip dates. See http://en.wikipedia.org/wiki/Database_normalization
4) You’re running 3 insert queries. You should do it in one query by preparing the data first.
UPDATE
Okay here’s my solution. It comes with some more advice. Don’t attack or insult the people helping you. We have no idea where this code will end up and it’s a bad habit to get into designing insecure software. Bad code in the wild produces more bad code which ends up being responsible for making the IT industry look like morons. LinkedIn’s breach was SQL Injection, most likely. Some on this site will learn the hard way.
Second, the aim of the site is to educate people as well as solve problems. So a primer on databases.
When you run an INSERT query it creates one or more rows in a table in the database. The fields you specify are filled in with the data you provide, the rest are filled with blanks. 3 INSERT queries? 3 rows.
Here’s a few versions to improve it
Version 1.0: ‘mysql_’ Single Row (With SQL Injection fixed):
Version 2.0: ‘mysql_’ Single Row (With SQL Injection fixed):
Regarding the database, multi-table would be the ideal way to store the ranges. However, given this is a small project, it’s probably sufficient to just use the list as a non-normalised field. I normally don’t bother with FOREIGN KEYS even in a large project (which don’t work in the default DB type (MyISAM)) and just enforce it application side. Database developers on here will differ.
Sample DB structure and content
Queries & some pseudo code to insert
Queries & some pseudo code to retrieve