开发者

PHP: How to correctly loop through multi-dimen post arrays

问答 作者:

If I have a form with fields like this.

THERE WILL BE MULTIPLE ROWS OF THESE FIELDS HENCE T开发者_如何学CHE SQUARE BRACKETS

<input type="text" name="txt-receipt-number[]" value="" />
<input type="text" name="txt-stock-number[]"  value="" />
<input type="text" name="txt-repair-code[]" value="" />

How do I loop through the $_POST variable to get the values because its getting the field names but not the values, what am I doing wrong please?

$fields = array();
$values = array();

foreach($_POST as $field => $value) {
   $fields[] = $field;
   echo $value;

}

Output:

ArrayArrayArrayArrayArrayArrayArrayArrayArray

Update:

Sorry, quick edit for correct output...

Further Update:

Lets ignore the insert, how do I get the values please?

Remove the [] of your text input, or you will get $value of array type.

<input type="text" name="txt-receipt-number" value="" />
<input type="text" name="txt-stock-number"  value="" />
<input type="text" name="txt-repair-code" value="" />

And don't forget to quote your values.

foreach($_POST as $field => $value)
{
    if(is_array($value))
    {
        foreach($value as $k => $val)
        {
            echo $val;
        }
    }
    else
    {
        echo $value;
    }
}

Works for regular fields and one-dimensional _POST fields.

You will have some other problems though, with column names like sales_receipt-number, etc. You should enclose those in backquotes, and you must also escape them since they are going directly into your SQL statement. They are just as vulnerable to SQL injection as the VALUES().

$fields[] = "`" . mysql_real_escape_string($field) . "`";

Update 2

To get the values and do the insert in a loop, the SQL needs to be reconstructed each time in the loop, using one set of array values.

// Find the number of loops necessary
// Unless all fields are always required, this will need to be the $_POST key with the most values
$numLoops = count($_POST['txt-receipt-number']);

fields = array();
$values = array();

for ($i = 0; $i < count($_POST); $i++) {
  foreach($_POST as $field => $value) {
     $fields[] = "`" . mysql_real_escape_string($field) . "`";
     $values[] = mysql_real_escape_string($_POST[$field][$i]);

     // Now build the SQL for this loop iteration.
     $sql = 'insert into table(' . join(',', $fields) . ') values(' . join(',', $values) . ')';
  }
}

To be honest, I see many problems in this code...

  1. Using foreach to build dynamic list of fields that need to be inserted. Don't you have, for example, anything like <input type='submit' name='add_data'/>? It's common to have submit buttons, and, with your code, you would try to edit DB table's field named add_data. This is also unsafe, as it (a) reveals table structure and (b) gives possibility to make SQL errors by manually changing field names, which may lead to another security/stability issues.
  2. Lack of escaping field names. May lead to SQL injections.
  3. Using - sign in field names. insert into table(sales_receipt-number, ... just won't work.

As for handling posted arrays...

<form method='post' action=''>
    <table border='1'>
        <tr>
            <td><input type='text' name='receipt_number[]'/></td>
            <td><input type='text' name='stock_number[]'/></td>
            <td><input type='text' name='repair_code[]'/></td>
        </tr>
        <tr>
            <td><input type='text' name='receipt_number[]'/></td>
            <td><input type='text' name='stock_number[]'/></td>
            <td><input type='text' name='repair_code[]'/></td>
        </tr>
        <tr>
            <td><input type='text' name='receipt_number[]'/></td>
            <td><input type='text' name='stock_number[]'/></td>
            <td><input type='text' name='repair_code[]'/></td>
        </tr>
        <tr>
            <td colspan='3'>
                <input type='submit' name='add_items'/>
           </td>
        </tr>
    </table>
</form>

<pre>
<?php

function handleAddingItem() {
    if ( !isset($_POST['receipt_number'], $_POST['stock_number'], $_POST['repair_code']) ) {
        trigger_error("Some field is undefined");
        return false;
    }
    if ( !is_array($_POST['receipt_number']) || !is_array($_POST['stock_number']) || !is_array($_POST['repair_code']) ) {
        trigger_error("Some field is not an array");
        return false;
    }
    $keys = array_keys($_POST['receipt_number']);
    if ( array_keys($_POST['stock_number']) !== $keys || array_keys($_POST['repair_code']) !== $keys ) {
        trigger_error("Posted arrays have different keys");
        return false;
    }
    foreach ( $keys as $key ) {
        if ( empty($_POST['receipt_number'][$key]) && empty($_POST['stock_number'][$key]) && empty($_POST['repair_code'][$key]) ) {
            continue;
        }
        $receiptNumber = mysql_real_escape_string($_POST['receipt_number'][$key]);
        $stockNumber = mysql_real_escape_string($_POST['stock_number'][$key]);
        $repairCode = mysql_real_escape_string($_POST['repair_code'][$key]);
        $sql = "
            insert into table_name set
                receipt_number = '{$receiptNumber}',
                stock_number   = '{$stockNumber}',
                repair_code    = '{$repairCode}'
        ";
        echo $sql;
    }
    return true;
}

function handlePost() {
    print_r($_POST);
    if ( isset($_POST['add_items']) ) {
        handleAddingItem();
    }
}

if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
    handlePost();
}


?>

Output:

Array
(
    [receipt_number] => Array
        (
            [0] => 123
            [1] => 
            [2] => 
        )

    [stock_number] => Array
        (
            [0] => 
            [1] => 
            [2] => 
        )

    [repair_code] => Array
        (
            [0] => 
            [1] => 
            [2] => 
        )

    [add_items] => Submit Query
)

            insert into table_name set
                receipt_number = '123',
                stock_number   = '',
                repair_code    = ''

Common practice might be to pass additional field - row's ID. If it has a value, then action is "edit", if it is empty, action is "create".

This is a little bit strange but try it :

<?php
foreach($_POST['txt-receipt-number'] as $k=>$v){
   $array[$k]['txt-receipt-number']      =  $_POST['txt-receipt-number'][$k];
   $array[$k]['txt-stock-number']        =  $_POST['txt-stock-number'][$k];
   $array[$k]['txt-repair-code']         =  $_POST['txt-repair-code'][$k];

}
$fields = array();
$values = array();
foreach($array as $row) {
foreach($row as $field => $value) {
    $values[] = $value;
    $fields[] = $field;
}
}

var_dump($fields);
var_dump($values);

?>

<form method='post' action=''>
<input type="text" name="txt-receipt-number[]" value="" /><br>
<input type="text" name="txt-stock-number[]"  value="" /><br>
<input type="text" name="txt-repair-code[]" value="" /><br>
----

<input type="text" name="txt-receipt-number[]" value="" /><br>
<input type="text" name="txt-stock-number[]"  value="" /><br>
<input type="text" name="txt-repair-code[]" value="" /><br>
<input type="submit" value="go">

</form>

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9