Inserting data into SQL

Asked

Viewed 74 times

1

Hello would like to know how I can change code of area 1 of insert using the foreach($nome as $cod => $value) other than the code of area 2 I’m unable to make an adaptation by changing the mode of insert of Code 2 in such a way that foreach($nome as $cod => $value) work.

Code 1

mysql_query("INSERT INTO `episodios` SET `nome`='".$_POST["nome"]."',`media`='".$_POST["media"]."',`tamanho`='".$_POST["tamanho"]."',`tipo`='".$_POST["tipo"]."'")

Code 2

$nome = $_POST['nomes'];
$anime = $_POST['animes'];
$tamanho = $_POST['tamanhos'];
$tipo = $_POST['tipo'];

foreach($nome as $cod => $value){
$sql = "insert into episodios (id,nome,anime,tamanho,tipo) values ('','$nome[$cod]','$anime[$cod]','$tamanho[$cod]','$tipo')";
$consulta = mysql_query($sql) or die(mysql_error());
if($consulta) {
echo "<br/><center><div id=\"Aviso_ok\">Episodio Cadastrado com Sucesso</div></center><br/>";
}else{
echo "<br/><center><div id=\"Aviso_erro\">Erro ao Cadastrar o Episodio</div></center><br/>";}
}
  • 1

    What’s the problem? What you can’t do?

  • I don’t understand the doubt either.

  • I want to use in the case the foreach($name the $Cod => $value) in the code 1 only I’m not sure how to do the Adptation

  • It’s the same instead of $_POST["nome"] you use the $nome[$cod]

  • Minutes thanks for the help

  • 1

    beware of sqlinjection.

  • Only one thing besides having that by so $name[Cod] I have to put in case the $name = $_POST['names']; and the other post values in code 1 since I will replace the $_POST[' ']; at the beginning of code 1 for the post values to be applied ?

  • Yes that’s what it is

  • Look like @Ruilima said you have to be careful with SQL Injection. You should wear mysqli_ instead of mysql_ and use Prepared statements.

  • Okay that there in case avoids the use of havij ?

  • You can still use it to test...

  • Just one more question when it is applied that $name[$Cod] in the code applies the value of $_POST["name"] taken from the right array ? Ai in this case would act as a definition in Where ex Where name='." $name[$Cod]". 'so do ai in the example sort items at least name since it is inside the foreach loop($name as $Cod => $value){ } of the code in question ?

  • In this case $Select2 = mysql_query("SELECT * FROM listas WHERE nome='".name[Cod]". '"); $dads2 = mysql_fetch_array($Select2);

Show 8 more comments

1 answer

1


To generate a single INSERT, which inserts all records at once, you need an sql in this format:

INSERT INTO tabela(numero) VALUES (1), (2), (3), (4), (5), (6), (7), (8), (9), (10)

That amounts to this:

INSERT INTO tabela(numero) VALUES (1);
INSERT INTO tabela(numero) VALUES (2);
...
INSERT INTO tabela(numero) VALUES (10);

For this, use a logic similar to this:

$valores = range( 1 , 10 );
$sql = sprintf( 'INSERT INTO tabela(numero) VALUES (%s)', implode( '), (' , $valores ) );

You will generate a single INSERT, leaving the system much faster

See more in this article: http://rberaldo.com.br/inserindo-multiplos-registros-em-tabela-de-banco-de-dados/

Your system has two other problems: SQL Injection and mysql.

  1. To protect yourself SQL Injection account, see: http://rberaldo.com.br/seguranca-em-sistemas-de-login-protecao-contra-sql-injection/

  2. mysql_* functions are obsolete since PHP 5.5. Prefer to use Mysqli or PDO. See more here: http://www.ultimatephp.com.br/php-por-que-nao-utilizar-funcoes-mysql

  • No and well that I asked more in any case I will be marking the answer as accepted by the fact that you have passed useful tutorials to me already thank.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.