Member Avatar for nadiam

hi guys so this page where part of the form elements are made arrays by adding square brackets to the input names. the reason i did that is because that part of the form is handled in jquery this post(my post about jquery) if you take a glimpse will understand what/why i did in array.
im trying to save the data into database but it gives me warning:

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in D:\Xampp\htdocs\EMS2\add_contact.php on line

how to post the data?

  • 3 Contributors
  • 15 Replies
  • 275 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by diafol
Member Avatar for broj1

Post the bit of code that uses the mysql_real_escape_string() function. It is important that you give this function a string as a parameter (not an array as in your case).

Member Avatar for nadiam

i used it here:

    $childsalutations = ($_POST['child-salutations']);
    $childfname = ($_POST['child-fname']);
    $childlname = ($_POST['child-lname']);
    $childline1 = ($_POST['child-line1']);
    $childline2 = ($_POST['child-line2']);
    $childemail = ($_POST['child-email']);
    $childm = ($_POST['child-mobile']);

i got rid of mysql_real_escape_string but the warning still shows.

Member Avatar for broj1

Obviously $_POST['child-fname'], $_POST['child-lname'] and others are arrays, not strings. Can you post the contents of some of them. Put this code somewhere in the script and post the output here.

print_r($_POST['child-fname']);
print_r($_POST['child-lname']);
...

And do not get rid of mysql_real_escape_string in production version. It means security.

Member Avatar for nadiam

print_r($_POST['child-lname']); nothing :( omg i have to start this page over? gah

Member Avatar for broj1

In any case it is good practice to check for values before using them:

if(isset($_POST['child-fname']) && !empty($_POST['child-fname'])) {
    $childfname = ($_POST['child-fname']);
} elese {
    // do some falback procedure
}
Member Avatar for nadiam 
    print_r ($_POST['child-fname']);
    print_r ($_POST['child-lname']);
    print_r ($_POST['child-line1']);
    print_r ($_POST['child-line2']);
    print_r ($_POST['child-mobile']);
    print_r ($_POST['child-office']);
    print_r ($_POST['cday']);
    print_r ($_POST['cmonth']);
    print_r ($_POST['cyear']);

this is what i got

Array ( [0] => Lia [1] => Rio ) Array ( [0] => Diwana [1] => Lee ) Array ( [0] => house 2 [1] => house 3 ) Array ( [0] => [1] => ) Array ( [0] => 0127896543 [1] => 0136524987 ) Array ( [0] => 78965413 [1] => 75421369 ) Array ( [0] => 19 [1] => 16 ) Array ( [0] => 7 [1] => 2 ) Array ( [0] => 1990 [1] => 1993 ) Column count doesn't match value count at row 1

Column count doesn't match value count at row 1 means that my query is retarded right?

Edited by nadiam
Member Avatar for nadiam 
print_r ($_POST['child-fname']);
print_r ($_POST['child-lname']);
print_r ($_POST['child-line1']);
print_r ($_POST['child-line2']);
print_r ($_POST['child-mobile']);
print_r ($_POST['child-office']);
print_r ($_POST['cday']);
print_r ($_POST['cmonth']);
print_r ($_POST['cyear']);

result(which appears on top of page after insert):

Array ( [0] => Alia [1] => Ali ) Array ( [0] => Razali [1] => Razali ) Array ( [0] => house 2 [1] => house 1 ) Array ( [0] => [1] => ) Array ( [0] => 014965872 [1] => 0139874562 ) Array ( [0] => 79563214 [1] => - ) Array ( [0] => 16 [1] => 12 ) Array ( [0] => 4 [1] => 10 ) Array ( [0] => 1993 [1] => 1998 )

okay, i got it inserted into child database but in the specified field it says array.

|child_name|dob|house_add1|house_add2|mobile|office|email|

inserted:
|array|array-array-array|array| |array|array|array|

why?

Edited by nadiam
Member Avatar for broj1

Post the code for the insert query.

Member Avatar for nadiam 
    $childsalutations = ($_POST['child-salutations']);
    $childfname = ($_POST['child-fname']);
    $childlname = ($_POST['child-lname']);
    $childline1 = ($_POST['child-line1']);
    $childline2 = ($_POST['child-line2']);
    $childemail = ($_POST['child-email']);
    $childm = ($_POST['child-mobile']);
    $childoff = ($_POST['child-office']);
    $cday = ($_POST['cday']);
    $cmonth = ($_POST['cmonth']);
    $cyear = ($_POST['cyear']);

insert query:

$add5 = mysql_query("INSERT INTO child VALUES('','".$childsalutations." $childfname $childlname',' ".$cday."-".$cmonth."-$cyear ','$childline1','$childline2','$childm','$childoff','$childemail')") or die(mysql_error());

fe496cd69ee10918f758006b9e6dc62a

Edited by nadiam
Member Avatar for diafol

SHow your form markup - are you using arrays in the name attribute?

Member Avatar for nadiam

yup i added square brackets next to names.

example:

Line 1  :<input type="text" name="child-line1[]" id="child-line1"/>
Mobile No :<input type="text" name="child-mobile[]" id="child-mobile"/>
Line 2 :<input type="text" name="child-line2[]" id="child-line2" />
Office No :<input type="text" name="child-office[]" id="child-office" />
Email Address :<input type="email" name="child-email[]" id="email"  />
Member Avatar for diafol

Why?

That's your problem - take off the square brackets and it might work. Or are you submitting multiple children at a time?

Member Avatar for nadiam

multiple childen at a time if it is has to be. its a contact form where users have to choose how many children they have and if its two or three or four then they will have to fill in their names etc and it will have to be in array form wouldn't it?

Member Avatar for diafol

Yes, but you need to loop over. Also if you've got multiple children then your form ids don't make any sense as they have to be unique.

id="child-line1"

for example has to be unique

You have to be careful with multiple record insert as some fields are not sent if not set and that can mess up your order, e.g. checkboxes

So, assuming that you only have textboxes - all should be well

You need to build a prepared statement like this...

INSERT INTO table (field1,field2,field3,field4) VALUES (?,?,?,?),(?,?,?,?),(?,?,?,?) ...

And then bind all the parameters before executing. Should be simple enough.

Member Avatar for diafol

Here's an example using username/pw into users table...

<?php
//DATA - DUMMY data from form
$_POST = array('username'=>array('ceri','arian','rhian'),'pw'=>array('a','b','c'),'someother'=>array('notreq1','notreq2','notreq1'));

//Form fields required in INSERT query in the order required in the SQL
$fields = array('username','pw');

//Connection details
$dsn = 'mysql:dbname=daniweb;host=localhost';
$user = '#########';
$password = '#########';

//Place post data into non-superglobal variable
$arr = $_POST;

//Gets the (?,?),(?,?)... string
function getValueClause($data,$fields)
{
    $fieldCount = count($fields);
    $recordCount = count(reset($data));

    $rep = str_repeat("?,",$fieldCount);
    $places = '(' . substr($rep,0,-1) . '),';
    $values =  str_repeat($places, $recordCount);
    return substr($values,0,-1);
}

//Gets the binding array, e.g. array('ceri','a','arian','b','rhian','c')
function getBindArray($data,$fields)
{
    $bind = array();
    for($i=0;$i<count($data[$fields[0]]);$i++)
    {
        foreach($fields as $field)
        {
            $bind[] = $data[$field][$i];    
        }
    }
    return $bind;
}

//Connect to DB via PDO
try {
    $dbh = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

//Prepare statement
$statement = "INSERT INTO users (username, pw) VALUES " . getValueClause($arr,$fields);
$stmt = $dbh->prepare($statement);
//Execute Statement
$stmt->execute(getBindArray($arr, $fields));
//Check number of rows inserted
echo $stmt->rowCount();
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.