I need help with Php forms. I am trying to insert at least 2 & a Max of 3 team players data to MySQL for registration purposes.

By using a loop to get the 3 form values and iterate until data is stored in the tables

First Table is Players table: columns names are as follows.

playerid, playerfirstname, playerlastname, playerdob, playernationalranking, playerphonenumber, playeremailaddress, playerpassportnumber,playerplayinghistory, playeraddress, playercountry

Second Table is Participants table: columns names are as follows.

playerid, participtionid, championshipid, countryid, created_at, status (is deleted or not) , room_booking_status

Third Table is Photo links

Time, FileLocation, IP, idUsers, playerid

on top of that, another i need to insert to a 4th table and its teamplayers table: column names are as follows.

Teamid, participtionid, countryid, idplayer1, idplayer2, idplayer3, TimeStamp

PHP code starts as follows:

if (!isset($_SESSION)) {
  session_start();
}
$editFormAction = $_SERVER['PHP_SELF'];
    if (isset($_SERVER['QUERY_STRING'])) {
      $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
    }
$colname_numRows = "-1";
    if (isset($_SESSION['MM_UserGroup'])) {
      $colname_numRows = $_SESSION['MM_UserGroup'];
    }
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {


        for($i=1;$i<4;$i++) {

        // combining date of birth
        $playerDob = $_POST['year'.$i]."-".$_POST['month'.$i]."-".$_POST['day'.$i];
        $playerDob = mysql_real_escape_string($playerDob);
          // first query
          $insertPlayerInfo = sprintf("INSERT INTO players (playerid, playerfirstname, playerlastname, playerdob, playernationalranking, playerphonenumber, playeremailaddress, playerpassportnumber, playerplayinghistory, playeraddress, playercountry) VALUES ('', %s, %s, '$playerDob', %s, %s, %s, %s, %s, %s, %s)",
        GetSQLValueString(str_replace('\' ', '\'', ucwords(str_replace('\'', '\' ', strtolower($_POST['playerFirstName'.$i])))), "text"),
        GetSQLValueString(str_replace('\' ', '\'', ucwords(str_replace('\'', '\' ', strtolower($_POST['playerLastName'.$i])))), "text"),
        GetSQLValueString($_POST['playerNationalRanking'.$i], "int"),
        GetSQLValueString($_POST['playerPhoneNumber'.$i], "text"),
        GetSQLValueString($_POST['playerEmailAddress'.$i], "text"),
        GetSQLValueString($_POST['playerPassportNumber'.$i], "text"),
        GetSQLValueString($_POST['playerPlayingHistory'.$i], "text"),
        GetSQLValueString($_POST['playerAddress'.$i], "text"),
        GetSQLValueString($_POST['playerCountryID'.$i], "int"));

        mysql_select_db($db, $EntrySystem);

        if($myPlayerInfoResult = mysql_query($insertPlayerInfo, $EntrySystem))
        {

            $_SESSION['playerid'.$i] = mysql_insert_id($EntrySystem) or die(mysql_error());

        // second query 
            $insertSQL = sprintf("INSERT INTO participants (playerid, participationid, championshipid, countryid, created_at, status, room_booking_status) VALUES ('".$_SESSION['playerid'.$i]."','', %s, %s, %s, '1', '0')",
                           GetSQLValueString($_POST['championshipid'], "int"),
                           GetSQLValueString($_POST['countryid'], "int"),
                           GetSQLValueString($_POST['created_at'], "date"));

            mysql_select_db($db, $EntrySystem);

            if($myInsertSQL = mysql_query($insertSQL, $EntrySystem)) 
            { // if successfully submitted, proceed to next page
            $participationid = mysql_insert_id($EntrySystem)or die(mysql_error());
            $_SESSION['participationid'.$i] = $participationid;
            }

    if(!is_dir("upload/".$_SESSION['MM_Username'])) {

    mkdir("upload/".$_SESSION['MM_Username']);

                }

                        function savedata(){
                            global $_FILES, $_POST, $putItAt;
                            $sql = "INSERT INTO `db`.`photos` 
                                ( 
                                `Time`, 
                                `FileLocation`, 
                                `IP`, 
                                `countryid`,
                                `participationid`) 
                        VALUES (NOW(),'".mysql_real_escape_string($putItAt)."', '". $_SERVER['REMOTE_ADDR']."', '". $_SESSION['MM_UserGroup']."'
                        ,'" .$_SESSION['participationid'.$i]."');";
                        mysql_query($sql) or die(mysql_error());
                        }

                        $putItAt = "upload/".$_SESSION['MM_Username']."/" .sha1(rand())."-" .basename($_FILES['uploadedfile'.$i]['name']);

                        $putItAt = str_replace("php", "txt" , $putItAt);

                        if(move_uploaded_file($_FILES['uploadedfile'.$i]['tmp_name'],$putItAt)) {

                            savedata();

                        } else {

                            if(copy($_FILES['uploadedfile'.$i]['tmp_name'],$putItAt)) {

                                savedata();


                            } else {

                                echo 'Image upload has not been successful. go back and try again.';
                            }

                        }

                        // Ids 
            mysql_select_db($db, $EntrySystem);
            $insertTeamInfo = sprintf("INSERT INTO teamPlayers (Teamid, participationid, countryid, idplayer1, idplayer2, idplayer3, TimeStamp) 
                                        VALUES('','".$_SESSION['participationid']."', %s,'".$_SESSION['playerID1']."', '".$_SESSION['playerID2']."', '".$_SESSION['playerID3']."','')",
                                        GetSQLValueString($_POST['countryid'], "int"));

            mysql_query($insertTeamInfo) or die(mysql_error());

            $insertGoTo = "myentries.php";
      if (isset($_SERVER['QUERY_STRING'])) {
        $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
        $insertGoTo .= $_SERVER['QUERY_STRING'];
      } 
      header(sprintf("Location: %s", $insertGoTo));

                    }

                } 

        }

the HTML form is at the same page of the above php code

<form enctype="multipart/form-data" method="post" name="form1" action="<?php echo $editFormAction; ?>">


        <table width="100%">
        <tr>
        <td align="center">
    <label>
                <p>Select Championship</p>
    </label>

          <select name="championshipid">
            <option>Select championship..</option>
            <?php 
    do {  
    ?>
            <option value="<?php echo $row_availableChampionships['championshipid']?>" ><?php echo $row_availableChampionships['championshipname']?></option>
            <?php
    } while ($row_availableChampionships = mysql_fetch_assoc($availableChampionships));
    ?>
          </select>
          </td>
      </td>
        </tr>
        </table>
    // First table for selecting Championship

    <!-- Form one starts here -->

      Player 1

    <label><p>First Name </p></label>
    <input type="text" name="playerFirstName1" value="" />
    <input type="hidden" name="MAX_FILE_SIZE" value="5000000" />
    Choose a photo to upload: <input name="uploadedfile1" type="file" />
    <input name="countryid" type="hidden" value="<?php echo $_SESSION['MM_UserGroup']; ?>" />
    <input name="participationid" type="hidden" value="<?php echo $_SESSION['idparticipants']; ?>" />

<label>Last Name</label>
<input type="text" name="playerLastName1" value="" />
<label>Date of Birth</label>
          <select name="day1">
            <option>Day</option>
            <?php 
    for ($day = 1; $day <= 31; $day++) {
    echo "<option value=\"$day\">$day</option>\n";
    }

    ?>
          </select>
          <span class="selectRequiredMsg">Please select an item.</span></span><span id="spryMonthSelect">
            <select name="month1">
              <option>Month</option>
              <option value="01" >01-January</option>
              <option value="02" >02-February</option>
              <option value="03" >03-March</option>
              <option value="04" >04-April</option>
              <option value="05" >05-May</option>
              <option value="06" >06-June</option>
              <option value="07" >07-July</option>
              <option value="08" >08-August</option>
              <option value="09" >09-September</option>
              <option value="10" >10-October</option>
              <option value="11" >11-November</option>
              <option value="12" >12-December</option>
            </select>
              <select name="year1">
                <option>Year</option>
                <?php
     for ($year = 1950; $year <= 2005; $year++) {
    echo "<option value=\"$year\">$year</option>\n";
    }
      ?>
              </select>
              <label>National Ranking</label>
          <input type="text" name="playerNationalRanking1" value="" >
          <label>Phone Number</label>
          <input type="text" name="playerPhoneNumber1" value="" >
          <label>
          Email Address</label>
          <input type="text" name="playerEmailAddress1" value="">
          <label>
        Passport Number
      </label><input type="text" name="playerPassportNumber1" value="">
       <label>Playing History</label>
        <textarea name="playerPlayingHistory1" value="">
Member Avatar for diafol

This code looks 10 years old. Where did you get it?

It's using deprecated mysql_* functions, global variables, getsqlvaluestring with sprintf . This is all a nightmare, basically designed to avoid SQL injection. If you use mysqli or PDO, all this nonsense can be avoided.

ALso don't run a query on each iteration of the for loop, rather build up the query and run ONE query after exit of loop.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.