Problem when inserting value of an array in BD

Question

Problem when inserting value of an array in BD

Navigation

#1 by (0 votes)
#2 by (0 votes)

0

This code does not insert the path in the database. Instead it inserts the value when the array is set to VALUES as such, thus; ". $ array [0]." When echoing the variable $ path0 1, 2 prints the value. Where can the fault be?

    <?php
include('conexion.php');

$title = $_POST['title'];
$description = $_POST['description'];
$array= $_POST['images'];

$url ='files/';
$ruta0= $url.".$array[0].";
$ruta1= $url.".$array[1].";
$ruta2= $url.".$array[2].";


$sql= mysqli_query($mysqli, "INSERT INTO tabla (title, description, img1, img2, img3 ) VALUES( '$title', '$description', '$ruta0', $ruta1, $ruta2);

?>

php array rutas

asked by Mamen Maria 26.10.2017 в 18:35

source

2 answers

Client SOAP FATCA Tax Agency java PHP MVC Submit button does not work

score 0 · Answer 1

Instead of

( '$title', '$description', '$ruta0', $ruta1, $ruta2 );

which is incorrect, you have to write the following:

(".$title.", ". $description.", ".$ruta0.", ".$ruta1.", ".$ruta2.")";

The problem is that you are inserting the variables as plain text, so save that text ( $ruta1 ) in the database instead of the content of the variable $ruta1 .

I hope I have helped you, if you have any doubt tell me, a greeting!

score 0 · Answer 2

Your code is insecure, because it is vulnerable to SQL injections.

I will show a solution based on prepared queries.

For more details, check the MySQL documentation .

<?php
include('conexion.php');


/* chequear conexión */
if ($mysqli) {

    $sql="INSERT INTO tabla (title, description, img1, img2, img3 ) VALUES( ?, ?, ?, ?, ?)";

    $stmt = mysqli_prepare($mysqli, $sql);
    mysqli_stmt_bind_param($stmt, 'sssss', $title, $description, $ruta1, $ruta2, $ruta3);

    $title = $_POST['title'];
    $description = $_POST['description'];
    $array= $_POST['images'];

    $url ='files/';
    $ruta1= $url.$array[0];
    $ruta2= $url.$array[1];
    $ruta3= $url.$array[2];

    /* Ejecutar la consulta preparada */
    mysqli_stmt_execute($stmt);

    printf("%d Fila insertada.\n", mysqli_stmt_affected_rows($stmt));

    /* Cerrar recursos */
    mysqli_stmt_close($stmt);

    mysqli_close($mysqli);

}else{

    echo "Revisa la conexión a la BD";
}

?>