Send form array, php, mysql

Navigation
1

Good, these days I was doing a form to keep some links inside my database, but the truth had never used the forms with array & I've searched a lot, but none of them I do.

How can I make it work?

My code is as follows: 

$screenshot = $user->filtertext($_POST['panta']);

if (empty($_POST['panta'])) {

    $_SESSION['ERROR_RETURN'] = "Debes rellenar todos los Campos.";
    header("LOCATION: " . LINK . "/screenshot_publi.php");

} else {

    foreach ($screenshot as $screen) {

        $query_add = $db->query("INSERT INTO screenshot (user_id, screenshot, date_add, stats) VALUES ('{$myid}', '{$screen}', '{$time}', 'Solicitado')");

    }

    $_SESSION['GOOD_RETURN'] = "Se han publicado tu(s) pantallazo(s).";
    header("LOCATION: " . LINK . "/screenshot_publi.php");

}

Form: 

<form action="<?php echo LINK; ?>/screenshot_publi.php?action=add" method="post">
    <table>
        <tbody id="content_screenshot">
            <tr>
                <td>Nombre de Usuario</td>
                <td><input style="margin-top: 0; width: calc(100% - 10px); padding-right: 5px" class="inputgray" name="username" value="<?php echo $myusername ?>" disabled ></td>
            </tr>
            <tr id="div_screenshot">
                <td>Pantallazo #1</td>
                <td><input style="margin-top: 0; width: calc(100% - 10px); padding-right: 5px" type="text" class="inputgray" name="panta[]" placeholder="Escribe el Link de tu pantallazo..." required></td>
            </tr>
        </tbody>
        <tbody>
            <tr>
                <td colspan="2"><input style="margin-bottom: 10px" class="submitblue" type="submit" name="submit" value="Guardar Pantallazos" accesskey="s"></td>
            </tr>
        </tbody>
    </table>
    </form>
    
asked by Ćarlos Omar 10.09.2016 в 20:10
source

3 answers

2

From what I see in your code the variable that you need to save is called panta[] we should keep in mind the following.

  • $screenshot = $user->filtertext($_POST['panta']) in this line are processing what comes through a post, now that does that only God and you know.
  • Then validate that the content of the post is not empty when you already assigned it to a variable named screenhost, how do you know it is not empty?
  • $query_add = $db->query("INSERT INTO screenshot (user_id, screenshot, date_add, stats) VALUES ('{$myid}', '{$screen}', '{$time}', 'Solicitado')"); in this line you have 3 defined variables and I only see what happens one apparently.

    • Validate those points before anything.

        
    answered by 10.09.2016 в 20:19
    1

    Let's see if this is what you need, I'll give you another example so you can see it from another perspective. 

    <form action="" method="post">
<input type="checkbox" name="planta[]" id="planta1" value="rosa">
<input type="checkbox" name="planta[]" id="planta2" value="margarita">
<input type="checkbox" name="planta[]" id="planta3" value="clavel">
<button type="submit">Enviar</button>

    Now we have an array called plant [] with the values inside ("rose, daisy, chrysanthemums) Assuming that all the values have been marked, otherwise only the values that have been marked before will be in the array. to send the form.

    Now to add it to the database ... 

    require_once "conexión.php"; / el objeto $cnn viene de aquí

$sql = "INSERT INTO tabla (col1,col2,col3,col4) VALUES (:valor1,:valor2,:valor3)";
$result = $cnn->prepare($sql);
$result->execute(array(':valor1'=>$v1, ':valor2'=>$v2,':valor3'=>$v3));

    the variables v1, v2, v3 would be the values you want to assign to the column

        
    answered by 12.09.2016 в 12:18
    1

    I already saw what the problem is, but still I do not want to eliminate it because it is very useful to me. 

    function filter($str) {
    global $db;
    $str = $db->escape_string(htmlspecialchars($str));
    $str = stripslashes(htmlspecialchars($str));
    $texto = trim($str); // Eliminamos espacios en blanco o caracteres al principio y final del post
    $texto = htmlspecialchars($texto); // funciona casi igual que htmlentities
    $texto = str_replace("INSERT","IN-SER-T",$texto);  // Remplazamos palabras que podrian ser usadas para alterar la BD
    $texto = str_replace("DELETE","DE-LE-TE",$texto);
    $texto = str_replace("TRUNCATE","TRUN-CA-TE",$texto);
    $texto = str_replace("SELECT","SE-LEC-T",$texto);
    $texto = str_replace("ALTER","AL-TER",$texto);
    $texto = str_replace("UPDATE","UP-DA-TE",$texto);
    $texto = str_replace("inert","IN-SER-T",$texto);  // Remplazamos palabras que podrian ser usadas para alterar la BD
    $texto = str_replace("delete","DE-LE-TE",$texto);
    $texto = str_replace("truncate","TRUN-CA-TE",$texto);
    $texto = str_replace("select","SE-LEC-T",$texto);
    $texto = str_replace("alter","AL-TER",$texto);
    $texto = str_replace("update","UP-DA-TE",$texto);
    $texto = str_replace("script","",$texto);
    $texto = str_replace("SCRIPT","",$texto);
    $texto = str_replace('"','&#34;',$texto);
    $texto = str_replace("'","&#39;",$texto);
    $texto = str_replace("<","&#60;",$texto);
    $texto = str_replace(">","&#62;",$texto);
    $texto = str_replace("(","",$texto);
    $str = str_replace(")","",$texto);
    return $str;
}

if($newsstate == true) {
    function filternews($str) {
        $texto = str_replace("INSERT","IN-SER-T",$str);  // Remplazamos palabras que podrian ser usadas para alterar la BD
        $texto = str_replace("DELETE","DE-LE-TE",$texto);
        $texto = str_replace("TRUNCATE","TRUN-CA-TE",$texto);
        $texto = str_replace("SELECT","SE-LEC-T",$texto);
        $texto = str_replace("ALTER","AL-TER",$texto);
        $texto = str_replace("UPDATE","UP-DA-TE",$texto);
        $texto = str_replace("inert","IN-SER-T",$texto);  // Remplazamos palabras que podrian ser usadas para alterar la BD
        $texto = str_replace("delete","DE-LE-TE",$texto);
        $texto = str_replace("truncate","TRUN-CA-TE",$texto);
        $texto = str_replace("select","SE-LEC-T",$texto);
        $texto = str_replace("alter","AL-TER",$texto);
        $texto = str_replace("update","UP-DA-TE",$texto);
        $texto = str_replace("script","",$texto);
        $texto = str_replace("SCRIPT","",$texto);
        $texto = str_replace('"','',$texto);
        $texto = str_replace("'","",$texto);
        $texto = str_replace("location","",$texto);
        $texto = str_replace("�","&iacute;",$texto);
        $texto = str_replace("�","&aacute;",$texto);
        $texto = str_replace("�","&oacute;",$texto);
        $texto = str_replace("�","&uacute;",$texto);
        $texto = str_replace("�","&eacute;",$texto);
        $texto = str_replace("�","&ntilde;",$texto);
        $texto = str_replace("�","&Iacute;",$texto);
        $texto = str_replace("�","&Aacute;",$texto);
        $texto = str_replace("�","&Oacute;",$texto);
        $texto = str_replace("�","&Uacute;",$texto);
        $texto = str_replace("�","&Eacute;",$texto);
        $texto = str_replace("�","&Ntilde;",$texto);
        return $str;
    }
}else{
    if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
            foreach($_POST as $key => $p)
            {
                $_POST[$key] = htmlentities(filter($p));
                $_POST[$key] = filter($p);
                $_POST[$key] = filter(html_entity_decode($p));
            }

            //Filtro las entradas v�a GET
            foreach($_GET as $key => $g)
            {
                $_GET[$key] = filter($g);
            }
        foreach($_COOKIE as $key => $s)
            {
                $_COOKIE[$key] = filter($s);
            }
            //Filtro las entradas v�a REQUEST
            foreach($_REQUEST as $key => $k)
            {
                $_REQUEST[$key] = filter($k);
            }
        }
        if(isset($_GET)){

            //Filtro las entradas v�a GET
            foreach($_GET as $key => $f)
            {
                $_GET[$key] = strip_tags(htmlentities(filter($f)));
            }
        }
}

    This part is the one of the problem: 

    foreach($_POST as $key => $p)
            {
                $_POST[$key] = htmlentities(filter($p));
                $_POST[$key] = filter($p);
                $_POST[$key] = filter(html_entity_decode($p));
            }

    If I delete it, the problem with the array is fixed, but the other characters would not have the filter and could cause problems.

    PS: This code is not mine for logical reasons, that's why I do not know how to handle it well, but I do some things based on it.

    Greetings.

        
    answered by 17.09.2016 в 18:01
    Delete a class but java keeps finding it Shaping a LinearLayout with gradient