Insert multiple rows from a row using FOR LOOP
-2
can i inserting into mutiple rows mySQL from one row php with FOR LOOP in MySQL?
i have a form like this:
<form action="" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
if i submitted to mySQL become like this:
id | Member | Debit | Credit
---------------------------------
1 | Member A | 5000 | 1000
2 | Member A | 5000 | 1000
3 | Member A | 5000 | 1000
4 | Member A | 5000 | 1000
5 | Member A | 5000 | 1000
6 | Member A | 5000 | 1000
This is may code:
$var_i = 10;
if(isset($_POST['member'])) {
$var_detailMember = $_POST['member'];
}
if(isset($_POST['debit'])) {
$var_detailDebit = $_POST['debit'];
}
if(isset($_POST['credit'])) {
$var_detailCredit = $_POST['credit'];
}
if (isset($_POST['save'])) {
for($i=0;$i<=$var_i;$i++) {
$insertSQL = "INSERT INTO transaction (member, debit, credit) VALUES ('$var_detailMember', '$var_detailDebit', '$var_detailCredit')";
mysql_select_db($database, $connection);
mysql_query($insertSQL, $connection) or die(mysql_error());
}
}
Thank you for helping me
php mysql
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
add a comment |
-2
can i inserting into mutiple rows mySQL from one row php with FOR LOOP in MySQL?
i have a form like this:
<form action="" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
if i submitted to mySQL become like this:
id | Member | Debit | Credit
---------------------------------
1 | Member A | 5000 | 1000
2 | Member A | 5000 | 1000
3 | Member A | 5000 | 1000
4 | Member A | 5000 | 1000
5 | Member A | 5000 | 1000
6 | Member A | 5000 | 1000
This is may code:
$var_i = 10;
if(isset($_POST['member'])) {
$var_detailMember = $_POST['member'];
}
if(isset($_POST['debit'])) {
$var_detailDebit = $_POST['debit'];
}
if(isset($_POST['credit'])) {
$var_detailCredit = $_POST['credit'];
}
if (isset($_POST['save'])) {
for($i=0;$i<=$var_i;$i++) {
$insertSQL = "INSERT INTO transaction (member, debit, credit) VALUES ('$var_detailMember', '$var_detailDebit', '$var_detailCredit')";
mysql_select_db($database, $connection);
mysql_query($insertSQL, $connection) or die(mysql_error());
}
}
Thank you for helping me
php mysql
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
1
So you want to insert the same data 6 times? And what is your specific problem with that? You know how a basicforloop works, right?
– misorude
Nov 22 '18 at 9:39
Where is your PHP code ?
– executable
Nov 22 '18 at 9:39
1
yes you can, although I can't see why it would be useful. Just run the same INSERT statement 6 times using a loop. What have you tried?
– ADyson
Nov 22 '18 at 9:46
Re your update: Your code is using the long-deprecated mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 12:28
add a comment |
-2
-2
-2
can i inserting into mutiple rows mySQL from one row php with FOR LOOP in MySQL?
i have a form like this:
<form action="" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
if i submitted to mySQL become like this:
id | Member | Debit | Credit
---------------------------------
1 | Member A | 5000 | 1000
2 | Member A | 5000 | 1000
3 | Member A | 5000 | 1000
4 | Member A | 5000 | 1000
5 | Member A | 5000 | 1000
6 | Member A | 5000 | 1000
This is may code:
$var_i = 10;
if(isset($_POST['member'])) {
$var_detailMember = $_POST['member'];
}
if(isset($_POST['debit'])) {
$var_detailDebit = $_POST['debit'];
}
if(isset($_POST['credit'])) {
$var_detailCredit = $_POST['credit'];
}
if (isset($_POST['save'])) {
for($i=0;$i<=$var_i;$i++) {
$insertSQL = "INSERT INTO transaction (member, debit, credit) VALUES ('$var_detailMember', '$var_detailDebit', '$var_detailCredit')";
mysql_select_db($database, $connection);
mysql_query($insertSQL, $connection) or die(mysql_error());
}
}
Thank you for helping me
php mysql
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
can i inserting into mutiple rows mySQL from one row php with FOR LOOP in MySQL?
i have a form like this:
<form action="" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
if i submitted to mySQL become like this:
id | Member | Debit | Credit
---------------------------------
1 | Member A | 5000 | 1000
2 | Member A | 5000 | 1000
3 | Member A | 5000 | 1000
4 | Member A | 5000 | 1000
5 | Member A | 5000 | 1000
6 | Member A | 5000 | 1000
This is may code:
$var_i = 10;
if(isset($_POST['member'])) {
$var_detailMember = $_POST['member'];
}
if(isset($_POST['debit'])) {
$var_detailDebit = $_POST['debit'];
}
if(isset($_POST['credit'])) {
$var_detailCredit = $_POST['credit'];
}
if (isset($_POST['save'])) {
for($i=0;$i<=$var_i;$i++) {
$insertSQL = "INSERT INTO transaction (member, debit, credit) VALUES ('$var_detailMember', '$var_detailDebit', '$var_detailCredit')";
mysql_select_db($database, $connection);
mysql_query($insertSQL, $connection) or die(mysql_error());
}
}
Thank you for helping me
php mysql
php mysql
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
edited Nov 22 '18 at 10:58
Juniantoじゅにあんと
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
asked Nov 22 '18 at 9:31
JuniantoじゅにあんとJuniantoじゅにあんと
134
134
1
So you want to insert the same data 6 times? And what is your specific problem with that? You know how a basicforloop works, right?
– misorude
Nov 22 '18 at 9:39
Where is your PHP code ?
– executable
Nov 22 '18 at 9:39
1
yes you can, although I can't see why it would be useful. Just run the same INSERT statement 6 times using a loop. What have you tried?
– ADyson
Nov 22 '18 at 9:46
Re your update: Your code is using the long-deprecated mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 12:28
add a comment |
1
So you want to insert the same data 6 times? And what is your specific problem with that? You know how a basicforloop works, right?
– misorude
Nov 22 '18 at 9:39
Where is your PHP code ?
– executable
Nov 22 '18 at 9:39
1
yes you can, although I can't see why it would be useful. Just run the same INSERT statement 6 times using a loop. What have you tried?
– ADyson
Nov 22 '18 at 9:46
Re your update: Your code is using the long-deprecated mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 12:28
1
1
So you want to insert the same data 6 times? And what is your specific problem with that? You know how a basic
for loop works, right?– misorude
Nov 22 '18 at 9:39
So you want to insert the same data 6 times? And what is your specific problem with that? You know how a basic
for loop works, right?– misorude
Nov 22 '18 at 9:39
Where is your PHP code ?
– executable
Nov 22 '18 at 9:39
Where is your PHP code ?
– executable
Nov 22 '18 at 9:39
1
1
yes you can, although I can't see why it would be useful. Just run the same INSERT statement 6 times using a loop. What have you tried?
– ADyson
Nov 22 '18 at 9:46
yes you can, although I can't see why it would be useful. Just run the same INSERT statement 6 times using a loop. What have you tried?
– ADyson
Nov 22 '18 at 9:46
Re your update: Your code is using the long-deprecated mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 12:28
Re your update: Your code is using the long-deprecated mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 12:28
add a comment |
1 Answer
1
active
oldest
votes
0
Use the Below code, Here 10 Records will be inserted
<form action="save.php" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
//save.php
<?php
$limit=10;
$Member=Escape($_POST['member']);
$Debit=Escape($_POST['debit']);
$Credit=Escape($_POST['credit']);
$Insert = "INSERT INTO table_name(Member,Debit,Credit) values('".$Member."','".$Debit."','".$Credit.")";
for($i=1;$i<=$limit;$i++){
$Inserting=mysqli_query($dbconnection,$Insert);
}
function Escape($string){
$string = preg_replace('/[^p{L}p{N}s]/u', '', $string);
return $string;
}
?>
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
This code demonstrates the simple idea of using a loop to repeat the insert, but buyer beware: 1) It appears to be manually generating the ID, which can lead to duplicate IDs / key violations if more than one person tries to run the code at the same time (easily done in a web environment). Use an auto-increment key instead, don't insert it from the code.
– ADyson
Nov 22 '18 at 9:49
1
2) The code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
– ADyson
Nov 22 '18 at 9:49
3) This code is using the long-deprecatedmysql_code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to usingmysqliorPDOas soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 9:49
Downvoted for violating just about every principle of writing safe and correct SQL using PHP.
– ADyson
Nov 22 '18 at 9:51
Thanks for the edit. You've corrected points 1 and 3, but not 2.
– ADyson
Nov 22 '18 at 9:52
|
show 7 more comments
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427732%2finsert-multiple-rows-from-a-row-using-for-loop%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Use the Below code, Here 10 Records will be inserted
<form action="save.php" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
//save.php
<?php
$limit=10;
$Member=Escape($_POST['member']);
$Debit=Escape($_POST['debit']);
$Credit=Escape($_POST['credit']);
$Insert = "INSERT INTO table_name(Member,Debit,Credit) values('".$Member."','".$Debit."','".$Credit.")";
for($i=1;$i<=$limit;$i++){
$Inserting=mysqli_query($dbconnection,$Insert);
}
function Escape($string){
$string = preg_replace('/[^p{L}p{N}s]/u', '', $string);
return $string;
}
?>
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
This code demonstrates the simple idea of using a loop to repeat the insert, but buyer beware: 1) It appears to be manually generating the ID, which can lead to duplicate IDs / key violations if more than one person tries to run the code at the same time (easily done in a web environment). Use an auto-increment key instead, don't insert it from the code.
– ADyson
Nov 22 '18 at 9:49
1
2) The code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
– ADyson
Nov 22 '18 at 9:49
3) This code is using the long-deprecatedmysql_code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to usingmysqliorPDOas soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 9:49
Downvoted for violating just about every principle of writing safe and correct SQL using PHP.
– ADyson
Nov 22 '18 at 9:51
Thanks for the edit. You've corrected points 1 and 3, but not 2.
– ADyson
Nov 22 '18 at 9:52
|
show 7 more comments
0
Use the Below code, Here 10 Records will be inserted
<form action="save.php" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
//save.php
<?php
$limit=10;
$Member=Escape($_POST['member']);
$Debit=Escape($_POST['debit']);
$Credit=Escape($_POST['credit']);
$Insert = "INSERT INTO table_name(Member,Debit,Credit) values('".$Member."','".$Debit."','".$Credit.")";
for($i=1;$i<=$limit;$i++){
$Inserting=mysqli_query($dbconnection,$Insert);
}
function Escape($string){
$string = preg_replace('/[^p{L}p{N}s]/u', '', $string);
return $string;
}
?>
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
This code demonstrates the simple idea of using a loop to repeat the insert, but buyer beware: 1) It appears to be manually generating the ID, which can lead to duplicate IDs / key violations if more than one person tries to run the code at the same time (easily done in a web environment). Use an auto-increment key instead, don't insert it from the code.
– ADyson
Nov 22 '18 at 9:49
1
2) The code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
– ADyson
Nov 22 '18 at 9:49
3) This code is using the long-deprecatedmysql_code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to usingmysqliorPDOas soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 9:49
Downvoted for violating just about every principle of writing safe and correct SQL using PHP.
– ADyson
Nov 22 '18 at 9:51
Thanks for the edit. You've corrected points 1 and 3, but not 2.
– ADyson
Nov 22 '18 at 9:52
|
show 7 more comments
0
0
0
Use the Below code, Here 10 Records will be inserted
<form action="save.php" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
//save.php
<?php
$limit=10;
$Member=Escape($_POST['member']);
$Debit=Escape($_POST['debit']);
$Credit=Escape($_POST['credit']);
$Insert = "INSERT INTO table_name(Member,Debit,Credit) values('".$Member."','".$Debit."','".$Credit.")";
for($i=1;$i<=$limit;$i++){
$Inserting=mysqli_query($dbconnection,$Insert);
}
function Escape($string){
$string = preg_replace('/[^p{L}p{N}s]/u', '', $string);
return $string;
}
?>
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
Use the Below code, Here 10 Records will be inserted
<form action="save.php" method="POST" name="inputRecord" id="inputRecord">
<input type="text" name="member" id="member" value="Member A">
<input type="text" name="debit" id="debit" value="5000">
<input type="text" name="credit" id="credit" value="1000">
<input type="submit" name="save" id="save" value="OK">
</form>
//save.php
<?php
$limit=10;
$Member=Escape($_POST['member']);
$Debit=Escape($_POST['debit']);
$Credit=Escape($_POST['credit']);
$Insert = "INSERT INTO table_name(Member,Debit,Credit) values('".$Member."','".$Debit."','".$Credit.")";
for($i=1;$i<=$limit;$i++){
$Inserting=mysqli_query($dbconnection,$Insert);
}
function Escape($string){
$string = preg_replace('/[^p{L}p{N}s]/u', '', $string);
return $string;
}
?>
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
edited Nov 22 '18 at 10:02
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
answered Nov 22 '18 at 9:45
Brindha BaskaranBrindha Baskaran
9510
9510
This code demonstrates the simple idea of using a loop to repeat the insert, but buyer beware: 1) It appears to be manually generating the ID, which can lead to duplicate IDs / key violations if more than one person tries to run the code at the same time (easily done in a web environment). Use an auto-increment key instead, don't insert it from the code.
– ADyson
Nov 22 '18 at 9:49
1
2) The code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
– ADyson
Nov 22 '18 at 9:49
3) This code is using the long-deprecatedmysql_code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to usingmysqliorPDOas soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 9:49
Downvoted for violating just about every principle of writing safe and correct SQL using PHP.
– ADyson
Nov 22 '18 at 9:51
Thanks for the edit. You've corrected points 1 and 3, but not 2.
– ADyson
Nov 22 '18 at 9:52
|
show 7 more comments
This code demonstrates the simple idea of using a loop to repeat the insert, but buyer beware: 1) It appears to be manually generating the ID, which can lead to duplicate IDs / key violations if more than one person tries to run the code at the same time (easily done in a web environment). Use an auto-increment key instead, don't insert it from the code.
– ADyson
Nov 22 '18 at 9:49
1
2) The code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
– ADyson
Nov 22 '18 at 9:49
3) This code is using the long-deprecatedmysql_code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to usingmysqliorPDOas soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 9:49
Downvoted for violating just about every principle of writing safe and correct SQL using PHP.
– ADyson
Nov 22 '18 at 9:51
Thanks for the edit. You've corrected points 1 and 3, but not 2.
– ADyson
Nov 22 '18 at 9:52
This code demonstrates the simple idea of using a loop to repeat the insert, but buyer beware: 1) It appears to be manually generating the ID, which can lead to duplicate IDs / key violations if more than one person tries to run the code at the same time (easily done in a web environment). Use an auto-increment key instead, don't insert it from the code.
– ADyson
Nov 22 '18 at 9:49
This code demonstrates the simple idea of using a loop to repeat the insert, but buyer beware: 1) It appears to be manually generating the ID, which can lead to duplicate IDs / key violations if more than one person tries to run the code at the same time (easily done in a web environment). Use an auto-increment key instead, don't insert it from the code.
– ADyson
Nov 22 '18 at 9:49
1
1
2) The code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
– ADyson
Nov 22 '18 at 9:49
2) The code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
– ADyson
Nov 22 '18 at 9:49
3) This code is using the long-deprecated
mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.– ADyson
Nov 22 '18 at 9:49
3) This code is using the long-deprecated
mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.– ADyson
Nov 22 '18 at 9:49
Downvoted for violating just about every principle of writing safe and correct SQL using PHP.
– ADyson
Nov 22 '18 at 9:51
Downvoted for violating just about every principle of writing safe and correct SQL using PHP.
– ADyson
Nov 22 '18 at 9:51
Thanks for the edit. You've corrected points 1 and 3, but not 2.
– ADyson
Nov 22 '18 at 9:52
Thanks for the edit. You've corrected points 1 and 3, but not 2.
– ADyson
Nov 22 '18 at 9:52
|
show 7 more comments
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427732%2finsert-multiple-rows-from-a-row-using-for-loop%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
So you want to insert the same data 6 times? And what is your specific problem with that? You know how a basic
forloop works, right?– misorude
Nov 22 '18 at 9:39
Where is your PHP code ?
– executable
Nov 22 '18 at 9:39
1
yes you can, although I can't see why it would be useful. Just run the same INSERT statement 6 times using a loop. What have you tried?
– ADyson
Nov 22 '18 at 9:46
Re your update: Your code is using the long-deprecated mysql_ code library. It was discontinued many years ago and removed entirely in PHP7. No new code should be written using this library. It leaves you vulnerable to SQL injection attacks (due to the lack of parameterised query support) and potentially other unpatched vulnerabilities. Switch to using mysqli or PDO as soon as possible, and then learn how to write parameterised queries to protect your data from malicious input. See bobby-tables.com for a simple explanation of the risks and some sample PHP code to write queries safely.
– ADyson
Nov 22 '18 at 12:28