MySQL Insert - Values ​​from entries using the name array. (PHP)

advertisements

I am currently producing a form via mysql / php. I have well over 1500 inputs with unique values and I would like to insert them into a mysql table (1 value / row)

I am creating the form this way:

echo "<input type='text' name='combination[]' value='justsometext". $row['name'] ."'><br />";

I have around 1500 inputs like this and I would like to insert them into one column, how do I go about?

I am using the following code to insert, but it is only inserting 0s instead of the actual values:

foreach ($_POST['combination'] as $combination) {
$sql="INSERT INTO alphabet_combination (combination)
VALUES
('$combination')";
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}


First of all: How can I prevent SQL injection in PHP?

Second: 1500 inputs? Wow... You have to double check if your php.ini configuration will handle it.

If you really want to put 1500 values in one column - maybe you should consider to serialize array and keep it that way?

In prepared statement this will look like this:

$combinations = serialize($_POST['combination']);

$q = mysqli_prepare($con, 'INSERT INTO alphabet_combination (combination) VALUES (?)');
mysqli_stmt_bind_param($q, 's', $combinations);
mysqli_stmt_execute($q);

If you want for each value single INSERT so after submit in database will be next 1500 rows:

$q = mysqli_prepare($con, 'INSERT INTO alphabet_combination (combination) VALUES (?)');
mysqli_stmt_bind_param($q, 's', $combination);

foreach ($_POST['combination'] as $combination) {
    mysqli_stmt_execute($q);
}