0

I have a problem with my ajax code... I have a list of checkbox, the idea is insert the data of the marked checkboxes into the database.

If I select only one check box, the insert is correct. But if I select for example 3, all data appears on the same field, as unique value.

This is the example:

HTML

    <input type="checkbox" class="get_value" value="test1">test1</br>
    <input type="checkbox" class="get_value" value="test2">test2</br>
    <input type="checkbox" class="get_value" value="test3">test3</br>
    <input type="checkbox" class="get_value" value="test4">test4</br>
    <input type="checkbox" class="get_value" value="test5">test5</br>
<button type='button' name='submit' id="submit">Submit</button>

This is the ajax code

        <script>
            $(document).ready(function(){
                $('#submit').click(function(){
                    var insert = [];
                    $('.get_value').each(function(){
                        if($(this).is(":checked")){
                            insert.push($(this).val());
                        }
                    });
                    insert = insert.toString();
                    $.ajax({
                        url: "./functions/add_list.php",
                        method: "POST",
                        data:{insert:insert},
                        }
                    });
                });
            });
        </script>

And this one the PHP that do the insert into the database:

if(isset($_POST["insert"])){
    $query = 'INSERT INTO music (name,username) VALUES ("'.$_POST["insert"].'","'.$username.'")';
    $result = mysqli_query($conn, $query);
}

For example if I check "test1" and "test2", I will see in my MySQL "name" field "test1,test2". But I need see them in diferent fields, not in the same.

I have tested the "foreach ($_POST["insert"] as $value) { insert... } but it did not help me.

Someone have an idea about my error?

I appreciate your help so much. Regards,

Improve this question
3
  • Your code is vulnerable to sql injection, you have to use prepared statements Commented Nov 18, 2017 at 22:10
  • you mean you want different row for those two values right ? Commented Nov 18, 2017 at 22:11
  • Yes, different rows. I do not want them as "same" value. Commented Nov 18, 2017 at 22:12

1 Answer 1

Reset to default
1

you need to loop on the server side too :

$arr = explode(',', $_POST["insert"]);
foreach ($arr as $val) {
          $query = 'INSERT INTO music (name,username) VALUES ("'.$val.'","'.$username.'")';
          $result = mysqli_query($conn, $query);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Yeah! It worked. Thank you. Do you know if is it possible use another delimiter? Because some values have a ' , ' as name. Can I use for example... '%' ?
Cool, think about the YouneL comment, your code is vulnerable to sql injection.
Ho! And... how can I do it safer? This is how they taught me at school...
Note that wouldn't need to explode the string if it was sent as array in the first place by removing insert = insert.toString();
Should also convert to parameterized query

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.