Hi Everyone!

I'm hoping someone here can help me. I have a 5 page form with roughly 175
fields/checkboxes that I'm trying to get inserted into a mysql database.
My deadline on this whole project was only 3 days so I had to figure out a quick method of doing things. Rather than using sessions and/or standard php arrays I found a snippet of code that takes all $_POST data from a previous page and creates hidden fields in the next page. That works just fine for this project.
here's that bit of code:

<?php foreach ($_POST as $key => $val) {
  echo '<input type="hidden" name="' . $key . '" value="' 
    . htmlentities($val, ENT_QUOTES) . '" />' . "\r\n";
} 
?>

Ok, so this as I said is spread out through pages 2 through 5 and each page posts to the next page. Then page 5 posts to process.php which is supposed to take all the previous fields and insert into a database. But I can't get it to work. here's what I have in process.php

<?php include("../Connections/wtrcapp.php"); ?>
<?php foreach ($_POST as $key => $val) {
  echo '<input type="hidden" name="' . $key . '" value="' 
    . htmlentities($val, ENT_QUOTES) . '" />' . "\r\n";
 }
 foreach($key as $val) {
$insert="INSERT INTO westoco6_app (".implode(",", array_keys($key)).") VALUES ('".implode("','", array_values($val))."')";
}
mysql_query($insert) OR die(mysql_error())
?>

Now I don't know that I'm even close to the mark on this but i think I am...most of my errors originate from line 6, the second foreach statement.
The error I'm getting with the above code is:

Warning: Invalid argument supplied for foreach() in /home/westoco6/public_html/app/process.php on line 6
Query was empty

If anyone can give me a clue as to what I'm doing wrong here or point me in a better direction I'd be very appreciative. My deadline ends in the morning.

Thanks much for your time,
Michael Smith

    see this.

    if(!empty($_POST))
{

$first="";
$second="";
$insert="INSERT INTO westoco6_app (";
foreach ($_POST as $key => $var) 
{
	if($key!="Submit")
	{
			$first.="'$key',";
			$second.="'{$var}',";

		echo '<input type="hidden" name="' . $key . '" value="'	.  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
	}
}
$query=$insert.$first.") VALUES (".$second.");";
$query=str_replace(",)",")", $query) ;
print $query;
//   mysql_query($insert) OR die(mysql_error())


}
print "</form>";
?>

      ok cool, I'm going to give that a shot. I almost had my version working with some additions to it but it's trying to add the input names as well as the values. Obviously that doesn't work. Let me try your code and get back to you in a few.

      Thanks,
      Michael

        Ok...judging by the print that looks like it's actually going to work. Here's my problem now, when I remove:

        print $query;

        and

        print "</form>";

        and un comment:

         //   mysql_query($insert) OR die(mysql_error())

        I then get an unexpected } error on line 24. If I remove the } then I get an unexpected $end error...what am I doing wrong there?

        Michael

          Hello,

          In you original code you forget a ; at the END of that line:

           mysql_query($insert) OR die(mysql_error()) ;

          after you made a row version, lets make this script safer with an addition code,

          $second.="'".mysql_real_escape_string($var)."',";

          Hello,
          jjozsi

            so replace

            $second="";

            with

            $second.="'".mysql_real_escape_string($var)."',";

            Correct?

            Why am I getting the unexpected } and end errors? Obviously for final version I don't need the print, I'm just hoping to redirect to a success page. I realize for test I need the print but the echo looked perfect, best result I've gotten in 3 days.

            I've bookmarked your website in your signature as well, looks like you've got a lot of great tutorials.

            Thanks,
            Michael

              Ok I added the semi-colon, and re added the last }. you were right there.

              now I'm getting this error:

              You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

              here's my current code:

              <?php
mysql_connect("localhost", "myusername", "mypass") or die(mysql_error());
mysql_select_db("westoco6_app") or die(mysql_error());

if(!empty($_POST))
{

$first="";
$second="";
$insert="INSERT INTO westoco6_app (";
foreach ($_POST as $key => $var)
{
    if($key!="Submit")
    {
            $first.="'$key',";
            $second.="'{$var}',";

        echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
    }
}
$query=$insert.$first.") VALUES (".$second.");";
$query=str_replace(",)",")", $query) ;

   mysql_query($insert) OR die(mysql_error()) ; 
   }
?>

              Now, this error could be because my table name is "application" within the westoco6_app database.
              so perhaps this line:

               $insert="INSERT INTO westoco6_app (";

              should be:

               $insert="INSERT INTO application (";

              ?

              Thanks,
              Michael

                Yes, you must use table names in Insert.
                And don't forget to connect to the database.

                With this line you add into the second part of your SQL query the values.

                $second.="'".mysql_real_escape_string($var)."',";

                ------"Why am I getting the unexpected } and end errors? "-----
                maybe i have left a closing php block ( ?> ) at the end of your code.
                If you got an error , post the final code here, and we will help to solve that.

                I use </form> at the End of your code, becouse you must print the the hidden elements between the form and form closing tags.
                Hello,
                jjozsi

                  here's my final code so far. Just tried it and am getting the error:

                  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

                  here's the code:

                  <?php
mysql_connect("localhost", "myuser", "mypass") or die(mysql_error());
mysql_select_db("westoco6_app") or die(mysql_error());

if(!empty($_POST))
{

$first="";
   $second.="'".mysql_real_escape_string($var)."',";
    $insert="INSERT INTO application (";
    foreach ($_POST as $key => $var)
    {
        if($key!="Submit")
        {
                $first.="'$key',";
                $second.="'{$var}',";

        echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
    }
}
$query=$insert.$first.") VALUES (".$second.");";
$query=str_replace(",)",")", $query) ;

  mysql_query($insert) OR die(mysql_error()) ; 
	   }
?>

                  I am using localhost in the live script but have changed the username and password in this forum to myuser mypass. Just a side note there..don't think there's an issue with the connection.

                  here's the url of the process script: http://westtexasrehab.org/app/process.php

                  going back to
                  http://westtexasrehab.org/app/process.php
                  will start you at the beginning of the form. Just in case that helps for you to look at things.

                  Thanks so much, you're being a really huge help. I admit much of this is out of my comfort zone...

                  Michael

                    i check the error, see the comments (sorry but i missed a basic syntax):

                    
    if($key!="Submit")
    {
            $first.="`$key`,";  //    <-----   use ` in field names
            $second.="'{". mysql_real_escape_string($var)."}',";   //   <-----  use ' on values.

        echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
    }

                      Ok, I just straight copied your last code block into my code, because I didn't quite follow what you meant in the comments, I assumed you put the correct code before the comments.

                      here's what I have now:

                      <?php
mysql_connect("localhost", "myusername", "mypass") or die(mysql_error());
mysql_select_db("westoco6_app") or die(mysql_error());

if(!empty($_POST))
{

$first="";
   $second.="'".mysql_real_escape_string($var)."',";
    $insert="INSERT INTO application (";
    foreach ($_POST as $key => $var)
    {
        if($key!="Submit")
        {
                $first.="`$key`,";  //    <-----   use ` in field names
                $second.="'{". mysql_real_escape_string($var)."}',";   //   <-----  use ' on values.

        echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
    } 
}
$query=$insert.$first.") VALUES (".$second.");";
$query=str_replace(",)",")", $query) ;

  mysql_query($insert) OR die(mysql_error()) ; 
	   }
?>

                      I'm still getting the syntax error and my editor (PHP Designer) is telling me that the final }
                      right before the closing php tag is invalid.

                        ok, I got my editor to stop throwing the error, the code reall hasn't changed I just removed some white space. here's the code now:

                        <?php
mysql_connect("localhost", "myuser", "mypass") or die(mysql_error());
mysql_select_db("westoco6_app") or die(mysql_error());

if(!empty($_POST))
{

$first="";
   $second.="'".mysql_real_escape_string($var)."',";
    $insert="INSERT INTO application (";
    foreach ($_POST as $key => $var)
    {
        if($key!="Submit")
        {
                $first.="`$key`,";  //    <-----   use ` in field names
                $second.="'{". mysql_real_escape_string($var)."}',";   //   <-----  use ' on values.

        echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
    } 
}
$query=$insert.$first.") VALUES (".$second.");";
$query=str_replace(",)",")", $query) ;
mysql_query($insert) OR die(mysql_error()) ; 
}  
?>

                        but I still get the syntax error:

                        You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

                        and the best news is I actually understand what we're doing here. but apparently not enough to know why I get the syntax error. And just a side note, nothing has actually submitted to the database yet.

                        Thanks,
                        Michael

                          i've count the } { brackets and it looks OK.

                          <?php
	mysql_connect("localhost", "myuser", "mypass") or die(mysql_error());
	mysql_select_db("westoco6_app") or die(mysql_error());

if(!empty($_POST))
{

	$first="";
	$second="";
	$insert="INSERT INTO application (";
	foreach ($_POST as $key => $var)
	{
		if($key!="Submit")
		{
			$first.=$key.",";  //    <-----   use ` in field names if you want to make this better
			$second.="'". mysql_real_escape_string($var)."',";   //   <-----  use ' on values.

			echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
		}
	}
	$query=$insert.$first.") VALUES (".$second.");";
	$query=str_replace(",)",")", $query) ;
	mysql_query($insert) OR die(mysql_error()) ;
}
?>

                            Yeah I counted the brackets too, got my editor to recognize them. I think it was just some extra whitespace.

                            Alright, I noticed that my submit button name and type were "submit" and in your code you had:

                            if($key!="Submit")

                            So I changed my "submit" to "Submit".

                            still getting the error though and no submission to db.

                            Michael

                              test my previos code please.

                              and submit button's value might be Submit

                                ok I just tested the code you most recently posted. Still getting the error. here's that code:

                                <?php
mysql_connect("localhost", "myuser", "mypass") or die(mysql_error());
mysql_select_db("westoco6_app") or die(mysql_error());

 if(!empty($_POST))
    {

    $first="";
    $second="";
    $insert="INSERT INTO application (";
    foreach ($_POST as $key => $var)
    {
        if($key!="Submit")
        {
            $first.=$key.",";  //    <-----   use ` in field names if you want to make this better
            $second.="'". mysql_real_escape_string($var)."',";   //   <-----  use ' on values.

            echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
        }
    }
    $query=$insert.$first.") VALUES (".$second.");";
    $query=str_replace(",)",")", $query) ;
    mysql_query($insert) OR die(mysql_error()) ;
}
?>

                                Here's the code from page 5 that goes to the process page:

                                <form action="process.php" method="post" enctype="multipart/form-data" name="employment_form" id="employment_form">
 <?php foreach ($_POST as $key => $val) {
  echo '<input type="hidden" name="' . $key . '" value="' 
    . htmlentities($val, ENT_QUOTES) . '" />' . "\r\n";
} 
?>
<input name="Applicant_Signature" type="text" />
  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  <input name="Signature_Date" type="text" />
  <br />
  Signature of Applicant&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Date </p>
<p align="center">
  <input name="Submit" type="Submit" value="Submit my Application" />
</p>

</form>

                                Just to tell you, in the connection I've tried it with localhost, the ip, and also the domain url just to see if it made any difference. so far it hasn't. any of the 3 should work...

                                Thanks,

                                Michael

                                  i found the problem (we must use $query and not $insert in the mysql_query ):

                                          $query=str_replace(",)",")", $query) ;
        mysql_query($query) OR die(mysql_error()) ;

                                  i will happy if it works 🙂

                                  jjozsi

                                    Ok I had to step out for a few minutes, sorry for the delay.

                                    Ok, you were totally right on that last one, and it was really obvious, I should have seen that myself.

                                    Now, the only problem is it's trying to insert the Submit buttons value into the database:

                                    Unknown column 'submit' in 'field list'

                                    so we need to remove that from the array.

                                    I was thinking something like this:

                                    $submit_btn = array_keys($_POST, 'submit');
array_splice($_POST, $submit_btn, 1, "");

                                    What do you think?

                                    Michael

                                      change in your code a Submit into submit with lowercase.

                                        if($key!="submit")     
                                      
...
...

                                      if the posted key not equal with submit, then add the
                                      key and value to the mysql insert query

                                      Hello,
                                      jjozsi

                                        Ok, wait I gotcha. it already was a lowercase:

                                         $first="";
        $second="";
        $insert="INSERT INTO application (";
        foreach ($_POST as $key => $var)
        {
            if($key!="submit")
            {
                $first.=$key.",";  //    <-----   use ` in field names if you want to make this better
                $second.="'". mysql_real_escape_string($var)."',";   //   <-----  use ' on values.

            echo '<input type="hidden" name="' . $key . '" value="'    .  htmlentities($var, ENT_QUOTES)   . '" />' . "\r\n";
        }
    }

                                        I changed every submit in the entire site to lowercase just now