Click here to Skip to main content
14,603,916 members
Rate this:
Please Sign up or sign in to vote.
See more:
I want to create a attendance form with all the employee names in a HTML table from the database. Then the user has to enter certain values regarding each employee and then they have to save the data of all the employees into the database. Here is the table :
<table style="width:100%">
        <tr>
            <th>E_Code</th>
            <th>KjCode</th>
            <th>SecID</th>
            <th>Mkgs</th>
            <th>Akgs</th>
            <th>Ekgs</th>
            <th>Tkgs</th>
            <th width="100%">Name</th>
        </tr>
        <?php 
            for($i=1;$i<=mysqli_num_rows($sql1);$i++){ 
                $row = mysqli_fetch_array($sql1);
        ?>
        <tr>
            <td><input type="disabled" name="ecode<?php echo $i; ?>" class="input2" value="<?php $ecode = $row['ECode']; echo $ecode;?>" readonly></td>
            <td>
                <?='<select class="input" name="kjcode<?php echo $i; ?>" required>'.$dropOptions.'</select>' ?>
            </td>
            <td>
                <?='<select class="input" name="secid<?php echo $i; ?>" required>'.$dropOptions1.'</select>' ?>
            </td>
            <td><input class="input" type="number" name="mkgs<?php echo $i; ?>" placeholder="Mkgs"></td>
            <td><input class="input" type="number" name="akgs<?php echo $i; ?>" placeholder="Akgs" readonly></td>
            <td><input class="input" type="number" name="ekgs<?php echo $i; ?>" placeholder="Ekgs" readonly></td>
            <td><input class="input" type="number" name="tkgs<?php echo $i; ?>" placeholder="Tkgs"></td>
            <td width="100%"><input type="disabled" class="input2" value="<?=$row['EmpName'];?>" readonly></td>
            </tr>
        <?php }}?>
        </table>

However the code doesn't work, nothing gets inserted into the database. I have tried with different methods but only the last table row gets inserted. I know the code is vulnerable to various attacks, but it will be working in a offline server so doesn't matter much. If anyone can fix it'll be nice. Please help me out. Thanks in advance.

What I have tried:

I'm trying to insert the data into the database using this code :
if(isset($_POST['save'])){
       $size=sizeof($_POST);
       $number=$size/7;   //here 3 is number of column in the HTML table
       for($i=1;$i<=$number;$i++)
       {
           $index1="ecode".$i;
           $first[$i]=$_POST[$index1];
           $index2="kjcode".$i;
           $second[$i]=$_POST[$index2];
           $index3="secid".$i;
           $third[$i]=$_POST[$index3];
           /*$index4="mkgs".$i;
           $fourth[$i]=$_POST[$index4];
           $index5="akgs".$i;
           $fifth[$i]=$_POST[$index5];
           $index6="ekgs".$i;
           $sixth[$i]=$_POST[$index6];
           $index7="tkgs".$i;
           $seventh[$i]=$_POST[$index7];*/

          /* $save_query = mysqli_query($db, "insert into attendance(E_Code, KjCode, SecID, MKgs, AKgs, EKgs, TKgs, MuhuriID)
           values('$first[$i]', '$second[$i]', '$third[$i]', '$fourth[$i]', '$fifth[$i]', '$sixth[$i]', '$seventh[$i]', '$muhuri')");*/
           $save_query = mysqli_query($db, "insert into attendance(E_Code, KjCode, SecID, MuhuriID)
           values('$first[$i]', '$second[$i]', '$third[$i]', '$muhuri')");
       }
   }
Posted
Comments
Richard MacCutchan 5-May-20 3:31am
   
Did you open the db connection? Are you sure you need to divide $number by 7?
Richard Deeming 7-May-20 12:51pm
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100