Click here to Skip to main content
14,735,271 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I have form where I get data from table to listbox. I can insert data, but no any from listbox. It says array for one option, and for another one I get from array to string conversion error.

<form action="dodajstudenta.php" method="POST">

        <div class="modal-body">

            <div class="form-group">
                <label> Ime i Prezime </label>
                <input type="text" name="ime" class="form-control" placeholder="Upišite Ime i Prezime">
            </div>
            <div class="form-group">
                <label> Upišite Spol </label>
                <input type="text" name="spol" class="form-control" placeholder="Upišite Spol (M/Ž)">
            </div>
            <div class="form-group">
                <label>Grad</label>
                <input style="font-style: #f89900" type="text" name="grad" class="form-control" placeholder="Upišite Grad iz kojeg dolazi Student">
            </div>
            <div class="form-group">
                <label>Telefon</label>
                <input style="font-style: #f89900" type="text" name="tel" class="form-control" placeholder="Upišite Telefon">
            </div>
            <div class="form-group">
                <label>Email</label>
                <input style="font-style: #f89900" type="email" name="email" class="form-control" placeholder="Upišite Email">
            </div>
            <div class="form-group">
                <label>Uzrast</label>
                <input style="font-style: #f89900" type="text" name="uzrast" class="form-control" placeholder="Upišite Uzrast">
            </div>
            <div class="form-group">
                <label>Škola</label>
                <input style="font-style: #f89900" type="text" name="skola" class="form-control" placeholder="Upišite Obrazovnu Ustanovu">
            </div>

            <div class="form-group">
              <label>Izaberite Programe sa liste</label>
             <select name="naziv[]" id="naziv" class="form-control action" id="naziv" multiple="">
              <option disabled selected>-- Izaberi Program --</option>
              <?php
                include "config/database.php";  // Using database connection file here
                $records = mysqli_query($conn, "SELECT naziv FROM program");  // Use select query here 

                while($data = mysqli_fetch_array($records))
                {
                echo "<option value='". $data['naziv'] ."'>" .$data['naziv'] ."</option>";  // displaying data in option menu
                } 
              ?>  
            </select> 
            </div>
        </div>
        <div class="modal-footer">
            <button type="button" class="btn btn-secondary" data-dismiss="modal">Zatvori</button>
            <button type="submit" value="Add Student" name="addstudent" class="btn btn-primary">Pošalji</button>
        </div>
      </form>


OPTION ONE PHP: called action dodajstudenta.php -> this works fine, but I get inserted in database table Array not, options form listbox.

<?php
require('config/database.php');
// When form submitted, insert values into the database.

if (isset($_REQUEST['ime'])) {
$ime = stripslashes($_REQUEST['ime']);
//escapes special characters in a string
$ime = mysqli_real_escape_string($conn, $ime);
if (isset($_REQUEST['spol'])) {
$spol = stripslashes($_REQUEST['spol']);
//escapes special characters in a string
$spol = mysqli_real_escape_string($conn, $spol);
if (isset($_REQUEST['grad'])) {
$grad = stripslashes($_REQUEST['grad']);
//escapes special characters in a string
$grad = mysqli_real_escape_string($conn, $grad);
if (isset($_REQUEST['telefon'])) {
$telefon = stripslashes($_REQUEST['telefon']);
//escapes special characters in a string
$telefon = mysqli_real_escape_string($conn, $telefon);
if (isset($_REQUEST['email'])) {
// removes backslashes
$email = stripslashes($_REQUEST['email']);
//escapes special characters in a string
$email = mysqli_real_escape_string($conn, $email);
if (isset($_REQUEST['uzrast'])) {
// removes backslashes
$uzrast = stripslashes($_REQUEST['uzrast']);
//escapes special characters in a string
$uzrast = mysqli_real_escape_string($conn, $uzrast);

if (isset($_REQUEST['skola'])) {
// removes backslashes
$skola = stripslashes($_REQUEST['skola']);
//escapes special characters in a string
$skola = mysqli_real_escape_string($conn, $skola);

if (isset($_REQUEST['naziv'])) {
// removes backslashes
$naziv = stripslashes($_REQUEST['naziv']);
//escapes special characters in a string
$naziv = mysqli_real_escape_string($conn, $naziv);

$naziv=$_POST["naziv"];

$query = "INSERT into `students` (ime, spol, grad, tel, email, uzrast, skola, naziv) VALUES ('$ime', '$spol', '$grad', '$tel', '$email', '$uzrast', '$skola', '$naziv')";
$result   = mysqli_query($conn, $query);
if ($result) {
header('Location: studenti.php');
echo "<div class='form'>
<h3>Uspješno ste dodali program.</h3><br/>
</div>";
} else {
echo "<div class='form'>
<h3>Niste sva polja popunili.</h3><br/>
</div>";
}
}
}
}
}
}
}
}
} else {
}
?>



OPTION TWO PHP: here I get problem with array string coversion

<?php 
  include("config/database.php");

  if (isset($_POST['addstudent'])) {
    $ime = $_POST['ime'];
    $spol = $_POST['spol'];
    $grad = $_POST['grad'];
    $tel = $_POST['tel'];
    $email = $_POST['email'];
    $uzrast = $_POST['uzrast'];
    $skola = $_POST['skola'];
    $naziv = $_POST['naziv'];

    $query = "INSERT INTO multiple `students`(`ime`, `spol`, `grad`, `tel`, `email`, `uzrast`, `skola`, `naziv`) VALUES ('$ime', '$spol', '$grad', '$tel', '$email','$uzrast','$skola','$naziv');";
    if (mysqli_query($conn,$query)) {
      $datainsert['insertsucess'] = '<p style="color: green;">Student Inserted!</p>';
    }else{
      $datainsert['inserterror']= '<p style="color: red;">Student Not Inserted, please input right informations!</p>';
    }
  }
?>


How acctually I can insert data, I am not so much good with javascript. Can I do it only with php?

What I have tried:

I tried different options, I would like to make to insert it automatically from listbox, or to put data into text box, and than insert into datatable.
Posted
Updated 5-Jul-20 23:34pm
Comments
Richard MacCutchan 5-Jul-20 8:59am
   
It is not clear what the actual problems are. For example, what do you mean by "here I get problem with array string coversion". Please try to be clear about exactly what happens when you run the code.
Member 14834980 5-Jul-20 10:24am
   
I made two codes for inserting data into table and I can not insert multiple select box data into database table. In a code i got this one ""Notice: Array to string conversion in C:\xampp\htdocs\civitas\studenti.php on line 24""
line 24: $query = "INSERT INTO multiple `students`(`ime`, `spol`, `grad`, `tel`, `email`, `uzrast`, `skola`, `naziv`) VALUES ('$ime', '$spol', '$grad', '$tel', '$email','$uzrast','$skola','$naziv');";

No data are inserted into database. I want to insert from my form all data into datatable simply.

Richard MacCutchan 5-Jul-20 10:45am
   
Variable "naziv" is an array, and you cannot pass an array as a string.

$query = "INSERT into `students` (ime, spol, grad, tel, email, uzrast, skola, naziv) VALUES ('$ime', '$spol', '$grad', '$tel', '$email', '$uzrast', '$skola', '$naziv')";

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
   
If I look at your code, then naziv is a field in the table program.

You are then loading this field data into your listbox as an array $data['naziv']

You are the trying to save the array as a string into your table students, which is the error you get, trying to convert an array to a string. You need to add it to your table students as -
'$naziv[0]'
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900