How to make a PHP query to add array into MySQL?

The site has a plaque, which will be updated and recorded dynamically from the admin panel.
The code added looks like this:

<div id="dynamic-form" class="dynamic-form">
<a href="#dynamic-form" id="add">Add</a> 
<a href="#dynamic-form" id="remove">Remove</a> 
<a href="#dynamic-form" id="reset">Reset</a>
br><br><br>
<div class="inputs">
the <div>
<label class="stylelabel" >product Name</label> 
<input type="text" name="tovar[]" class="field" value="product Name" style="width: 78%;">
<input type="text" name="many[]" class="field" value="Price" style="width: 20%;"><br></div>
</div></div>


Processor:

if (empty($_POST["tovar"])) {
include("actions/upload-tovar.php");
unset($_POST["tovar"]);
}
 if (empty($_POST["many"])) {
include("actions/upload-tovar.php");
unset($_POST["many"]);
 }


The query itself:

$link = mysqli_connect($db_host, $db_user, $db_password, $db_database)
or die("Error" . mysqli_error($link));

if ($_POST['tovar']['many'][0]) {

 for ($i = 0; $i < count($_POST['tovar']['many']); $i++) {

 if ($_POST['tovar']['many'][$i]) {

 $tovar = $_POST['tovar'][$i];
 $many = $_POST['many'][$i];


 if ($_POST['tovar']['many'][$i]) {

 mysqli_query($link,"INSERT INTO tovar(of products_id,tovar,many)
VALUES(
'".$id."',
'".$tovar."',
'".$many."'
)");

 } else {
 $_SESSION['answer'] = "Error";
}
}
}
}


The point is that there is a base called category and have a database called products. Are added simultaneously from one page. Commodities are moving up to the categories table according to the value of products_id.

In General, the above code is not working. Why?
April 4th 20 at 13:30
2 answers
April 4th 20 at 13:32
Look at the logs, take the error output and see what shows. Make a log of what the result is a query and check that everything is correct. It is likely that the problem is in the types.

Also, in General the code to some strange excess, the handler generally are not particularly carries meaning, can do normal routing? The same record in the database came from outside data, is a vulnerability allows to access the database and at least to carry her. Yes, and multiple insert into the DB through the cycle too is you can do everything in one request.
April 4th 20 at 13:34
Because the arrays $_POST['tovar'] and $_POST['many'] exist (these are passed from the form), but the array $_POST['tovar']['many'] does not exist at all.

Should be:
$link = mysqli_connect($db_host, $db_user, $db_password, $db_database) or die("Error:" . mysqli_error($link));

foreach ($_POST['tovar'] as $i => $tovar) {
 if (!empty($tovar) AND !empty($_POST['many'][$i])) {
 $many = $_POST['many'][$i];
 mysqli_query($link,"INSERT INTO tovar(of products_id,tovar,many)
VALUES(
 '".mysqli_real_escape_string($link, $id)."',
 '".mysqli_real_escape_string($link, $tovar)."',
 '".mysqli_real_escape_string($link, $many)."'
 )") or die("Error: ".mysqli_error($link));
 } else {
 $_SESSION['answer'] = "Error";
}
}


And yet, $id comes out of nowhere, right?
All exactly is not working. Commodities are moving up to the categories table by value tovar (of products_id) to categorys (id)

Here displayed that of products_id = id.

It is defined above:

$link = mysqli_connect($db_host, $db_user, $db_password, $db_database) 
 or die("Error" . mysqli_error($link)); 

 $query ="INSERT INTO categorys ( category, brand ) VALUES ( '$brand', '$brands' )";

$result = mysqli_query($link, $query) or die("Error" . mysqli_error($link)); 
$id = mysqli_insert_id($link);
- stephanie.Kuvalis commented on April 4th 20 at 13:37
And the output MySQL errors on the page there? If there is, cite.
If not - then with the data in $_POST is something wrong. - Bradford_Kreiger66 commented on April 4th 20 at 13:40
@Bradford_Kreiger66, No mistakes there at all. - stephanie.Kuvalis commented on April 4th 20 at 13:43
Then begins the net debugging. You can start with var_dump($_POST);exit(); before the new code. And look what's still in the data-it is passed... - Bradford_Kreiger66 commented on April 4th 20 at 13:46

Find more questions by tags PHP