1

I have these textarea generated by while loop:

<form id='form_tbl' action='include/value.inc.php' method="POST"><input type="hidden" name="intrebare" value="1">
  <?php
    $sql = "SELECT NUME, PRENUME, TIP, ID
        FROM personal
        WHERE TIP <> 'Inactiv'
        ORDER BY NUME ASC";
    $result = $conn->query($sql);
    echo "<table><tr><th>NUME</th><th>NOTA</th><th>SUGESTII</th></tr>";
    while($row = $result->fetch_assoc()) {
      echo "<tr><td><input type='hidden' name ='id_personal[". $row['ID'] ."]' value='". $row["ID"]."'>" . $row["NUME"]. ' '. $row["PRENUME"]. "</td>";
      echo "<td><select name='nota_pers[". $row['ID'] ."]' autocomplete='off'><option disabled selected>nota</option>";
      for($i=1; $i<=10; $i++){ 
        echo "<option value='$i'>$i</option>\n";
      };
      echo "</select></td>";
      echo "<td><textarea name='sugestie' form='form_tbl' maxlength='200'></textarea></td></tr>";
    }
    echo '</table><button>NEXT ></button>';
  ?>
  </form>
And value.inc.php: 

<?php
include "bd_cnx.inc.php";
$insert_str = null;
$nota_pers = $_POST ['nota_pers'];
$intrebare = $_POST ['intrebare'];
$sugestie = $_POST ['sugestie'];

foreach ($nota_pers as $key => $value){
 $insert_str [] = '(' . $key . ', ' . $value . ', ' . $intrebare . ', ' . $sugestie .')';
}

$var = implode(', ', $insert_str);
$sql = "INSERT INTO chestionar (ID_PERSONAL, NOTA, INTREBAREA, SUGESTII) VALUES " . $var;
?>
When I test with echo '<pre>'.print_r($insert_str,true).'</pre><br>'; the browser generated an array as: [0] => (55, 5, 1, Array). How can I repalce the array with the text from each textarea.

Thank you!

ster
  • 191
  • 1
  • 13
  • First I'd escape the values you are inserting. http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – ShiraNai7 Oct 23 '16 at 17:22

0 Answers0