inserting POST variable into sql string.

[denoteone]

I have three pieces of data I need to insert

1. is a post variable named storeid

2.  a value stored in an array named products1

3.  the value of an input from a form the inputs name is the same set by an array

 

for($i=0;$i<20;$i++){
$sql="INSERT INTO price2 (storeID, productID, price) VALUES ('".$_POST['storeid']."','$products1[$i]','".$_POST[$products1[$i]]."')";
	$result = $db->query($sql);

			}

 

Any help would be great.

 

[XeNoMoRpH1030]

Well, what's the problem, besides the lack of escaping and potential SQL injection?

 

for($i=0;$i<20;$i++){
$sql="INSERT INTO price2 (storeID, productID, price) VALUES ('".$_POST['storeid']."','".$products1[$i]."','".$_POST[$products1[$i]]."')";
	$result = $db->query($sql);
			}

[Catfish]

where does the values in $products1 come from?

do those values (in $products1) correctly corresspond to the key names in $_POST? verify this through debugging

what is the current script doing wrong? post error messages?

[denoteone]

it was working I had an issue with my phpmyadmin setting so I was not seeing the data inserted.

 

Thanks

 

I am going to update the string to escape quotes

[ksugihara]

I think more what we are asking is, what specifically is the issue? You gave us a code snippet of the query, but nothing else relevant. The issue could be all sorts of places. If we know what is going on, then we know where to look.

 

Is the query not inserting? is it throwing errors? When you echo the query before insertion, what is the result?