1

code:

<?php
if(isset($_POST['add_new']))
{
    $name = $_POST['name'];
    $email = $_POST['email'];
    $phone = $_POST['phone'];
    $field = $_POST['field'];
    $message = $_POST['message'];

    $comment1 =array($_POST['comment1'],$s_date);

    $comment2 = $_POST['comment2'];
    $status = $_POST['status'];
    $s_date = date('Y-m-d');
    $interested_in = $_POST['interested_in'];
    $academic_details = $_POST['academic_details'];
    $city = $_POST['city'];

    $sql = "insert into enquires2(name,email,phone,field,message,comment1,comment2,status,s_date,interested_in,academic_details,city,admin_idd)values('$name','$email','$phone','$field','$message','$comment1','$comment2','$status','$s_date','$interested_in','$academic_details','$city','$admin_id')";
    $result = mysqli_query($link,$sql);
    if($result == true)
    {
      $msg .= "<p style='color:green;'>You are successfully add new enquiry</p>";
    }
    else
    {
      $msg .= "<p style='color:red;'>Error!</p>";
    }
}
?>

In this code I want to pass two value in single variable i.e.

$comment1 = array($_POST['comment1'],$s_date);

which show (array) when I print query ($sql). How can I pass two value into single variable ? please help me.

Ahmed Ashour
  • 4,209
  • 10
  • 29
  • 46
kevin
  • 224
  • 1
  • 12
  • 2
    Your script is at risk of [SQL Injection Attack](https://stackoverflow.com/q/60174/5914775). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Even [if you are escaping inputs, its not safe!](https://stackoverflow.com/q/36628418/5914775). Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. – Tom Udding May 08 '17 at 10:29
  • `$comment1 = $_POST['comment1']."-".$s_date;` – Maninderpreet Singh May 08 '17 at 10:29
  • 1
    `roses are red'); DROP TABLE enquires2; Learn to sanitise, Your inputs next time`. Sorry, just to add some flavour to this post. Concatenating those strings is the latest of the problems of your current script. – briosheje May 08 '17 at 10:35

3 Answers3

1

Another option if you don't want to concatenate , use serialize function make an associative array and serialize it and store to db

for example :

$comment1 =serialize(array("comment"=>$_POST['comment1'],"date"=>$s_date));

and when you get form db ,just use 

$data = unserialize($yourDataFromDb);

and you get your values like

$data["comment"] // Your comment
$data["date"] // your date
Maninderpreet Singh
  • 2,450
  • 2
  • 15
  • 29
0

Simply use concatenation

$comment1 = $_POST['comment1'] . $s_date;

But if you want to parse later and keep sepration between comment and date you can use any format like

$comment1 = $_POST['comment1'] . "--date--" . $s_date;

Later you can simply use print_r (explode("--date--",$str)); Something like multivalue field.

bawa g
  • 3,724
  • 4
  • 26
  • 38
  • What OP is asking to do is actually pointless and unnecessary IMO - see my answer below, the date is already recorded in the table. It's also brittle - if the user happens to write something in the comments with your `--date--` joining phrase (don't know why they would, but they _could_), then you'll have problems splitting the string out again. – ADyson May 09 '17 at 11:09
-1

You already record the value of $s_date in a separate "date" field, so there's no need to record it again within the comment field.

If you want to combine them for display or reporting purposes later on, then you can easily do that in the object or UI layer using simple string concatenation. I would advise you not to do this when storing the data as you're attempting - otherwise you're just duplicating the same value twice in the row for no obvious reason, as well as making it more difficult to separate what the user actually wrote from the date you inserted into it.

ADyson
  • 44,946
  • 12
  • 41
  • 55
  • (don't know why they would, but they could) so you are assuming lot of things yourself. storing multivalue fields is common practice and it totally depends upon your choice that whether you want to normalize or not. – bawa g May 09 '17 at 12:06
  • @owaishanif786 Ask most DBAs and they'd tell you that normalising the data is essential rather than a matter of opinion. A lot of developers would, as well. But in this example, the data _is already normalised_ because the date is already stored. Therefore storing it _again_ has no purpose. Using the UI layer to control when to display it (and whether to combine it with the comment in any given view) is more flexible as well as being more normalisec. The DRY principle applies neatly to this. But you are of course entitled to your own view of the situation :-) – ADyson May 09 '17 at 12:29
  • @owaishanif786 as for "(don't know why they would, but they could)", that's not an assumption, it's simply a statement of the fact of this possibility. I'm not assuming the user _will_ do it, but I'm simply opting for 100% reliability by realising that it is possible. OTOH your code implicitly assumes that they won't. It's _unlikely_ but not _impossible_. If you give enough monkeys typerwriters, one of them will eventually write Shakespeare. I've worked with end users long enough to know that someone will always surprise you. The easiest thing to do is write code that isn't vulnerable to that. – ADyson May 09 '17 at 12:31