HTMl to PHP to MySQL problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
travelpics
Forum Newbie
Posts: 4
Joined: Sun Sep 06, 2009 2:49 pm
Location: Spain

HTMl to PHP to MySQL problem

Post by travelpics »

Can someone please help. I am a PHP / MySQL newbie trying to develop a free ads site for my local community. After going round in circles for three weeks I decided to ask for help. First I created a MySQL database and defined a table with seven columns (seven variables). This works fine. Then I created an HTML form to collect values for six of these variables. This works fine. The HTML form posts (method post) the data to a PHP page (insert.php) which inserts the data into the table. This works fine. Then I created a PHP page to read all the ads. This works fine.

The fun started when I tried to make use of the seventh variable. This is not input by the user. Rather it is an integer created automatically called “whenadposted”. I have written a PHP version and a JavaScript version. Both codes work fine and print the correct values for “whenadposted” to the screen. What I can’t seem to do is send the value of this variable to the seventh column of the table. I don’t think it’s a syntax problem but a logic problem. I have tried calculating “whenadposted” using JavaScript in the HTML form, and posting it using input TYPE="hidden" but to do this I have to go out of JavaScript so HTML has no knowledge of the variable. Maybe I can export this value to HTML somehow?

I have also tried calculating “whenadposted” using PHP in the insert.php page, then sending it to the table with all the others.

$sql="INSERT INTO allads (FirstName, LastName , category, AdText, URL, emailtoapearinad, whenadposted)
VALUES
('$_POST[FirstName]','$_POST[LastName]','$_POST[category]','$_POST[AdText]','$_POST[URL]','$_POST[emailtoapearinad]','$_POST[whenadposted]')";

Either way, when I run the ReadAllAds.php page it returns zero for this variable.

Can someone please suggest where I may be going wrong.Thanks.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: HTMl to PHP to MySQL problem

Post by jackpf »

I don't understand, you're inserting 6 values into 7 columns...
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: HTMl to PHP to MySQL problem

Post by Darhazer »

What is the datatype of the whenadposted column in the database?
How you are trying to calculate it in PHP?
travelpics
Forum Newbie
Posts: 4
Joined: Sun Sep 06, 2009 2:49 pm
Location: Spain

Re: HTMl to PHP to MySQL problem

Post by travelpics »

jackpf wrote:I don't understand, you're inserting 6 values into 7 columns...
The HTML form posts values to the first 6 columns. Then I am trying to post an additional value, not entered by the user, into the seventh (INT) column.
travelpics
Forum Newbie
Posts: 4
Joined: Sun Sep 06, 2009 2:49 pm
Location: Spain

Re: HTMl to PHP to MySQL problem

Post by travelpics »

Darhazer wrote:What is the datatype of the whenadposted column in the database?
How you are trying to calculate it in PHP?
The datatype is INT. My PHP code to calculate this value (which works fine) is:

$yearseconds = date("y") * 31556926;
$monthseconds = date("y") * 2629744;
$dayseconds = date("y") * 86400;
$hourseconds = date("h") * 3600;
$minseconds = date("i") * 60;
$seconds = date("s");
$whenadposted = $yearseconds + $monthseconds + $dayseconds + $hourseconds + $minseconds + $seconds;
?>
jvandread
Forum Newbie
Posts: 3
Joined: Sun Sep 06, 2009 8:53 am

Re: HTMl to PHP to MySQL problem

Post by jvandread »

Try removing the $_post in $_post[whenadposted] and replace with $whenadposted in the sql.
travelpics
Forum Newbie
Posts: 4
Joined: Sun Sep 06, 2009 2:49 pm
Location: Spain

Re: HTMl to PHP to MySQL problem

Post by travelpics »

jvandread wrote:Try removing the $_post in $_post[whenadposted] and replace with $whenadposted in the sql.

Hi jvandread,

Thanks for the idea but unfortunately no good. whenadposted still returns zero.

The code is:

// Execute query
mysql_query($sql,$conn);


$yearseconds = date("y") * 31556926;
$monthseconds = date("y") * 2629744;
$dayseconds = date("y") * 86400;
$hourseconds = date("h") * 3600;
$minseconds = date("i") * 60;
$whenposted = $yearseconds + $monthseconds + $dayseconds + $hourseconds + $minseconds;


$sql="INSERT INTO allads (FirstName, LastName , category, AdText, URL, emailtoapearinad, whenadposted)
VALUES
('$_POST[FirstName]','$_POST[LastName]','$_POST[category]','$_POST[AdText]','$_POST[URL]','$_POST[emailtoapearinad]','$_POST[whenadposted]')";

if (!mysql_query($sql,$conn))
{
die('Error: ' . mysql_error());
}
echo "Your advertisement has been added - ";
echo $whenadposted;
echo "<br />";

mysql_close($conn)
?>

The "echo $whenadposted;" bit returns the correct value to the screen but it is still not being posted to the table.
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: HTMl to PHP to MySQL problem

Post by Mirge »

In addition, never ever directly use user input in SQL. As it stands right now, you've left yourself wide open to SQL injection.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: HTMl to PHP to MySQL problem

Post by Jonah Bron »

Code: Select all

// Execute query
mysql_query($sql,$conn);
 
/* 
$yearseconds = date("y") * 31556926;
$monthseconds = date("y") * 2629744;
$dayseconds = date("y") * 86400;
$hourseconds = date("h") * 3600;
$minseconds = date("i") * 60;
$whenposted = $yearseconds + $monthseconds + $dayseconds + $hourseconds + $minseconds;
*/
// you don't need to use all of that.  Just use time()
$whenposted = time();
// Or, if you want a more readable date, use
$whenposted = date('M d, Y');
 
 
$sql="INSERT INTO allads (FirstName, LastName , category, AdText, URL, emailtoapearinad, whenadposted)
VALUES ('". mysql_real_escape_string($_POST['FirstName']) ."','". mysql_real_escape_string($_POST['LastName']) ."','". mysql_real_escape_string($_POST['category']) ."','". mysql_real_escape_string($_POST['AdText']). "','". mysql_real_escape_string($_POST['URL']) ."','". mysql_real_escape_string($_POST['emailtoapearinad']) ."','". $whenadposted ."')";
 
if (!mysql_query($sql,$conn))
{
die('Error: ' . mysql_error());
}
echo "Your advertisement has been added - ";
echo $whenadposted;
echo "<br />";
 
mysql_close($conn);
From my assessment, you should do as jvandread said and replace $_POST['whenadposted'] with $whenadposted. It is not a post entry, it is the variable you calculated above. Also, Mirge is correct: you need to protect yourself from SQL injection. Your modified code above now provides for that I believe.

Hope it works.
Post Reply