Difficulty posting array data

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

digdigdig
Forum Newbie
Posts: 20
Joined: Thu Jun 23, 2011 11:10 am
Location: South Florida

Re: Difficulty posting array data

Post by digdigdig »

Ok, this works. (Ya-hoo!)

However, I'm wondering if i need to add the escape sequence at the bottom after the last else statement as well?

Code: Select all

//inserting records
$Insert=sprintf("INSERT INTO formdata(FirstName, LastName, Email, Status, Date, Source)
VALUES
('FirstName','LastName','Email','Status','Date','Source')",
mysql_real_escape_string($_POST['FirstName']),
mysql_real_escape_string($_POST['LastName']),
mysql_real_escape_string($_POST['Email']),
mysql_real_escape_string($_POST['Status']),
mysql_real_escape_string($_POST['Date']),
mysql_real_escape_string($_POST['Source'])
);
 $error = 0;
if(isset($_POST['Status'])){
    if($_POST['Status'] == 'Other'){
        if(isset($_POST['Other']) && trim($_POST['Other']) != ''){
            $status = $_POST['Other'];
        } else {
            $error++;
            echo "Please fill out the 'Other' box.<br />";
        }
    } else {
        $status = $_POST['Status'];
    }
} else {
    $error++;
    echo "Please select a 'Status'.<br />";
}
if($error){
    echo "<br />There were $error error".($error>1?'s':'').".";
} else {
$Insert="INSERT INTO formdata(FirstName, LastName, Email, Status, Date, Source)
    VALUES
    ('".$_POST['FirstName']."','".$_POST['LastName']."','".$_POST['Email']."','".$status."',Now(),'".$_POST['Source']."')"; 
}  
if(!mysql_query($Insert,$dbc)){
	die('Error: '.mysql_error ());
	}

User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Difficulty posting array data

Post by pickle »

Absolutely everywhere. You should never make a query with unescaped $_POST elements.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
digdigdig
Forum Newbie
Posts: 20
Joined: Thu Jun 23, 2011 11:10 am
Location: South Florida

Re: Difficulty posting array data

Post by digdigdig »

Thanks! I'll add it to the end.

Have a great weekend......
Idri
Forum Newbie
Posts: 19
Joined: Sun May 29, 2011 9:21 am

Re: Difficulty posting array data

Post by Idri »

Just out of interest; Why are you preparing your query twice? You're preparing it both at the top and the bottom, though at the bottom you're overwriting the one from the top. Replace the current bottom one with the one you have at the top :)

Also, I don't know if you've tested it but the current way you're using sprintf will end up giving you hardcoded input (namely FirstName, LastName etc). An easy way to show you is by using printf (same as sprintf, but prints its value rather than returning it as a variable). Just copy-paste the following to see what I mean.

Code: Select all

printf("The cup is filled with water", "coffee");
// Result: The cup is filled with water
printf("The cup is filled with %s", "coffee");
// Result: The cup is filled with coffee 
As you can see, you can use %s as a temporary placeholder for a variable which you add later on.
(%s is a type specifier, there's more than just %s though, you can check up on them over at the manual (PHP.net - Sprintf), just search for type specifier)
If you're using more than 1 variable, the placeholders get their values in the order you place the variables.

Code: Select all

printf("The %s is filled with %s", "cup", "coffee");
// Result: The cup is filled with coffee
 
Post Reply