Page 1 of 1

Field in DB won't populate

Posted: Wed Aug 03, 2005 6:12 pm
by summitweb
Hello:

I'm running a small test query and I'm trying to populate a table. The table has three fields: item_code, price, qty.

When I run my script, price and qty are populated and item_code is not.

Can someone take a look and help me debug this problem?

This is the form which calls the PHP script:

Code: Select all

<form method="post" action="test.php">
<input type="hidden" name="item_code" value="VEB120">
<input type="hidden" name="price" value="76.00">
<input type="text" name="qty" size="15">
<input type="submit" name="submit" value="Add to Cart">
</form>
This is the PHP script:

Code: Select all

<?php

//connect to database
      $conn = mysql_connect('localhost', 'xx', 'xx') or die(mysql_error());

$db = mysql_select_db("xx") 
  or die(mysql_error());

      //add to product table
      $add_product = "insert into test1 values ('$_POST[item_code]', '$_POST[price]',
                     '$_POST[qty]')";

      mysql_query($add_product) or die(mysql_error());


?>
Also, this is my table structure:
item_code VARCHAR(25)
price INT
qty INT

Thank you for all your help.

Posted: Wed Aug 03, 2005 7:28 pm
by feyd
have you echo'd out the insert query string to make sure it looks right?

also, the table field for price being an INT, does not work too well with potential prices that may come in.. a FLOAT with at least 2 decimal places of precision would work well..

Re: Field in DB won't populate

Posted: Wed Aug 03, 2005 7:49 pm
by harrisonad
summitweb wrote: Also, this is my table structure:
item_code VARCHAR(25)
price INT
qty INT

Code: Select all

//add to product table
$add_product = "insert into test1 values ('$_POST[item_code]', '$_POST[price]','$_POST[qty]')";
Number fields ust not be enclosed inside quotes.
The query must be...

Code: Select all

//add to product table
$add_product = "insert into test1 values ('$_POST[item_code]', $_POST[price],$_POST[qty])";

Posted: Thu Aug 04, 2005 3:53 am
by summitweb
Hello:

Thanks for the reply. The price and qty are not the problem. The values are being inserted into the table.

The problem is with the item_code field. It comes into the table blank.

I don't know why.

Posted: Thu Aug 04, 2005 5:17 am
by timvw
http://www.php.net/string
http://www.php.net/array

Code: Select all

if (isset($_POST['item_code']) && isset($_POST['price']) && isset($_POST['qty'])
{
  $item_code = mysql_real_escape_string($_POST['item_code']); 
  $price = mysql_real_escape_string($_POST['price']);
  $qty = mysql_real_escape_string($_POST['qty']);

  $query = "INSERT INTO test1 (item_code, price, qty) VALUES ('$item_code', '$price', '$qty')";
}

As you see, it becomes a bit much to write all the conditions and calls to mysql_real_escape_string, so you might consider using an array with the variables you want from $_POST and use a loop to retrieve and test them.

The code doesn't test if the input is valid, for example $_POST['price'] should equal strval(intval($_POST['qty']));

(I always use quotes around values, although they aren't required, it can be useful in case you forget to check that the value is really an integer..)