What the heck am I doing wrong here?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

What the heck am I doing wrong here?

Post by seodevhead »

This is so weird. I don't get why this ain't working... but I'm sure one of you will make me feel like the stupidest person in the whole wide world:

Code: Select all

$_POST['item_id_1'] = '9889AA';
$_POST['item_name_1'] = 'steaks';
 
$i = 1;
 
$clean['message_id'] = 1234;
$clean['item_name_' . $i] = escape_data($_POST['item_name_' . $i]);
$clean['item_id_' . $i] = escape_data($_POST['item_id_' . $i]);
 
$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_".$i."']}', {$clean['item_id_".$i."']})";
To show you what is going wrong... if I do this:

Code: Select all

echo $query;
I get this...

INSERT INTO ins_system (message_id, item_name, item_id) VALUES (5, '', )

Any help is greatly appreciated. :banghead:
User avatar
anjanesh
DevNet Resident
Posts: 1679
Joined: Sat Dec 06, 2003 9:52 pm
Location: Mumbai, India

Re: What the heck am I doing wrong here?

Post by anjanesh »

Code: Select all

$i = 1;
 
$clean['message_id'] = 1234;
$clean['item_name_' . $i] = escape_data($_POST['item_name_' . $i]);
$clean['item_id_' . $i] = escape_data($_POST['item_id_' . $i]);
 
$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES (
          {$clean['message_id']},
          '".$clean["item_name_$i"]."',
          ".$clean["item_id_$i"]."
          )";
anto91
Forum Commoner
Posts: 58
Joined: Mon Mar 10, 2008 10:59 am
Location: Sweden

Re: What the heck am I doing wrong here?

Post by anto91 »

The way you code is totaly worthless and not good at all clearyfying it makes it easier.

Code: Select all

 
 $query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_".$i."']}', {$clean['item_id_".$i."']})";
 
To

Code: Select all

 
// I also added a few tings to make it more secure.
$query = '
    INSERT INTO ins_system 
        (
            message_id,
            item_name,
            item_id
        ) VALUES (
            '.(int)$clean['message_id'].',
            '.mysql_real_escape_string($clean['item_name_".$i."']).',
            '.(int) $clean['item_id_".$i."'].
        ')
';
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Re: What the heck am I doing wrong here?

Post by seodevhead »

Thank you so much guys... I don't know why I didn't even think to just concatenate the whole variable, and not just part of the identifier. Thanks a ton! It works now.
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Re: What the heck am I doing wrong here?

Post by Zoxive »

seodevhead wrote:

Code: Select all

$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_".$i."']}', {$clean['item_id_".$i."']})";
If I have my head on correct this morning, you should be able to do...

Code: Select all

$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_' . $i]}', {$clean['item_id_' . $i]})";
I'm not recommending it though.
Post Reply