Page 1 of 1

What the heck am I doing wrong here?

Posted: Tue Mar 11, 2008 10:30 am
by seodevhead
This is so weird. I don't get why this ain't working... but I'm sure one of you will make me feel like the stupidest person in the whole wide world:

Code: Select all

$_POST['item_id_1'] = '9889AA';
$_POST['item_name_1'] = 'steaks';
 
$i = 1;
 
$clean['message_id'] = 1234;
$clean['item_name_' . $i] = escape_data($_POST['item_name_' . $i]);
$clean['item_id_' . $i] = escape_data($_POST['item_id_' . $i]);
 
$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_".$i."']}', {$clean['item_id_".$i."']})";
To show you what is going wrong... if I do this:

Code: Select all

echo $query;
I get this...

INSERT INTO ins_system (message_id, item_name, item_id) VALUES (5, '', )

Any help is greatly appreciated. :banghead:

Re: What the heck am I doing wrong here?

Posted: Tue Mar 11, 2008 10:40 am
by anjanesh

Code: Select all

$i = 1;
 
$clean['message_id'] = 1234;
$clean['item_name_' . $i] = escape_data($_POST['item_name_' . $i]);
$clean['item_id_' . $i] = escape_data($_POST['item_id_' . $i]);
 
$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES (
          {$clean['message_id']},
          '".$clean["item_name_$i"]."',
          ".$clean["item_id_$i"]."
          )";

Re: What the heck am I doing wrong here?

Posted: Tue Mar 11, 2008 10:40 am
by anto91
The way you code is totaly worthless and not good at all clearyfying it makes it easier.

Code: Select all

 
 $query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_".$i."']}', {$clean['item_id_".$i."']})";
 
To

Code: Select all

 
// I also added a few tings to make it more secure.
$query = '
    INSERT INTO ins_system 
        (
            message_id,
            item_name,
            item_id
        ) VALUES (
            '.(int)$clean['message_id'].',
            '.mysql_real_escape_string($clean['item_name_".$i."']).',
            '.(int) $clean['item_id_".$i."'].
        ')
';

Re: What the heck am I doing wrong here?

Posted: Tue Mar 11, 2008 11:17 am
by seodevhead
Thank you so much guys... I don't know why I didn't even think to just concatenate the whole variable, and not just part of the identifier. Thanks a ton! It works now.

Re: What the heck am I doing wrong here?

Posted: Tue Mar 11, 2008 11:21 am
by Zoxive
seodevhead wrote:

Code: Select all

$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_".$i."']}', {$clean['item_id_".$i."']})";
If I have my head on correct this morning, you should be able to do...

Code: Select all

$query = "INSERT INTO ins_system (message_id, item_name, item_id) VALUES ({$clean['message_id']}, '{$clean['item_name_' . $i]}', {$clean['item_id_' . $i]})";
I'm not recommending it though.