PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
rwahdan
Forum Newbie
Posts: 23 Joined: Thu Feb 12, 2009 1:49 am
Post
by rwahdan » Wed Feb 18, 2009 5:17 am
Dear All,
i am new to php and need help! i made a form to collect data then pass it to php page. the line in bold is not returning anything and i dont know why! i am trying to get id corresponding to category that was selected on the form but i get nothing and dont have errors!
<?
$host="xxx";
$db_name="yyy";
$username="yyy";
$password="xyz";
$tbl_name2="test_table";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$thecategory=$_POST['thecategory'];
$inventoryname=$_POST['inventoryname'];
$thepicture=$_POST['thepicture'];
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
echo $results[inventorytypeid];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid ,thepicture)
VALUES('$inventoryname',,'$thepicture')";
$result=mysql_query($sql2);
mysql_close();
?>
mattpointblank
Forum Contributor
Posts: 304 Joined: Tue Dec 23, 2008 6:29 am
Post
by mattpointblank » Wed Feb 18, 2009 5:26 am
That's because $results isn't assigned to anything usable yet. Do something like:
Code: Select all
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];
rwahdan
Forum Newbie
Posts: 23 Joined: Thu Feb 12, 2009 1:49 am
Post
by rwahdan » Wed Feb 18, 2009 5:34 am
mattpointblank wrote: That's because $results isn't assigned to anything usable yet. Do something like:
Code: Select all
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];
Thanks for the quick answer. i tried your suggestion but i get this error now:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/islam4everyone1429.net/thetest2.php on line 17
line 17:
$row = mysql_fetch_array($results);
nmreddy
Forum Commoner
Posts: 25 Joined: Wed Feb 18, 2009 5:36 am
Post
by nmreddy » Wed Feb 18, 2009 5:45 am
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];
i think u missed the 's' in result for $row
$row = mysql_fetch_array($results);
try above ..
if your query will give more than a single row then you have to use for loop
mattpointblank
Forum Contributor
Posts: 304 Joined: Tue Dec 23, 2008 6:29 am
Post
by mattpointblank » Wed Feb 18, 2009 5:48 am
Oops, yeah, missed the s. I normally call it $result, force of habit.
rwahdan
Forum Newbie
Posts: 23 Joined: Thu Feb 12, 2009 1:49 am
Post
by rwahdan » Wed Feb 18, 2009 5:52 am
nmreddy wrote: $results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];
i think u missed the 's' in result for $row
$row = mysql_fetch_array($results);
try above ..
if your query will give more than a single row then you have to use for loop
actually i saw that so its not the problem. also for the id, there is only one id for each category!
i will post the whole thing here: see attachment.
Attachments
php.rar
form (1.15 KiB) Downloaded 21 times
mattpointblank
Forum Contributor
Posts: 304 Joined: Tue Dec 23, 2008 6:29 am
Post
by mattpointblank » Wed Feb 18, 2009 5:56 am
Maybe your query has an error, try:
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory") or die(mysql_error());
nmreddy
Forum Commoner
Posts: 25 Joined: Wed Feb 18, 2009 5:36 am
Post
by nmreddy » Wed Feb 18, 2009 6:05 am
use the below
$query = "SELECT inventorytypeid from inventorytypes where thecategory = " .$thecategory;
$results= mysql_query($query);
try above
if the type of the column thecategory in the table defined as varchar then you have to use { ' } for $thecategory
rwahdan
Forum Newbie
Posts: 23 Joined: Thu Feb 12, 2009 1:49 am
Post
by rwahdan » Wed Feb 18, 2009 6:08 am
mattpointblank wrote: Maybe your query has an error, try:
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory") or die(mysql_error());
ok i found where the error was! we have to add '' to the select statement
where thecategory='$thecategory'")
now: how to add the variable to the insert into?
$sql2="INSERT INTO $tbl_name2 (inventoryname,
inventorytypeid ,thepicture) VALUES ('$inventoryname',
???? ,'$thepicture')";
$result=mysql_query($sql2);
mysql_close();
?>
nmreddy
Forum Commoner
Posts: 25 Joined: Wed Feb 18, 2009 5:36 am
Post
by nmreddy » Wed Feb 18, 2009 6:14 am
$newid = $row['inventorytypeid'];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname',????,'$thepicture')";
$result=mysql_query($sql2);
it is based on data type for columns
use {'} for varchar data type
do not use {'} for int data type
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname',$newid ,'$thepicture')";
$result=mysql_query($sql2);
susrisha
Forum Contributor
Posts: 439 Joined: Thu Aug 07, 2008 11:43 pm
Location: Hyderabad India
Post
by susrisha » Wed Feb 18, 2009 6:15 am
Code: Select all
$inventorytypeid = $row['inventorytypeid'];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname','$inventorytypeid','$thepicture')";
but trust me i am sure this wont work coz you didnt give the sql connection handler in the mysql_query
rwahdan
Forum Newbie
Posts: 23 Joined: Thu Feb 12, 2009 1:49 am
Post
by rwahdan » Wed Feb 18, 2009 6:17 am
susrisha wrote: Code: Select all
$inventorytypeid = $row['inventorytypeid'];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname','$inventorytypeid','$thepicture')";
but trust me i am sure this wont work coz you didnt give the sql connection handler in the mysql_query
Thank you all, its all working now. all what was left is to assign a variable to the raw then call it
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory='$thecategory'") or die(mysql_error());
$row = mysql_fetch_array($results);
echo $row['inventorytypeid'];
$thenum = $row['inventorytypeid'];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname',$thenum,'$thepicture')";
$result=mysql_query($sql2);
mysql_close();
NOmeR1
Forum Newbie
Posts: 8 Joined: Sat Feb 14, 2009 8:32 am
Post
by NOmeR1 » Wed Feb 18, 2009 6:23 am
You have an very bad vulnerability in your code - sql-injection
What type of "thecategory" in your sql?
if it is integer I advise you to set type integer to $thecategory
Code: Select all
$thecategory = (int) $_POST['thecategory'];
if it is string then use some functions to shield (mysql_real_escape_string, addslashes...)
Code: Select all
$thecategory = mysql_real_escape_string($_POST['thecategory']);