insert into dont get id variable!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rwahdan
Forum Newbie
Posts: 23
Joined: Thu Feb 12, 2009 1:49 am

insert into dont get id variable!

Post by rwahdan »

Dear All,

i am new to php and need help! i made a form to collect data then pass it to php page. the line in bold is not returning anything and i dont know why! i am trying to get id corresponding to category that was selected on the form but i get nothing and dont have errors!

<?

$host="xxx";
$db_name="yyy";
$username="yyy";
$password="xyz";
$tbl_name2="test_table";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$thecategory=$_POST['thecategory'];
$inventoryname=$_POST['inventoryname'];
$thepicture=$_POST['thepicture'];

$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");

echo $results[inventorytypeid];

$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture)
VALUES('$inventoryname',,'$thepicture')";
$result=mysql_query($sql2);

mysql_close();
?>
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: insert into dont get id variable!

Post by mattpointblank »

That's because $results isn't assigned to anything usable yet. Do something like:

Code: Select all

 
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];
 
rwahdan
Forum Newbie
Posts: 23
Joined: Thu Feb 12, 2009 1:49 am

Re: insert into dont get id variable!

Post by rwahdan »

mattpointblank wrote:That's because $results isn't assigned to anything usable yet. Do something like:

Code: Select all

 
$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];
 

Thanks for the quick answer. i tried your suggestion but i get this error now:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/islam4everyone1429.net/thetest2.php on line 17

line 17:

$row = mysql_fetch_array($results);
nmreddy
Forum Commoner
Posts: 25
Joined: Wed Feb 18, 2009 5:36 am

Re: insert into dont get id variable!

Post by nmreddy »

$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];


i think u missed the 's' in result for $row

$row = mysql_fetch_array($results);

try above ..

if your query will give more than a single row then you have to use for loop
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: insert into dont get id variable!

Post by mattpointblank »

Oops, yeah, missed the s. I normally call it $result, force of habit.
rwahdan
Forum Newbie
Posts: 23
Joined: Thu Feb 12, 2009 1:49 am

Re: insert into dont get id variable!

Post by rwahdan »

nmreddy wrote:$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory");
$row = mysql_fetch_array($result);
echo $row['inventorytypeid'];


i think u missed the 's' in result for $row

$row = mysql_fetch_array($results);

try above ..

if your query will give more than a single row then you have to use for loop
actually i saw that so its not the problem. also for the id, there is only one id for each category!

i will post the whole thing here: see attachment.
Attachments
php.rar
form
(1.15 KiB) Downloaded 21 times
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: insert into dont get id variable!

Post by mattpointblank »

Maybe your query has an error, try:

$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory") or die(mysql_error());
nmreddy
Forum Commoner
Posts: 25
Joined: Wed Feb 18, 2009 5:36 am

Re: insert into dont get id variable!

Post by nmreddy »

use the below

$query = "SELECT inventorytypeid from inventorytypes where thecategory = " .$thecategory;
$results= mysql_query($query);

try above


if the type of the column thecategory in the table defined as varchar then you have to use { ' } for $thecategory
rwahdan
Forum Newbie
Posts: 23
Joined: Thu Feb 12, 2009 1:49 am

Re: insert into dont get id variable!

Post by rwahdan »

mattpointblank wrote:Maybe your query has an error, try:

$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory=$thecategory") or die(mysql_error());

ok i found where the error was! we have to add '' to the select statement

where thecategory='$thecategory'")

now: how to add the variable to the insert into?


$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname',????,'$thepicture')";
$result=mysql_query($sql2);

mysql_close();
?>
nmreddy
Forum Commoner
Posts: 25
Joined: Wed Feb 18, 2009 5:36 am

Re: insert into dont get id variable!

Post by nmreddy »

$newid = $row['inventorytypeid'];

$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname',????,'$thepicture')";
$result=mysql_query($sql2);


it is based on data type for columns

use {'} for varchar data type

do not use {'} for int data type

$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname',$newid ,'$thepicture')";

$result=mysql_query($sql2);
User avatar
susrisha
Forum Contributor
Posts: 439
Joined: Thu Aug 07, 2008 11:43 pm
Location: Hyderabad India

Re: insert into dont get id variable!

Post by susrisha »

Code: Select all

 
$inventorytypeid = $row['inventorytypeid'];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname','$inventorytypeid','$thepicture')";
 
but trust me i am sure this wont work coz you didnt give the sql connection handler in the mysql_query
rwahdan
Forum Newbie
Posts: 23
Joined: Thu Feb 12, 2009 1:49 am

Re: insert into dont get id variable!

Post by rwahdan »

susrisha wrote:

Code: Select all

 
$inventorytypeid = $row['inventorytypeid'];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname','$inventorytypeid','$thepicture')";
 
but trust me i am sure this wont work coz you didnt give the sql connection handler in the mysql_query

Thank you all, its all working now. all what was left is to assign a variable to the raw then call it :)

$results= mysql_query("SELECT inventorytypeid from inventorytypes where thecategory='$thecategory'") or die(mysql_error());
$row = mysql_fetch_array($results);
echo $row['inventorytypeid'];
$thenum = $row['inventorytypeid'];
$sql2="INSERT INTO $tbl_name2 (inventoryname,inventorytypeid,thepicture) VALUES ('$inventoryname',$thenum,'$thepicture')";
$result=mysql_query($sql2);

mysql_close();
NOmeR1
Forum Newbie
Posts: 8
Joined: Sat Feb 14, 2009 8:32 am

Re: insert into dont get id variable!

Post by NOmeR1 »

You have an very bad vulnerability in your code - sql-injection
What type of "thecategory" in your sql?
if it is integer I advise you to set type integer to $thecategory

Code: Select all

$thecategory = (int) $_POST['thecategory'];
if it is string then use some functions to shield (mysql_real_escape_string, addslashes...)

Code: Select all

$thecategory = mysql_real_escape_string($_POST['thecategory']);
Post Reply