Page 1 of 1

INSERT INTO

Posted: Tue Aug 25, 2009 3:41 am
by ShaunFL
I've been staring at this for a few hours now and I can't seem to figure out what the problem is. Usually I manage to figure out some stupid mistake I've made but this one has me stumped.

Please excuse the bad code:

Code: Select all

mysql_query("INSERT INTO invoice_child (interest, parent, item, unitprice, qty, author) VALUES ('". $_POST['vat'.$i.''] ."', '". $_POST['invoiceid'] ."', '". $_POST['item'.$i.''] ."', '". $_POST['unitprice'.$i.''] ."', '". $_POST['qty'.$i.''] ."', '". $_POST['author'] ."')")or die(mysql_error()); }
Essentially I'm creating an entry in the database for each item of an invoice.

At the moment everything is working except the 'interest'. Nothing gets inserted into that field but there's no error. At first I thought maybe the $_POST wasn't sending but by changing it to a string I've realised that's not getting inserted either.

Thanks in advance :)

Re: INSERT INTO

Posted: Tue Aug 25, 2009 3:44 am
by Eran
how do you know there's no error? did you run mysql_error() afterwards?

Re: INSERT INTO

Posted: Tue Aug 25, 2009 6:14 am
by susrisha
@pyrtin
there is a die statement if the query doesnt execute.
@ShaunFL
Try printing the query statement each time you are querying. My wild guesses
1. Either the sql data type is different (might be string)
2. the post data is not showing up properly

Re: INSERT INTO

Posted: Tue Aug 25, 2009 6:20 am
by jackpf
You're vulnerable to SQL injection as well.