insert variable into database

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
bradleyd
Forum Newbie
Posts: 16
Joined: Mon Apr 30, 2007 1:12 pm

insert variable into database

Post by bradleyd »

I am back again.
I am trying to alter an existing php page. I have added another form to the page. The new form searches the database based upon user criteria typed into text box. The second button basically runs a INSERT statement. Everything is working except I can not add new Fields and Values to insert statement. This is what it looks like before :

Code: Select all

$query = "INSERT INTO data (status, category, owner, realname, created, description, department, comment, default_rights, publishable) VALUES(0, '" . addslashes($_REQUEST['category']) . "', '" . addslashes($_SESSION['uid']) . "', '" . addslashes($_FILES['file']['name']) . "', NOW(), '" . addslashes($_REQUEST['description']) . "','" . addslashes($current_user_dept) . "', '" . addslashes($_REQUEST['comment']) . "','" . addslashes($_REQUEST['default_Setting']) . "', $lpublishable )";
	$result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
This is what it looks like after I add one filed to it:

Code: Select all

$query = "INSERT INTO data (status, category, owner, realname, created, description, department, comment, default_rights, publishable,TAXROLL_PIN) VALUES(0, '" . addslashes($_REQUEST['category']) . "', '" . addslashes($_SESSION['uid']) . "', '" . addslashes($_FILES['file']['name']) . "', NOW(), '" . addslashes($_REQUEST['description']) . "','" . addslashes($current_user_dept) . "', '" . addslashes($_REQUEST['comment']) . "','" . addslashes($_REQUEST['default_Setting']) . "', $lpublishable,'$parcel' )";
    $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
If I put echo $parcel; before the query statement nothing happens. If I put echo $parcel or any other of the text boxes near the top of the page I get back the current value of that text box.
I am stumped.
Thanks in advance.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I can only guess that $parcel doesn't exist at that point.
bradleyd
Forum Newbie
Posts: 16
Joined: Mon Apr 30, 2007 1:12 pm

Post by bradleyd »

I would agree, but it is being populated at the top of page.

Code: Select all

<form  name="new" method="post" action="add2.php">
      
  <table width=37% >
    <tr> 
      <td width="15%"><font size="2" face="Geneva, Arial, Helvetica, sans-serif"><strong>Find 
        It: </strong></font></td>
      <td width="26%">&nbsp;</td>
      <TD width="42%"><input type="text" name="search" ></TD>
      <TD width="17%"><input name="submit2" type="submit" value="Submit"></TD>
    </tr>
  </table>
</form>
<table width="37%" border="0">
  <tr>
    <td><label>Parcel </label></td>
    <td><input name='parcel' value= "<?php echo($parcel)?>"  type="text" ></td>
  </tr>
  <tr>
This is what I am using to populate the text boxes with:

Code: Select all

$search = false;
			if (!empty($_POST['search']))  {
			    
			    $search = $_POST['search']; 
				}
                         validate("$search","$msg"); //function 	
			 numbers_only("$search","$msg");	
			if (!isset($_POST['submitted'])) {
			if ($search) {	
			    $query = "SELECT * FROM TAXPM INNER JOIN ADDR ON TAXPM.TAXROLL_PIN=ADDR.ADDR_PIN  WHERE TAXROLL_PIN= '$search'";
                            $result= mysql_query ($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
	                        while ($r = mysql_fetch_assoc($result)) { // Begin while
			
	                                $parcel = $r["TAXROLL_PIN"];
					$last = $r["OWN_LNAME"];
					$first = $r["OWN_FNAME1"];
					$first1 = $r["OWN_FNAME2"];
					$addr = $r["ADDR_STNUMF"];
					$addr1 = $r["ADDR_STNAME"];
					$addr2 = $r["ADDR_STDIR"];
					$addr3 = $r["ADDR_CITY"];
					$addr4 = $r["ADDR_ZIP"];
        		        }// end while
				echo $parcel;
				echo $last;
     }//end if result
     
	}
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$parcel will only be set under very specific circumstances. Do some debugging to find where $parcel loses it's way.
bradleyd
Forum Newbie
Posts: 16
Joined: Mon Apr 30, 2007 1:12 pm

Post by bradleyd »

ok $parcel loses it's way after the old form and html. there is an else statement looks like this.

Code: Select all

<?php //loses variables from new form i.e. $parcel
draw_footer();

}
else //submited form
{
Is there anyway to make the $parcel variable global(or whatever it is called in web programming).
Do not know if this has anything to do with it but after that else { lies the INSERT that I am trying to add $parcel for value.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Simply set $parcel to whatever it may need to be.
bradleyd
Forum Newbie
Posts: 16
Joined: Mon Apr 30, 2007 1:12 pm

Post by bradleyd »

alright I tried on my own before posting, I cant figure out how to set $parcel in the correct position so that it is recognized in the INSERT statement.
Sorry if this self explanatory, I may be an idiot:)
Thanks again.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You don't need to do anything special, just set it in the else to whatever it must be.
bradleyd
Forum Newbie
Posts: 16
Joined: Mon Apr 30, 2007 1:12 pm

Post by bradleyd »

ok I added

Code: Select all

$parcel = $_REQUEST['parcel'];
after else., but still no luck.(do you have a paypal account:))
I feel like an idiot, I just cant get it.
thanks again for all your help.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$parcel in your previous snippet was set via a database query. While there is an <input> in the HTML you posted that would set a parcel it is not apart of a <form> so it would not be submitted.
bradleyd
Forum Newbie
Posts: 16
Joined: Mon Apr 30, 2007 1:12 pm

Post by bradleyd »

that was it, I moved the text boxes that were being populated inside the old form and now they are callable from within the INSERT statement. Thanks for all your help.
Take care.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

By the way, change your calls to addslashes() for calls to mysql_real_escape_string(). addslashes() won't protect your from attacks.
bradleyd
Forum Newbie
Posts: 16
Joined: Mon Apr 30, 2007 1:12 pm

Post by bradleyd »

ok, thanks again.
Post Reply