Page 1 of 1

insert variable into database

Posted: Tue May 01, 2007 2:55 pm
by bradleyd
I am back again.
I am trying to alter an existing php page. I have added another form to the page. The new form searches the database based upon user criteria typed into text box. The second button basically runs a INSERT statement. Everything is working except I can not add new Fields and Values to insert statement. This is what it looks like before :

Code: Select all

$query = "INSERT INTO data (status, category, owner, realname, created, description, department, comment, default_rights, publishable) VALUES(0, '" . addslashes($_REQUEST['category']) . "', '" . addslashes($_SESSION['uid']) . "', '" . addslashes($_FILES['file']['name']) . "', NOW(), '" . addslashes($_REQUEST['description']) . "','" . addslashes($current_user_dept) . "', '" . addslashes($_REQUEST['comment']) . "','" . addslashes($_REQUEST['default_Setting']) . "', $lpublishable )";
	$result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
This is what it looks like after I add one filed to it:

Code: Select all

$query = "INSERT INTO data (status, category, owner, realname, created, description, department, comment, default_rights, publishable,TAXROLL_PIN) VALUES(0, '" . addslashes($_REQUEST['category']) . "', '" . addslashes($_SESSION['uid']) . "', '" . addslashes($_FILES['file']['name']) . "', NOW(), '" . addslashes($_REQUEST['description']) . "','" . addslashes($current_user_dept) . "', '" . addslashes($_REQUEST['comment']) . "','" . addslashes($_REQUEST['default_Setting']) . "', $lpublishable,'$parcel' )";
    $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
If I put echo $parcel; before the query statement nothing happens. If I put echo $parcel or any other of the text boxes near the top of the page I get back the current value of that text box.
I am stumped.
Thanks in advance.

Posted: Tue May 01, 2007 3:12 pm
by feyd
I can only guess that $parcel doesn't exist at that point.

Posted: Tue May 01, 2007 3:35 pm
by bradleyd
I would agree, but it is being populated at the top of page.

Code: Select all

<form  name="new" method="post" action="add2.php">
      
  <table width=37% >
    <tr> 
      <td width="15%"><font size="2" face="Geneva, Arial, Helvetica, sans-serif"><strong>Find 
        It: </strong></font></td>
      <td width="26%">&nbsp;</td>
      <TD width="42%"><input type="text" name="search" ></TD>
      <TD width="17%"><input name="submit2" type="submit" value="Submit"></TD>
    </tr>
  </table>
</form>
<table width="37%" border="0">
  <tr>
    <td><label>Parcel </label></td>
    <td><input name='parcel' value= "<?php echo($parcel)?>"  type="text" ></td>
  </tr>
  <tr>
This is what I am using to populate the text boxes with:

Code: Select all

$search = false;
			if (!empty($_POST['search']))  {
			    
			    $search = $_POST['search']; 
				}
                         validate("$search","$msg"); //function 	
			 numbers_only("$search","$msg");	
			if (!isset($_POST['submitted'])) {
			if ($search) {	
			    $query = "SELECT * FROM TAXPM INNER JOIN ADDR ON TAXPM.TAXROLL_PIN=ADDR.ADDR_PIN  WHERE TAXROLL_PIN= '$search'";
                            $result= mysql_query ($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
	                        while ($r = mysql_fetch_assoc($result)) { // Begin while
			
	                                $parcel = $r["TAXROLL_PIN"];
					$last = $r["OWN_LNAME"];
					$first = $r["OWN_FNAME1"];
					$first1 = $r["OWN_FNAME2"];
					$addr = $r["ADDR_STNUMF"];
					$addr1 = $r["ADDR_STNAME"];
					$addr2 = $r["ADDR_STDIR"];
					$addr3 = $r["ADDR_CITY"];
					$addr4 = $r["ADDR_ZIP"];
        		        }// end while
				echo $parcel;
				echo $last;
     }//end if result
     
	}

Posted: Tue May 01, 2007 7:48 pm
by feyd
$parcel will only be set under very specific circumstances. Do some debugging to find where $parcel loses it's way.

Posted: Wed May 02, 2007 9:06 am
by bradleyd
ok $parcel loses it's way after the old form and html. there is an else statement looks like this.

Code: Select all

<?php //loses variables from new form i.e. $parcel
draw_footer();

}
else //submited form
{
Is there anyway to make the $parcel variable global(or whatever it is called in web programming).
Do not know if this has anything to do with it but after that else { lies the INSERT that I am trying to add $parcel for value.

Posted: Wed May 02, 2007 9:18 am
by feyd
Simply set $parcel to whatever it may need to be.

Posted: Wed May 02, 2007 10:08 am
by bradleyd
alright I tried on my own before posting, I cant figure out how to set $parcel in the correct position so that it is recognized in the INSERT statement.
Sorry if this self explanatory, I may be an idiot:)
Thanks again.

Posted: Wed May 02, 2007 10:43 am
by feyd
You don't need to do anything special, just set it in the else to whatever it must be.

Posted: Wed May 02, 2007 11:06 am
by bradleyd
ok I added

Code: Select all

$parcel = $_REQUEST['parcel'];
after else., but still no luck.(do you have a paypal account:))
I feel like an idiot, I just cant get it.
thanks again for all your help.

Posted: Wed May 02, 2007 11:11 am
by feyd
$parcel in your previous snippet was set via a database query. While there is an <input> in the HTML you posted that would set a parcel it is not apart of a <form> so it would not be submitted.

Posted: Thu May 03, 2007 7:08 am
by bradleyd
that was it, I moved the text boxes that were being populated inside the old form and now they are callable from within the INSERT statement. Thanks for all your help.
Take care.

Posted: Thu May 03, 2007 8:01 am
by Chris Corbyn
By the way, change your calls to addslashes() for calls to mysql_real_escape_string(). addslashes() won't protect your from attacks.

Posted: Thu May 03, 2007 10:30 am
by bradleyd
ok, thanks again.