Insert Query for a PHP form

Question

I am using PHP and MySQL and I have run into a small problem. I have tried to research and figure out what to do, however, I just can't figure it out. I would appreciate any help. Here is my problem...

I have 3 SQL tables:

Customers
    cID (primaryKey)
    email
    name
    password
    ...etc.

Products
    pID (primaryKey)
    Pname
    Ptype

CustomerRequests
    requestID(primarykey)
    cID (foreign key references customer table)
    pID (foreign key references products table)
    quantityRequested

I have an HTML form that I am processing with PHP. This is like the request form, so the user logs in and fills in the request form. The fields on this form are like:

selecting product name, selecting quantity etc. This is done for e.g. $quantity=$_POST['quantity']... so basically the form data is stored inside the variables.

Now, here is the part that I'm stuck on. How do I carry out a SQL INSERT query so that the database knows what the cID and pID are? I.e. What the foreign key values are?

For example:

$insert = mysql_query(INSERT INTO CustomerRequests VALUES ('THIS WOULD BE BLANK AS ITS AUTOINCREMENTED PROMARY KEY FOR REQUEST ID','HOW WOULD I GET THE cID AUTOMATICALLY HERE','HOW WOULD I GET THE pID HERE','".$quantity."'))

The query stores the user input into the database using an INSERT query. However, since the customerID and productID are foreign keys in a different table how do i write the PHP query?

Thanks for the help and please get back to me if you need further information.

Answer 1

"Johnny, if you're using Dreamweaver, your insert statements needs to look like this:if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "insertForm")) { $insertSQL = sprintf(INTO CustomerRequests (productName, qty, cID) values (%s, %s, %s)" etc.

Then submit your information using a form with hidden fields, such as: <form name="insertForm" type="post" action="placeOrder.php"> <input type="hidden" type="text" id="qty" value="<php? echo $row_Recordset1['qty']; ?>" /> <input type="hidden" type="text" name="productName" value="<php? echo $row_Recordset1['productName']; ?>" /> <input type="hidden" type="text" name="cID" value="<php? echo $cID; ?>"/> <input type="hidden" name="MM_insert" value="insertForm" /> <input type="submit" name="send" id="Submit" value="Submit Form" /> </form>

Otherwise, just forget the Dreamweaver stuff and use: insert into CustomerRequests (productName, qty, cID) values (bananas, 2, 1044) and use same hidden fields in your form. You also need to capture the data submitted in the form and save it as variables, as you have already done: $quantity=$_POST['quantity'], etc.

I had so much trouble even submitting this info because of the "code submission not being properly formatted",so I hope you get this! Change < to < and > to > to make sense of this code. Good luck!

Answer 2

I'm not sure why you think you have a problem. The cID should be known because the customer is logged in. The pID should be known because your form should be using a dropdown list of products with the pID being used as the value.

Then it's a simple matter of doing an INSERT using those values, i.e.

<select id="product">
    <option value="pid001">Product One</option>
    <option value="pid002">Product Two</option>
    ... etc. ...
</select>

In other words, these values are all known before they hit your form.

Don't match product names with ID's after the fact; that's just adding extra work. If you have a value available then you should use it. Your form should already contain the association.

Create the dropdown based on a SELECT query from your Products table. Use the pID for the value and the pName for the content. That way, the data sent in the form is the foreign key you need in your INSERT.

<?php
    /* 
     * $arrProducts is the result from a query like
     * SELECT * FROM Products;
     */
    print '<select id="products">';
    foreach ($arrProducts as $arrProduct) {
        printf('<option value="%s">%s</option>', $arrProduct['pID'], $arrProduct['pName']);
    }
    print '</select>';
?>

Similarly, when you log your user in, get their cID and insert it into the session.

One other note, cease from using PHP's mysql_ family of functions. These are deprecated and due to be removed from a future release. They are prone to SQL Injection. You should be using either mysqli_ or PDO in your application. Both offer parameterized queries and prepared statement.

Answer 3

I think you should retrieve the product and customer IDs before displaying the form. Then, get the IDs from the form and insert them in the third table.