wuno
Reputation: 9885
inserting variables in sql statement
I am trying to get the right syntax to insert the variables from my form in to the database table.
here is my form...
<form name="texcom_daily" method="POST" action="actions/siteSubmit.php">
<input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" />
<table width="450px">
</tr>
<tr>
<td valign="top">
<label for="first_name">First name *</label>
</td>
<td valign="top">
<input type="text" value="<?php echo $_SESSION['first'] ?>" name="first_name" maxlength="50" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="last_name">Last name *</label>
</td>
<td valign="top">
<input type="text" value="<?php echo $_SESSION['last']?>" name="last_name" maxlength="50" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="email">Email Address *</label>
</td>
<td valign="top">
<input type="text" name="email" value="<?php echo $_POST['email']?>" maxlength="80" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="telephone">Telephone Number *</label>
</td>
<td valign="top">
<input type="text" name="telephone" value="<?php echo $_POST['telephone']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="truck_number">Truck Number *</label>
</td>
<td valign="top">
<input type="text" name="truck_number" value="<?php echo $_POST['truck_number']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="truck_milage">Truck Mileage *</label>
</td>
<td valign="top">
<input type="text" name="truck_mileage" value="<?php echo $_POST['truck_mileage'] ?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="carrier">Carrier *</label>
</td>
<td valign="top">
<input type="text" name="carrier" maxlength="40" value="<?php echo $_POST['carrier']?>" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="site_number">Site Number *</label>
</td>
<td valign="top">
<input type="text" name="site_number" value="<?php echo $_POST['site_number']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="lat">Latitude:</label>
</td>
<td valign="top">
<INPUT type="text" name="lat" ID="lat" value="<?php echo $_POST['lat']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="longitude">Longitude:</label>
</td>
<td valign="top">
<input type="text" name="longitude" ID="longitude" value="<?php echo $_POST['longitude']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="comments">Comments *</label>
</td>
<td valign="top">
<textarea name="comments" maxlength="1000" cols="40" rows="6"><?php echo $_POST['comments']?></textarea>
</td>
</tr>
<tr>
<td valign="top">
<label for="job_completion">Job Completion *</label>
<td colspan="2" style="text-align">
<?php $job_completion = isset($_POST['job_completion']) ? $_POST['job_completion'] : ''; ?>
<input type="radio" name="job_completion" value="Yes" <?php echo $job_completion === 'Yes' ? "checked='checked'" : ''?> > Yes
<input type="radio" name="job_completion" value="No" <?php echo $job_completion === 'No' ? "checked='checked'" : ''?>> No
</td>
</tr>
</table>
</form>
here is the sql statements. the first one works but the sql2 is not entering data into the database.
$sql = "INSERT INTO documents (id, userid, description, name, date) VALUES (NULL, {$_SESSION['id']}, '{$description}' ,'{$filename}', NOW())";
$success = mysql_query($sql);
$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion)
VALUES ( '$_POST[first]', '$_POST['last']', '$_POST['email']', '$_POST['telephone']', '$_POST['truck_number']', '$_POST['truck_mileage']', '$_POST['carrier']', '$_POST['site_number']', '$_POST['lat']', '$_POST['longitude']', '$_POST['comments']', '$_POST['job_completion']')";
$success2 = mysql_query($sql2);
Upvotes: 0
Views: 65
Answers (2)
user3111737
Reputation:
You have a typo here: '$_POST[first]' And I would prefer to concatenate the variables instead. Bothersome, but secure way. Try this instead:
"INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES ('" . $_POST['first'] . "', '" . $_POST['last'] "', '" ... etc
Upvotes: 0
NetStack
Reputation: 208
Try this. You should always escape values using mysql_real_escape_string before submitting values to a database.
$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES ( '" . $_POST['first'] . "', '" . $_POST['last'] . "', '" . $_POST['email'] . "', '" . $_POST['telephone']. "', '" . $_POST['truck_number'] . "', '" . $_POST['truck_mileage'] . "', '" . $_POST['carrier'] . "', '" . $_POST['site_number'] . "', '" . $_POST['lat'] . "', '" . $_POST['longitude'] . "', '" . $_POST['comments'] . "', '" . $_POST['job_completion'] . "')";
Upvotes: 1
Related Questions
- insert variable into database using php
- SQL Variable Inserting INSIDE mysql_query
- php mysql insert statement using variables
- How to insert a php variable in an sql query? Mistake in my query?
- how to insert a php variable in a sql query?
- What is the correct way to insert a variable for an sql query
- PHP variables necessary for insertion into SQL statement
- how to insert multiple variables into a sql query
- Inserting into database php variables
- Inserting Variables In MySQL Query