user2921351
Reputation: 21
How to insert $_GET[variable] in mysql query
I want to GET an ID from the url e.g.: www.example.com/upload.php?sc=1
and input the ID into my database. I have attached my code, however the ID does not get inserted in the database. Kindly help me in order to get the ID also stored in the database.
Thanks
<?php require_once '../database.php'; ?>
<?php $eventid = $_GET['event']; ?>
<?php $sc = $_GET['sc']; ?>
</head>
<body>
<?php
$result = mysql_query("SELECT * FROM category");
while($row = mysql_fetch_array($result)){
echo "<a href=?event=" . $row['id'] .">" . $row['category'] . "</a> ";
}
?><br>
<?php
$result = $db->query("SELECT * FROM sub_category WHERE category_id LIKE '" . $eventid . "';");
$event = $result->fetch();
?>
<?php
echo "<a href=?event=" . $row['id'] .">" . $row['category'] . "</a> ";
?>
<?php
echo "<a href=?sc=" . $event['id'] .">" . $event['sub_category'] . "</a> ";
?>
<form method="POST" action="upload1.php" enctype="multipart/form-data" id="subForm">
<b>Upload your file here</b>
<br/>
<span>Name:*</span> <input name="name" type="text" class="required"><br/>
Description:* <input name="description" type="text" class="required"><br/><br/>
Thumbnail Size: 400px X 400px | Featured Image Size: 2100px X 525px<br><br>
Browse:*<input name="userfile" type="file" class="required"> <br>
<br/>
<input type="submit" value="Upload" style="width: 150px">
</form>
<?php
$name = $_POST['name'];
$description = $_POST['description'];
$sc = $_GET['sc'];
$kj=$sc;
if(empty($name)) {
echo("<br>All the above details must filled in! We dont want monkeys on the page!");
}
else {
$target="images/";
$target.=$_FILES['userfile']['name'];
move_uploaded_file($_FILES['userfile']['tmp_name'],$target);
move_uploaded_file($_FILES['userfile']['tmp_name'],$target);
mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('".$target."', '$_POST[name]', '$_POST[description]', '".$sc."')") or die( mysql_error());
echo "<br>File Successfully Uploaded!";
}
?>
Upvotes: 0
Views: 2627
Answers (3)
Zeeshan
Reputation: 1675
instead of this
mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('".$target."', '$_POST[name]', '$_POST[description]', '".$sc."')") or die( mysql_error());
Use this, And also your Query is not secure from SQL INJECTION. Use mysql_real_escape_string
mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES
('".$target."', '".mysql_real_escape_string($name)."',
'".mysql_real_escape_string($description)."', '".mysql_real_escape_string($sc)."')")
or die( mysql_error());
Upvotes: 0
Prashant Parekh
Reputation: 428
Try this,
<?php
$sc = $_GET['sc'];
$result = $db->query("INSERT INTO your_db_table SET field = ".$sc."");
?>
Upvotes: 0
xate
Reputation: 6379
mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('".$target."', '$_POST[name]', '$_POST[description]', '".$sc."')") or die( mysql_error());
This line probably killing. Try this instead:
mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('" . $target . "', '$name', '$description', '" . $sc . "')") or die(mysql_error());
You have set
$name = $_POST['name'];
$description = $_POST['description'];
$sc = $_GET['sc'];
$kj = $sc;
just before! and in your query you have used
$_POST[name];
which is 1. incorrect because of missing ' and ' before and after the name, and 2. you have a variable $name for it declared just before.
Upvotes: 1
Related Questions
- PHP MYSQL - $_GET and Query Issue
- $_GET does not work
- $_GET variable is query not working when passed
- PHP Variable into MySQL Query?
- PHP Echo results where input LIKE $_GET
- PHP post $_GET variable in table field
- $_GET with MySQL query
- $_GET variable Array with MySQL Query
- Passing $_GET into mySQL query
- MySQL Query using $_GET