burntheblobs

Sorry to bump this, but this still isn't solved. Thanks guys!

Did wrong how? What exactly is happening? You need to be much more specific.

I have a form in another spot in the program that generates the $field. I was under the impression that $_POST was an array that you could assign a key and a value to. It seems to be working for all my other processes. Sorry for not including code earlier, I realize this it's kind of hard to help me when I'm being stingy with code. Anyway, I was thinking that "experienceRating" would be the $field and $value would be whatever the value was.

All of this is inside a foreach loop. $field is the field name. $value is what is entered into the field. foreach ($_POST as $field => $value)

Thank you for the reply. I modified the code in a way that it SHOULD work, but it still doesn't work for some reason. Here is my code. if ($field == "Age" or $field == "firstRating" or $field == "secondRating" or $field == "thirdRating") { if (empty($_POST[$field])) { echo "<font color='red'>You have not filled in a "; convertLabel($field); echo "!<br></font>"; $badform = "yes"; }

$query = "INSERT INTO post (Id,comment,first,second,third,posterIp,postDate) VALUES ('".mysqli_insert_id($cxn)."','sprintf('%s',mysqli_real_escape_string($_POST[Comment]))','$_POST[firstRating]', '$_POST[secondRating]','$_POST[thirdRating]','".getIp()."', '".date("Y/m/d")."')";

Thank you for the link. I didn't even think about that kind of security flaw. I now have this in my code and for some reason it is bad sql syntax and it can't even execute the query now no matter what. 'sprintf('%s',mysqli_real_escape_string($_POST[Comment]))'

<tr> <td> <input type='radio' name='experienceRating' value='0'> </td><td> <input type='radio' name='experienceRating' value='1'> </td><td> <input type='radio' name='experienceRating' value='2'> </td><td> <input type='radio' name='experienceRating' value='3'> </td><td> <input type='radio' name='experienceRating' value='4'> </td><td> <input type='radio' name='experienceRating' value='5'> </td><td> <input type='radio' name='experienceRating' value='6'> </td><td> <input type='radio' name='experienceRating' value='7'> </td><td> <input type='radio' name='experienceRating' value='8'> </td><td> <input type='radio' name='experienceRating' value='9'> </td><td> <input type='radio' name='experienceRating' value='10'> </td></tr> if ($field == "experienceRating") { if ($value == "") { echo "<font color='red'>You have not filled in a "; convertLabel($field); echo "!<br></font>"; $badform = "yes"; }

When I send a variable through mysql that contains a ' (the variable being inserted points to text that contains the ' character) it creates an error in the query. Is there any way around this?

I have a set of 10 radio buttons, all with the same name, and I am trying to write something that checks to see if any button has been checked. The simple $value == "" doesn't seem to be working. I also would like to try to avoid checking to see if there isn't a match for every possible value.

I love you guys. Solved.

When I try to run this query, it seems to not like the mysqli_insert_id($cxn) that I put in. Here is my code, and the error message that follows. Any ideas? $query = "INSERT INTO person (personName,personAge,personSchool,personCity,personState) VALUES ('$_POST[person_Name]','$_POST[person_Age]','$_POST[person_School]', '$_POST[person_City]','$_POST[state]')"; $result = mysqli_query($cxn,$query) or die ("Couldn't execute query"); $query = "INSERT INTO date (personId,comment) VALUES ('mysqli_insert_id($cxn)','$_POST[Comment]')"; $result = mysqli_query($cxn,$query) or die ("Couldn't execute query"); Catchable fatal error: Object of class mysqli could not be converted to string in

Ok, I got it to work. For some reason it really wanted me to put the connection variable in the function.

I know this should be working, but it doesn't for some reason. I tried to just run "mysqli_insert_id();" to see if it would at least echo out the last Id, and it gave me this error: Warning: mysqli_insert_id() expects exactly 1 parameter, 0 given in

I am running a php script that submits information for two tables at once. The mysql has tables that look something like this: TABLE person COLUMN personId (primary key, auto-increment) COLUMN personAge TABLE post COLUMN postId (primary key, auto-increment) COLUMN personId COLUMN postInfo The problem is that I want to be able to submit the information for the "person" table, and then somehow grab the "personId" for the information I just submitted and apply that to "personId" for the "post" table. I want to do this without making the user have to search through the database and pick out what they just submitted via form.