burntheblobs

Sorry to bump this, but this still isn't solved. Thanks guys!

Did wrong how? What exactly is happening? You need to be much more specific.

I have a form in another spot in the program that generates the $field. I was under the impression that $_POST was an array that you could assign a key and a value to. It seems to be working for all my other processes. Sorry for not including code earlier, I realize this it's kind of hard to help me when I'm being stingy with code. Anyway, I was thinking that "experienceRating" would be the $field and $value would be whatever the value was.

All of this is inside a foreach loop. $field is the field name. $value is what is entered into the field. foreach ($_POST as $field => $value)

Thank you for the reply. I modified the code in a way that it SHOULD work, but it still doesn't work for some reason. Here is my code. if ($field == "Age" or $field == "firstRating" or $field == "secondRating" or $field == "thirdRating") { if (empty($_POST[$field])) { echo "<font color='red'>You have not filled in a "; convertLabel($field); echo "!<br></font>"; $badform = "yes"; }

$query = "INSERT INTO post (Id,comment,first,second,third,posterIp,postDate) VALUES ('".mysqli_insert_id($cxn)."','sprintf('%s',mysqli_real_escape_string($_POST[Comment]))','$_POST[firstRating]', '$_POST[secondRating]','$_POST[thirdRating]','".getIp()."', '".date("Y/m/d")."')";

Thank you for the link. I didn't even think about that kind of security flaw. I now have this in my code and for some reason it is bad sql syntax and it can't even execute the query now no matter what. 'sprintf('%s',mysqli_real_escape_string($_POST[Comment]))'

<tr> <td> <input type='radio' name='experienceRating' value='0'> </td><td> <input type='radio' name='experienceRating' value='1'> </td><td> <input type='radio' name='experienceRating' value='2'> </td><td> <input type='radio' name='experienceRating' value='3'> </td><td> <input type='radio' name='experienceRating' value='4'> </td><td> <input type='radio' name='experienceRating' value='5'> </td><td> <input type='radio' name='experienceRating' value='6'> </td><td> <input type='radio' name='experienceRating' value='7'> </td><td> <input type='radio' name='experienceRating' value='8'> </td><td> <input type='radio' name='experienceRating' value='9'> </td><td> <input type='radio' name='experienceRating' value='10'> </td></tr> if ($field == "experienceRating") { if ($value == "") { echo "<font color='red'>You have not filled in a "; convertLabel($field); echo "!<br></font>"; $badform = "yes"; }

When I send a variable through mysql that contains a ' (the variable being inserted points to text that contains the ' character) it creates an error in the query. Is there any way around this?

I have a set of 10 radio buttons, all with the same name, and I am trying to write something that checks to see if any button has been checked. The simple $value == "" doesn't seem to be working. I also would like to try to avoid checking to see if there isn't a match for every possible value.

I love you guys. Solved.

When I try to run this query, it seems to not like the mysqli_insert_id($cxn) that I put in. Here is my code, and the error message that follows. Any ideas? $query = "INSERT INTO person (personName,personAge,personSchool,personCity,personState) VALUES ('$_POST[person_Name]','$_POST[person_Age]','$_POST[person_School]', '$_POST[person_City]','$_POST[state]')"; $result = mysqli_query($cxn,$query) or die ("Couldn't execute query"); $query = "INSERT INTO date (personId,comment) VALUES ('mysqli_insert_id($cxn)','$_POST[Comment]')"; $result = mysqli_query($cxn,$query) or die ("Couldn't execute query"); Catchable fatal error: Object of class mysqli could not be converted to string in

Ok, I got it to work. For some reason it really wanted me to put the connection variable in the function.

I know this should be working, but it doesn't for some reason. I tried to just run "mysqli_insert_id();" to see if it would at least echo out the last Id, and it gave me this error: Warning: mysqli_insert_id() expects exactly 1 parameter, 0 given in

I am running a php script that submits information for two tables at once. The mysql has tables that look something like this: TABLE person COLUMN personId (primary key, auto-increment) COLUMN personAge TABLE post COLUMN postId (primary key, auto-increment) COLUMN personId COLUMN postInfo The problem is that I want to be able to submit the information for the "person" table, and then somehow grab the "personId" for the information I just submitted and apply that to "personId" for the "post" table. I want to do this without making the user have to search through the database and pick out what they just submitted via form.

I have a database search on one of my pages and I am trying to break up every ten results with a new page. The problem is trying to figure out a way to get results from a certain row number on (i.e. page two would start at row number 11, not the first row). Keep in mind this isn't as simple as selection row number 11 from the database because it has two be row 11 from the array of search results. Any thoughts?

I want to try and create a conditional that checks if anything is returned by a mysql query. For example something like this: $query = "SELECT School_Name FROM school WHERE schoolName='$school'"; $result = mysqli_query($cxn,$query) or die ("Couldn't execute query."); extract(mysqli_fetch_assoc($result)); if (extract(mysqli_fetch_assoc($result)) = "") { Do things } But it isn't working. Any ideas?

1. The submit is in the middle so it appears as an input field with the search button lined up, then the checkboxes on a different line. Aesthetics. (don't forgot this is a search form!) 2. Placing the function at the top does not solve the problem.

That shouldn't effect things. And I use very similar functions in other scripts with no problems whatsoever.

I have a search form that reads both an input field and a checkbox selection. It seems that when I check the appropriate checkbox and enter in an appropriate search query, nothing is echoed. However, if I check the correct checkbox again, then hit submit again, it will echo the correct results, just like it is suppose to. Here is the form code in my html section: <form method="post" action="search.php"> <input type="text" size="45" maxlength="45" name="date_Name" style="vertical-align:middle;"> <input type="image" SRC="images/searchbutton.png" ALT="Submit button" style="vertical-align:middle;"><br> <input type="radio" name="checkBox" value="name">Name <input type="radio" name="checkBox" value="school">School </form> And here is the procession section: if ($_POST[checkBox] == "name") { $query = "SELECT dateName FROM date WHERE dateName LIKE '%$_POST[date_Name]%' ORDER BY dateName"; $result = mysqli_query($cxn,$query) or die ("Couldn't execute query."); showInfo($result); } function showInfo($result) { while ($row = mysqli_fetch_assoc($result)) { extract($row); echo "<a href='viewdate.php?date=$dateName'>$dateName</a><br><br>"; } }

For some reason, this function will not return $cxn. Here a simple function that I am using to connect to my database. If I just stick the code right in my program it works, however if I try to call it as a function, it does not. Even when I put the information directly into the $cxn variable, it does not work. function dbconnect() { $user="MYUSERNAME"; $host="localhost"; $password="MYPASSWORD"; $database="MYDATABASE"; $cxn = mysqli_connect($host,$user,$password,$database) or die ("Couldn't Connect to server."); return $cxn; }

You are correct. Thank you!

For some reason this script returns two extra numbers (even though the form only submits letters) when I am returning the $value variable in the section that processes the form. The form is only four fields long, but when I echo $value, it shows the four values from the form plus two more values. I'm a little confused. Hopefully someone can help. <?php if ($action != processform) { dateForm(); } if ($action == processform) { $badform = "no"; foreach ($_POST as $field => $value) { if ($value == "") { echo "<font color='red'>You have not filled in a "; convertLabel($field); echo "!<br></font>"; $badform = "yes"; } echo "$value"; if (!ereg("^[A-Za-z '-]{0,50}$",$value) ) { echo "<font color='red'>"; convertLabel($field); echo " has invalid characters!<br></font>"; $badform = "yes"; } } } if ($badform == "yes") { dateForm(); } if ($badform == "no") { echo "Success!"; } function dateForm() { echo "<b> <font size='4'>Add A Date!</font><br><br>"; $labels = array ("Date_Name" => "Date's Name", "Date_School" => "Date's School", "Date_City" => "Date's City", "Date_State" => "Date's State"); echo "<form action='newdate.php?action=processform' method='POST'>\n"; foreach ($labels as $field => $label) { $value = $_POST[$field]; echo "$label <br><input type='text' name='$field' value='$value' size='50' maxlength '50'>"; if ($field == "Date_School") { echo " </b><font size='2'><a href='newschool.php'>New School?</a></font><b>"; } echo "<br><br>\n"; } echo "<input type='image' SRC='images/adddatebutton.png' ALT='Submit button'></form>"; } function convertLabel($field) { if ($field == "Date_Name") { $label = "Date Name"; } if ($field == "Date_School") { $label = "Date School"; } if ($field == "Date_City") { $label = "Date City"; } if ($field == "Date_State") { $label = "Date State"; } echo "$label"; } ?>