Jump to content

[SOLVED] insert into table

mescal

By mescal
in PHP Coding Help

Recommended Posts

theinfamousmielie Newbie

theinfamousmielie

Posted
Posted

of course it is, but it's terribly ... TERRIBLY ... bad practice - think of the security holes giving URL access to your database  :-\

 

if you absolutely have to do this, think about what kind of queries you're going to be writing, and segment them in your code so that you can just have portions in the URL that you can validate and REGEXP to ensure no SQL injections.

 

for example:

 

page.php?t=content&func=add&c=user_id&r=2&f=heading&c=text

 

could translate into something like:

 

INSERT INTO content (heading) VALUES ('text') WHERE `user_id` = 2

 

 

 

...

 

 

although i still strongly advise against.

theinfamousmielie Newbie

theinfamousmielie

Posted
Posted

well, an 'onclick' is a javascript function, while a form submission is a browser/http function, so you could make an 'onclick' thing on a button or field inside a form, but then i would have a javascript function that opens a small PHP script with the database connection and the query inside of it in a new window, and then close that window automatically ... but it's a popup.

 

Remember that your database's security is important ... the more exposed your queries are, the riskier it gets.

 

It's tough to give you more 'solid' advice since i'm not sure how necessary it is for you to do it like you're doing, but if you give me more details about the logical flow of things, maybe i can suggest an alternative route?

mescal Newbie

mescal

Posted
  • Author
Posted

ok,

 

i will try to stay simple because it is complex.

I 've wroten this auction site. Visitors have to log in in order to make a bid.

so when they come thru the searchpage on the displaypage the visitors have a button to make their bid, but my client wants them to have the opportunity to click on an item to put that item on a favouritespage so they can followup that item all along the auction.

 

the displaypage is constructed from 2 tables the table with all the items and the bidtable where all bids are coming together. i want to insert a "zerobid" into that table.That's also the table where every visitor can view his bids.

 

thx in advance

mescal

 

theinfamousmielie Newbie

theinfamousmielie

Posted
Posted

I see.

 

Let me talk (or type) it all out, correct me if i'm wrong on anything, or if it doesn't make sense. It isn't necessarily a representation of what you have, nor is it what you SHOULD have, it's just some food for thought.

 

 

 

Okay, let's assume that you have a products page with products listed from a table (we'll call it 'product'). each item has a unique ID. To make a bid on any of these products, a user has to be logged in, so you could set a Session containing the logged-in user's ID. Users should be able to click on a button to 'add to wishlist' (the favourites page), but to show the page that they were on in the first place with the product list as it was (as if there was no change).

 

In my opinion, you'll need more than your two tables:

============

product  (containing the products ... you have something like this already)

users  (containing the users ... you already have something like this)

userfavourites  (this is a simple interjoining table containing a product id and a user id .... you can then run queries to display their wishlist based on the products here ... using INNER JOIN)

bids  (containing the bids ... which you already have, and obviously contains a reference to the product id

============

 

Don't put whole products in forms ... in fact stay away from forms when dealing with database stuff of this nature, because forms can be hijacked if you're not careful.

 

Instead, maybe create two seperate PHP scripts, AddToWishlist.php?ProductID=XXX  and BidForProduct.php?ProductID=XXX ... then use the $_GET to pull that product id, run a query etc etc. For AddToWishlist.php, simply insert into the 'userfavourites' table the product id in the $_GET, the user id in the $_SESSION ... and then use header('location: ' . $_SERVER['HTTP_REFERER']); to go back to the previous page.

 

This solution may be vague and could even be impractical for you, but like i said, it's food for thought.

 

Let me know what else i can do :)

 

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.