cs.punk Posted January 7, 2009 Share Posted January 7, 2009 ??? ??? ??? Ok heres the code <?php $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("firstdatabase", $con); $query = "SELECT * FROM shop_stock WHERE Item = ('$_POST[item]') "; $result = "mysql_query($con,$query)" or die ("Couldnt execute query select and where query."); $row = "mysql_fetch_array($result)"; $sql = "INSERT INTO homepage_special(Item, Amount, ID) VALUES ( ($row['Item']),($row['Amount']),($row['ID']) )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record has been sucsessfuly added!"; ?> What exactly must I insert into the $sql = "INSERT INTO homepage_special(Item, Amount, ID) VALUES ( ($row['Item']),($row['Amount']),($row['ID']) )"; ? Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/ Share on other sites More sharing options...
premiso Posted January 7, 2009 Share Posted January 7, 2009 First off, you do not put functions inside quotes: $result = "mysql_query($con,$query)" $row = "mysql_fetch_array($result)"; Both should be: $result = mysql_query($con,$query) $row = mysql_fetch_array($result); Second when using variables inside of strings that are arrays: $query = "SELECT * FROM shop_stock WHERE Item = '{$_POST[item]}' "; You use { } to surround them. Fix those issues and then see if you still have that question. Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/#findComment-731642 Share on other sites More sharing options...
bluesoul Posted January 7, 2009 Share Posted January 7, 2009 Second when using variables inside of strings that are arrays: $query = "SELECT * FROM shop_stock WHERE Item = '{$_POST[item]}' "; You use { } to surround them. Fix those issues and then see if you still have that question. Huh. Never knew about that shortcut, I always assigned them to new vars just to be safe. Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/#findComment-731645 Share on other sites More sharing options...
premiso Posted January 7, 2009 Share Posted January 7, 2009 Second when using variables inside of strings that are arrays: $query = "SELECT * FROM shop_stock WHERE Item = '{$_POST[item]}' "; You use { } to surround them. Fix those issues and then see if you still have that question. Huh. Never knew about that shortcut, I always assigned them to new vars just to be safe. Yea I did not point that his code is very prone to SQL Injection without escaping $_POST. Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/#findComment-731689 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.