cs.punk Posted January 7, 2009 Share Posted January 7, 2009 ??? ??? ??? Ok heres the code <?php $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("firstdatabase", $con); $query = "SELECT * FROM shop_stock WHERE Item = ('$_POST[item]') "; $result = "mysql_query($con,$query)" or die ("Couldnt execute query select and where query."); $row = "mysql_fetch_array($result)"; $sql = "INSERT INTO homepage_special(Item, Amount, ID) VALUES ( ($row['Item']),($row['Amount']),($row['ID']) )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record has been sucsessfuly added!"; ?> What exactly must I insert into the $sql = "INSERT INTO homepage_special(Item, Amount, ID) VALUES ( ($row['Item']),($row['Amount']),($row['ID']) )"; ? Quote Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/ Share on other sites More sharing options...
premiso Posted January 7, 2009 Share Posted January 7, 2009 First off, you do not put functions inside quotes: $result = "mysql_query($con,$query)" $row = "mysql_fetch_array($result)"; Both should be: $result = mysql_query($con,$query) $row = mysql_fetch_array($result); Second when using variables inside of strings that are arrays: $query = "SELECT * FROM shop_stock WHERE Item = '{$_POST[item]}' "; You use { } to surround them. Fix those issues and then see if you still have that question. Quote Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/#findComment-731642 Share on other sites More sharing options...
bluesoul Posted January 7, 2009 Share Posted January 7, 2009 Second when using variables inside of strings that are arrays: $query = "SELECT * FROM shop_stock WHERE Item = '{$_POST[item]}' "; You use { } to surround them. Fix those issues and then see if you still have that question. Huh. Never knew about that shortcut, I always assigned them to new vars just to be safe. Quote Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/#findComment-731645 Share on other sites More sharing options...
premiso Posted January 7, 2009 Share Posted January 7, 2009 Second when using variables inside of strings that are arrays: $query = "SELECT * FROM shop_stock WHERE Item = '{$_POST[item]}' "; You use { } to surround them. Fix those issues and then see if you still have that question. Huh. Never knew about that shortcut, I always assigned them to new vars just to be safe. Yea I did not point that his code is very prone to SQL Injection without escaping $_POST. Quote Link to comment https://forums.phpfreaks.com/topic/139851-extract-data-from-row-into-database-simple-thing-i-think/#findComment-731689 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.