herghost Posted April 9, 2009 Share Posted April 9, 2009 Hi all, I am trying add information to a database once a user has logged in. The form looks like this: <?php session_start(); include('include/database.php'); ?> <form id="updateBandinfo" name="bandInfo" method="post" action="updatebandinfo.php"> <table border="0"> <tr> <td width="185">Genre</td> <td width="87"><select name="genre"> <option value="Rock">Rock</option> <option value="Pop">Pop</option> <option value="Punk">Punk</option> <option value="PunkPop">Punk Pop</option> <option value="Metal">Metal</option> </select> <br></td> </tr> <tr> <td>Year Formed</td> <td><input name="formed" type="text" class="textfield" id="formed" /></td> </tr> </table> <br /> <input type="submit" name="Submit" value="Update" /> </form> and calls: <?php //Start session session_start(); //Include database connection details require_once('include/database.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $userid = $_SESSION['SESS_USERID']; $bandname = $_SESSION['SESS_BANDNAME']; $genre = clean($_POST['genre']); $formed = clean($_POST['formed']); //Input Validations if($formed == '') { $errmsg_arr[] = 'Year Formed is Missing'; $errflag = true; } //Create INSERT query $qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { header("location: member_home.php"); exit(); }else { die("Query failed"); } ?> databse is called bandinfo and is as follows userid, bandname, genre, formed When this query is run it dies I am guessing it is something to do with: //Sanitize the POST values $userid = $_SESSION['SESS_USERID']; $bandname = $_SESSION['SESS_BANDNAME']; these sessions are called from the original login script, I was guessing that I could create an array from session data but now I am not so sure, is this possible? and if so have i done it correctly? Thanks Quote Link to comment Share on other sites More sharing options...
herghost Posted April 9, 2009 Author Share Posted April 9, 2009 Dont actually know what I changed, buit it works now!?! Quote Link to comment Share on other sites More sharing options...
Maq Posted April 10, 2009 Share Posted April 10, 2009 Glad it's working now. Could you put up the new copy in case anyone run into similar issue? Also, please mark as [sOLVED], thanks! Quote Link to comment Share on other sites More sharing options...
herghost Posted April 10, 2009 Author Share Posted April 10, 2009 For all, this is the new copy: <?php //Start session session_start(); //Include database connection details require_once('include/database.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $userid = $_SESSION['SESS_USERID']; $bandname = $_SESSION['SESS_BANDNAME']; $genre = clean($_POST['genre']); $formed = clean($_POST['formed']); //Input Validations if($formed == '') { $errmsg_arr[] = 'Year Formed is Missing'; $errflag = true; } //Create INSERT query $qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { header("location: member_home.php"); exit(); }else { die(mysql_error()); } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.