Jump to content

[SOLVED] Add to database woes

herghost

By herghost
in PHP Coding Help

Recommended Posts

herghost Advanced Member

herghost

Posted
Posted

Hi all,

 

I am trying add information to a database once a user has logged in.

 

The form looks like this:

 

<?php
session_start();

include('include/database.php');
?>

<form id="updateBandinfo" name="bandInfo" method="post" action="updatebandinfo.php">
  <table border="0">
  <tr>
    <td width="185">Genre</td>
    <td width="87"><select name="genre">
      <option value="Rock">Rock</option>
      <option value="Pop">Pop</option>
      <option value="Punk">Punk</option>
      <option value="PunkPop">Punk Pop</option>
      <option value="Metal">Metal</option>
    </select>
      <br></td>
  </tr>
  <tr>
    <td>Year Formed</td>
    <td><input name="formed"  type="text" class="textfield" id="formed" /></td>
  </tr>
  </table>
  <br />
   <input type="submit" name="Submit" value="Update" />
</form>

 

and calls:

 

<?php
//Start session
session_start();

//Include database connection details
require_once('include/database.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;


//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$userid = $_SESSION['SESS_USERID'];
$bandname = $_SESSION['SESS_BANDNAME'];

$genre = clean($_POST['genre']);
$formed = clean($_POST['formed']);


//Input Validations


if($formed == '') {
	$errmsg_arr[] = 'Year Formed is Missing';
	$errflag = true;
}




//Create INSERT query
$qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )";
$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	header("location: member_home.php");
	exit();
}else {
	die("Query failed");
}
?>

 

databse is called bandinfo and is as follows userid, bandname, genre, formed

 

When this query is run it dies

 

I am guessing it is something to do with:

 

//Sanitize the POST values
$userid = $_SESSION['SESS_USERID'];
$bandname = $_SESSION['SESS_BANDNAME'];

 

these sessions are called from the original login script, I was guessing that I could create an array from session data but now I am not so sure, is this possible? and if so have i done it correctly?

 

Thanks

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/153396-solved-add-to-database-woes/
Share on other sites
herghost Advanced Member

herghost

Posted
  • Author
Posted

For all, this is the new copy:

 

<?php
//Start session
session_start();

//Include database connection details
require_once('include/database.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;


//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$userid = $_SESSION['SESS_USERID'];
$bandname = $_SESSION['SESS_BANDNAME'];

$genre = clean($_POST['genre']);
$formed = clean($_POST['formed']);


//Input Validations


if($formed == '') {
	$errmsg_arr[] = 'Year Formed is Missing';
	$errflag = true;
}



//Create INSERT query
$qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )";
$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	header("location: member_home.php");
	exit();
}else {
	die(mysql_error());

}
?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.