Kingy Posted September 26, 2009 Share Posted September 26, 2009 I am trying to run an insert function to insert data into a shopping cart. The issue i'm having is, when the data goes to be inserted, it won't insert if i'm using more than one variable. For instance, the orderNo is the session_id and the itemNo is the id of the product. BUT if I try and go insert into ... (orderNo, itemNo) VALUES ('" . session_id() . "', '" . $productID . "') that won't work.. where as insert into ... (orderNo, itemNo) VALUES ('dsafksdajff34kf', '" . $productID . "') will work. It will also work if i put session_id() and then enter in a manual ID number (Eg: 3), but not if I use both variables. Here is my code: <?php $db = sqlite_open('includes/product.db'); function productInsert ($db, $id) { $sid = session_id(); $insert = "INSERT INTO shopping_cart (itemNo, orderNo) VALUES ('" . $id . "', '" . $sid . "')"; $result = sqlite_query($data, $insert); } ?> Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted September 26, 2009 Share Posted September 26, 2009 <?php $db = sqlite_open('includes/product.db'); function productInsert ($db, $id) { $sid = session_id(); $insert = "INSERT INTO shopping_cart (itemNo, orderNo) VALUES ('$id', ' $sid')"; $result = sqlite_query($data, $insert); } ?> Try code above Quote Link to comment Share on other sites More sharing options...
Kingy Posted September 26, 2009 Author Share Posted September 26, 2009 Ah thankyou. The space made it work. Cheers. Any reasoning behind having to have the space in there? Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted September 26, 2009 Share Posted September 26, 2009 Which space I only remove your "., which seems to be incorrect in mysql they always recognize the value inside ' so the correct one is ('yourvalue') so if you put the code like this ('" . $id . "', '" . $sid . "') <===then it will look like ('".yourvalue."') hope could help Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 26, 2009 Share Posted September 26, 2009 That was funny..... also where the validation and mysql_real_escape_string() database protection? Quote Link to comment Share on other sites More sharing options...
Kingy Posted September 26, 2009 Author Share Posted September 26, 2009 Which space I only remove your "., which seems to be incorrect in mysql they always recognize the value inside ' so the correct one is ('yourvalue') so if you put the code like this ('" . $id . "', '" . $sid . "') <===then it will look like ('".yourvalue."') hope could help lol well if you look closely at your code you put a space between ' and $sid. The space is the reason why it now works. I did try your way before doing it my way with no luck. It turns out the space for some reason makes it work. I have no idea why. I'm not complaining though. Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 26, 2009 Share Posted September 26, 2009 you got told how to do it properly owe well... Apart from that i was trying to find a way to validate the current session_id() but i think the only way is to make sure isset that it? wonder if that correct anybody? programmers way lol, me the daddy of php i wish so wish. <?php $db = sqlite_open('includes/product.db'); function productInsert ($db, $id) { $sid = session_id(); $insert = "INSERT INTO shopping_cart (itemNo, orderNo) VALUES ('".mysql_real_escape_string($_POST['id'])."' , '".mysql_real_escape_string($_POST['sid'])."')"; $result = sqlite_query($data, $insert); } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.