slj90 Posted January 17, 2010 Share Posted January 17, 2010 Hello, I have a form were you enter details which then go through an action page to be added to a database. All the fields work apart from Category, Cat and Desc. I can't for the life of me see why these don't work and the rest do. The form... <body> <h1 align="center">Add Product</h1> <p> <form name="form1" method="post" action="addProduct.php"> <h2>Product Details</h2> <p>Product Name <input name="txtProductName" type="text" id="txtProductName"> </p> <p>Cat <input name="txtProductCat" type="text" id="txtProductCat"> </p> <p>Category <input name="txtProductCategory" type="text" id="txtProductCategory"> </p> <p>Image <input name="txtProductImage" type="text" id="txtProductImage"> </p> <p>Size <input name="txtProductSize" type="text" id="txtProductSize"> </p> <p>Description <input name="txtProductDesc" type="text" id="txtProductDesc"> </p> <p>Price <input name="txtProductPrice" type="text" id="txtProductPrice"> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> The action script <?php //Include the connection details, open $connection and select database include ("connection.php"); $newProductName = $_POST['txtProductName']; $newProductCat = $_POST['txtProductCat']; $newProductCategory = $_POST['txtProductCategory']; $newProductImage = $_POST['txtProductImage']; $newProductSize = $_POST['txtProductSize']; $newProductDesc = $_POST['txtProdectDesc']; $newProductPrice = $_POST['txtProductPrice']; $query = "INSERT INTO Product (ProductName, ProductCat, ProductCategory, ProductImage, ProductSize, ProductDesc, ProductPrice) VALUES ('$newProductName', '$ProductCat', '$ProductCategory', '$newProductImage', '$newProductSize', '$newProductDesc', '$newProductPrice')"; // (4) Run query through connection $result = mysql_query($query); // (5) print message with ID of inserted record header("Location: productReceipt.php?"."ProductID=". mysql_insert_id($connection)); // (6) close connection mysql_close($connection); ?> Thank you Link to comment https://forums.phpfreaks.com/topic/188772-value-not-writing-to-database/ Share on other sites More sharing options...
Buddski Posted January 17, 2010 Share Posted January 17, 2010 Change $result = mysql_query($query); to $result = mysql_query($query) or trigger_error(mysql_error()); It will more than likely tell you what is wrong.. Link to comment https://forums.phpfreaks.com/topic/188772-value-not-writing-to-database/#findComment-996608 Share on other sites More sharing options...
oni-kun Posted January 17, 2010 Share Posted January 17, 2010 Your query is suseptable to SQL query injection (A nasty nasty thing). ALWAYS make sure to sanitize the data once retrieved from POST. Place this above in your action script: include ("connection.php"); //Sanitize data for input if(get_magic_quotes_gpc()): $_POST = array_map('stripslashes', $_POST); } $_POST = array_map('mysql_real_escape_string', $_POST); //Retrieve clean $_POST data. $newProductName = $_POST['txtProductName']; $newProductCat = $_POST['txtProductCat']; $newProductCategory = $_POST['txtProductCategory']; $newProductImage = $_POST['txtProductImage']; $newProductSize = $_POST['txtProductSize']; $newProductDesc = $_POST['txtProdectDesc']; $newProductPrice = $_POST['txtProductPrice']; EDIT: Updated code. Link to comment https://forums.phpfreaks.com/topic/188772-value-not-writing-to-database/#findComment-996610 Share on other sites More sharing options...
slj90 Posted January 17, 2010 Author Share Posted January 17, 2010 Thanks for the response.. Buddski - I tried your suggestion, it doesn't bring up an error or whats wrong, it just adds the other fields into the db. oni-kun - I add your suggested code and it still does the same. Thanks again Link to comment https://forums.phpfreaks.com/topic/188772-value-not-writing-to-database/#findComment-996611 Share on other sites More sharing options...
oni-kun Posted January 17, 2010 Share Posted January 17, 2010 Thanks for the response.. Buddski - I tried your suggestion, it doesn't bring up an error or whats wrong, it just adds the other fields into the db. oni-kun - I add your suggested code and it still does the same. Thanks again I assumed the previous message would have brought it to light, But you should keep the code I stated as you're allowing people to directly post into your database if not. Link to comment https://forums.phpfreaks.com/topic/188772-value-not-writing-to-database/#findComment-996614 Share on other sites More sharing options...
Buddski Posted January 17, 2010 Share Posted January 17, 2010 The problem is your query is calling variables that dont exist.. Your query is calling for '$ProductCat', '$ProductCategory' yet you have them defined as $newProductCat etc.. Edit: and your defining of the description has a typo.. Link to comment https://forums.phpfreaks.com/topic/188772-value-not-writing-to-database/#findComment-996616 Share on other sites More sharing options...
slj90 Posted January 17, 2010 Author Share Posted January 17, 2010 I have made new columns named 'ProductC' and 'ProductD' and used them in the code just like the others and they are working fine. So I will just use them instead . Thanks for your help guys Link to comment https://forums.phpfreaks.com/topic/188772-value-not-writing-to-database/#findComment-996618 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.