Jump to content

Value not writing to database

slj90

By slj90
in PHP Coding Help

 Share

Recommended Posts

slj90 Advanced Member

slj90

Posted
Posted

Hello,

 

I have a form were you enter details which then go through an action page to be added to a database. All the fields work apart from Category, Cat and Desc.

 

I can't for the life of me see why these don't work and the rest do.

 

The form...

 

<body>
<h1 align="center">Add Product</h1>
<p>
<form name="form1" method="post" action="addProduct.php">
  <h2>Product Details</h2>
  <p>Product Name
    <input name="txtProductName" type="text" id="txtProductName">
  </p>
  <p>Cat
    <input name="txtProductCat" type="text" id="txtProductCat">
  </p>
  <p>Category
    <input name="txtProductCategory" type="text" id="txtProductCategory">
  </p>
  <p>Image 
    <input name="txtProductImage" type="text" id="txtProductImage">
  </p>
  <p>Size
    <input name="txtProductSize" type="text" id="txtProductSize">
  </p>
    <p>Description
    <input name="txtProductDesc" type="text" id="txtProductDesc">
  </p>
    <p>Price
    <input name="txtProductPrice" type="text" id="txtProductPrice">
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>

 

The action script

<?php
  //Include the connection details, open $connection and select database
include ("connection.php");
   
$newProductName = $_POST['txtProductName'];
$newProductCat = $_POST['txtProductCat'];
$newProductCategory = $_POST['txtProductCategory'];
$newProductImage = $_POST['txtProductImage'];
$newProductSize = $_POST['txtProductSize'];
$newProductDesc = $_POST['txtProdectDesc'];
$newProductPrice = $_POST['txtProductPrice'];

   
$query = "INSERT INTO Product (ProductName, ProductCat, ProductCategory, ProductImage, ProductSize, ProductDesc, ProductPrice) VALUES ('$newProductName', '$ProductCat', '$ProductCategory', '$newProductImage', '$newProductSize', '$newProductDesc', '$newProductPrice')"; 

// (4) Run query through connection
$result = mysql_query($query);

// (5) print message with ID of inserted record    
header("Location: productReceipt.php?"."ProductID=". mysql_insert_id($connection));   
        
// (6) close connection 
    mysql_close($connection);     

?>

 

Thank you

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

Your query is suseptable to SQL query injection (A nasty nasty thing). ALWAYS make sure to sanitize the data once retrieved from POST. Place this above in your action script:

 

include ("connection.php");
   
//Sanitize data for input
if(get_magic_quotes_gpc()):
    $_POST = array_map('stripslashes', $_POST); 
}
$_POST = array_map('mysql_real_escape_string', $_POST);

//Retrieve clean $_POST data.
$newProductName = $_POST['txtProductName'];
$newProductCat = $_POST['txtProductCat'];
$newProductCategory = $_POST['txtProductCategory'];
$newProductImage = $_POST['txtProductImage'];
$newProductSize = $_POST['txtProductSize'];
$newProductDesc = $_POST['txtProdectDesc'];
$newProductPrice = $_POST['txtProductPrice'];

 

EDIT: Updated code.

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

Thanks for the response..

 

Buddski - I tried your suggestion, it doesn't bring up an error or whats wrong, it just adds the other fields into the db.

 

oni-kun - I add your suggested code and it still does the same.

 

Thanks again

 

I assumed the previous message would have brought it to light, But you should keep the code I stated as you're allowing people to directly post into your database if not.

Link to comment
Share on other sites
Buddski Newbie

Buddski

Posted
Posted

The problem is your query is calling variables that dont exist..

Your query is calling for '$ProductCat', '$ProductCategory' yet you have them defined as $newProductCat etc..

 

Edit: and your defining of the description has a typo..

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.