Jump to content

Recommended Posts

Hello,

I'm trying to concatenate a number split in 3 different text boxes and then compare it against the id value stored in the database and store in a variable so that the corresponding id number can be used in an insert statement, but i don't where i seem to go wrong.If any one could help me with this, it would be really helpful.

Thanks.

 

 

 

aggr_nr = $_REQUEST['list_nr_01'].$_REQUEST['list_nr_02'].$_REQUEST['list_nr_03'];

$sql="SELECT v.id FROM vers_einl_aggregatenumber AS v WHERE v.aggr_nr = '".$aggr_nr."'";//missing Quotes

$aggr_id = @mysql_query($sql);

$result = @mysql_fetch_array($aggr_id);

$test= $_get[$result['id']];

Link to comment
https://forums.phpfreaks.com/topic/270076-storing-query-result-to-a-variable/
Share on other sites

Stop suppressing errors, see the link in my signature about SQL. 

 

The big problem is your last line. $_get is nothing. $_GET is the superglobal array holding the query string keys and values. It has nothing to do with your MySQL stuff. Look at the examples in my link and in the php manual.

and... aggr_nr is not the same as $aggr_nr

 

aggr_nr = $_REQUEST['list_nr_01'].$_REQUEST['list_nr_02'].$_REQUEST['list_nr_03'];
$sql="SELECT v.id FROM vers_einl_aggregatenumber AS v WHERE v.aggr_nr = '".$aggr_nr."'";//missing Quotes

Edited by mikosiko

thanks a lot for your help.I figured it out where the mistake was..as jessica suggested $_get does not store the variables.But now I'm able to retrieve the id values from the database and when i try to insert, they go into the columns as "0".A bigger problem :(

The primary key which is the id is set to auto increment. Here's the code...

 

 if($_POST['formSubmit'] == "Submit")
{
//appending the date to store in the database.
$entry_date_array = array($_REQUEST["year"],$_REQUEST["month"],$_REQUEST["day"]);
$entry_date = implode('-', $entry_date_array);
echo "$entry_date";
//appending aggr nr and fetching the id from the database.
$aggr_nr = $_REQUEST['list_nr_01'].$_REQUEST['list_nr_02'].$_REQUEST['list_nr_03'];
$sql="SELECT v.id FROM aggregatenumber AS v WHERE v.aggr_nr = '".$aggr_nr."'";//missing Quotes
$aggr_id = @mysql_query($sql);
$result = @mysql_fetch_array($aggr_id);
$test= $result['id'];
echo "$test";


$sql_einl_sp = "INSERT INTO search_parts(entry_date,aggr_nr)values('".$entry_date."','".$test."')";
$result_einl_sp = @mysql_query($sql_einl_sp);

if ($result_einl_sp == false) die("
Could not execute statement ".$sql_einl_sp);
@mysql_close();
}

 

Html Code

-----

 

<body>

<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">

 

<h>Save Information</h>

<input type="submit" name="formSubmit" value="Submit" />

<input type="submit" name="btncancel" value="Cancel"/>

</form>

 

</body>

Edited by rrahulr

dont use mysql_error() create a php.ini file if there isnt one already, and enter into it:

 

display_errors = on
error_reporting = -1

 

That will put up every possible error in your code - PS: this probably wont work if your suppressing the errors.

@White_Lily

 

That's great for PHP errors, but has absoloutly nothing to do with MySQL errors returned from the database. Your talking about two completly different things mysql_error() should alway be used when running mysql transactions, echoed in development and loged in production.

 

also......I've never come accross a PHP installation that didn't have a php.ini file....does it even run without it? :o

 

 

@rrahulr

Could you try this slight modification and let us know what you get back? Also, a breakdown of your table structure would be right handy.

 

if($_POST['formSubmit'] == "Submit")
{
//appending the date to store in the database.
$entry_date_array = array($_REQUEST["year"],$_REQUEST["month"],$_REQUEST["day"]);
$entry_date = implode('-', $entry_date_array);
echo "$entry_date";
//appending aggr nr and fetching the id from the database.
$aggr_nr = $_REQUEST['list_nr_01'].$_REQUEST['list_nr_02'].$_REQUEST['list_nr_03'];

$sql_einl_sp = "INSERT INTO search_parts (entry_date, aggr_nr) VALUES ('$entry_date', (SELECT agg.id FROM aggregatenumber AS agg WHERE agg.aggr_nr = '$agg_nr'))";
$result_einl_sp = mysql_query($sql_einl_sp);

if ($result_einl_sp === false) {
die("Could not execute statement ".$sql_einl_sp);
}
else{
//just for testing
$rowOut = mysql_affected_rows();
echo ("Query complete :<br>$rowOut rows inserted by the following :<br>$sql_einl_sp";
}

White_Lily: All webhosts use a php.ini file, whether or not you have access to edit. All hosts I'm using have a user-specific php.ini which I can edit to my hearts contents.

Some, cheaper hosts, have only one php.ini for all of their customers. Which means that they're probably also running the Apache process under a generic user, which has access to all of the users' web roots. This is probably what your host is doing, but has allowed you to override some of the settings via a custom php.ini file in your web root. First time I've heard of it. btw.

 

I'm not saying that most hosts do it this way, or the other, just that you should be careful what you state as a fact based upon a very limited experience.

 

rrahulr: Your scripts are vulnerable to SQL injections as well, since you're neither typecasting or using mysql_real_escape_string () to ensure the user provided data is safe for inclusion in the SQL query. You should also research input validation, so that you can tell your users when they've posted invalid data, and give them a chance to fix it.

 

As for your use of $_SERVER['PHP_SELF'], please see this post.

 

First and foremost, it bears to repeat: Don't hide your errors, but fix them.

Edited by Christian F.

Just a little update to this statement:

Any fields in MySQL that's defined as AUTO_INCREMENT must be the PRIMARY KEY, otherwise the engine will error out on the creation query.

Seems my recollection was a bit off, as the error message states "a key", and not "primary key". Sorry about that. :( Thanks to mikosiko for reminding me about it.

 

In any case, if you set a field to be AUTO_INCREMENT chances are really high that you want it to be the primary key as well. ;)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.