joining form data to make query

[jasonlive]

hi, ive just started learning php and sql yesterday. im building a timesheets webpage for employees

 

i want to know how to join the 'totalhours' to "totalminutes' and then put it in the query as one value?

eg the databse will store 5.25 or 3.75 etc. the employees will type an hour (eg 5 or 3 ) and then click a radio button that says 15mins or 45mins 

 

here is the code so far:

 

PHP

 

$sql="INSERT INTO Persons (notes, starttime, date, finishtime, totalhours, company, breaktime)

VALUES

('$_POST[notes]','$_POST[starttime]','$_POST[date]','$_POST[finishtime]','$_POST[totalhours]',

'$_POST[comp]','$_POST[breaktime]')";

 

 

HTML

        <form action="submittimesheet.php" method="post">

            

            company<input type="text" name="comp"><br>

            date<input type="date" name="date"><br>

            start time <input type="time" name="starttime">

            finish time <input type="time" name="finishtime"><br>

            total break time<input type="text" name="breaktime"><br>

            total hours worked<input type="text" name="totalhours">(number from 1-10)<br>

            total minutes worked: <br>

            <input type="radio" value="0" name="totalminutes">0<br>

            <input type="radio" value="25" name="totalminutes">15<br>

            <input type="radio" value="50" name="totalminutes">30<br>

            <input type="radio" value="75" name="totalminutes">45<br>

            notes<input type="text" name="notes" style="height: 50px;"><br>

            <input type="submit">

 

 

 

 

[Barand]

The value passed for 15 mins is 0.25 so you can just add the the values together (5 + 0.25 = 5.25)

[jasonlive]

The value passed for 15 mins is 0.25 so you can just add the the values together (5 + 0.25 = 5.25)

sorry im very new to this language. what is the syntax to add them? do i put it on the PHP page or the HTML page?

[Barand]

PHP Syntax

$a = $b + $c;

http://www.php.net/manual/en/language.operators.arithmetic.php

[jasonlive]

PHP Syntax

$a = $b + $c;

http://www.php.net/manual/en/language.operators.arithmetic.php

sorry i need to explain, can you write what i should paste into the code directly? i know its a = b + c. but i dont know how to code that. is it:

 

 

'$_POST[totalhours]' + '$_POST[totalminutes]'

 

 

 

 

or do i join them as strings -  i will need to get the decimal point in there for the query?

 

'$_POST[totalhours]' . "." . '$_POST[totalminutes]'

[Barand]

Just use the arithmetic, no string concatenation required.

 

Try it out for yourself - rocket science it ain't

$b = 5; // hours
$c = .25; // mins
$a = $b + $c; // add them
echo $a; // see the result --> 5.25

Edited September 14, 2013 by Barand

[jasonlive]

thanks (working)! another question - after my coffee i realised - i want to know how to do it both ways. so how would i code this with concatenation?

[Barand]

Why would you want to with numeric values? Concatenation is for strings.

[jasonlive]

i just want to learn how to code. if they were strings, what would be the syntax?

is this correct?

$string1 = "happy";

$string2 = "birthday";

 

 

'$_POST[string1]' . " " . '$_POST[string2]' 

[Barand]

Variables inside single quotes don't work

 

eg

$string1 = "happy";
$string2 = "birthday";

echo '$string1' . " " . '$string2'; // --> $string1 $string2
echo "$string1 $string2";           // --> happy birthday
echo $string1 . ' ' . $string2;     // --> happy birthday

[jasonlive]

awesome. ok, so im going to guess how to submit this to the database -  my php will be:

 

$string1 = $_POST[string1];

$string2 = $_POST[string2];

$string3 = $string1 . ' ' . $string2;

 

$sql="INSERT INTO MyTable (date, notes)

VALUES

('$_POST[date]','$string3')";

[Barand]

Don't forget to sanitize all string inputs with mysqli_real_escape_string() before inserting them into your database. Numerics can be sanitized with intval() or floatval().

[vinny42]

 

Numerics can be sanitized with intval() or floatval().

 

In a manner of speaking.

 

You can't just cast to integer using intval and  put the result in the query, that would replace "hello" with zero, which would be bad.

You can't do the simple ($suspect == intval($suspect)) trick either, because comparing to an integer will cause the other side to be cast too, and you're back at zero==zero.

You have to cast everything to string and then compare:

 

$suspect = (string) 'hello';
$safe = (string) intval($suspect);
 
if ($suspect == $safe) {
    echo $suspect . ' equals ' . $safe . "<br/>";
}
else {
    echo $suspect . ' does not equal' . $safe . "<br/>";
}

[Barand]

 

In a manner of speaking.

 

You can't just cast to integer using intval and  put the result in the query, that would replace "hello" with zero, which would be bad.

So are you saying that writing "hello" to a numeric type column would be better than writing 0?

 

If the input is supposed to be an integer then intval() will ensure it really is.

[vinny42]

 

So are you saying that writing "hello" to a numeric type column would be better than writing 0?

 

Of course

If you try to insert "hello" into a numeric column, the database will refuse the query and your application will let the user know that whatever he was trying to do didn't work. Your data remains in tact and the user can fix the problem, or email you to fix a bug.

If you use intval() then PHP will change "hello" to 0, the query will work, the user thinks he has successfully stored "hello". But he hasn't,the data is corrupt and you get to fix the consequences.

 

Naturally it's already bad that "hello" ever made it to the query where an integer value is expected, but the database is the last line of defense against the thousands of ways in which your script can fail at sending the correct data to the query. If you modify the data just to stop the database from telling you that you're doing it wrong... wel...