Jump to content

joining form data to make query


Go to solution Solved by Barand,

Recommended Posts

hi, ive just started learning php and sql yesterday. im building a timesheets webpage for employees

 

i want to know how to join the 'totalhours' to "totalminutes' and then put it in the query as one value?

eg the databse will store 5.25 or 3.75 etc. the employees will type an hour (eg 5 or 3 ) and then click a radio button that says 15mins or 45mins 

 

here is the code so far:

 

PHP

 

$sql="INSERT INTO Persons (notes, starttime, date, finishtime, totalhours, company, breaktime)

VALUES

('$_POST[notes]','$_POST[starttime]','$_POST[date]','$_POST[finishtime]','$_POST[totalhours]',

'$_POST[comp]','$_POST[breaktime]')";

 

 

HTML


        <form action="submittimesheet.php" method="post">

            

            company<input type="text" name="comp"><br>

            date<input type="date" name="date"><br>

            start time <input type="time" name="starttime">

            finish time <input type="time" name="finishtime"><br>

            total break time<input type="text" name="breaktime"><br>

            total hours worked<input type="text" name="totalhours">(number from 1-10)<br>

            total minutes worked: <br>

            <input type="radio" value="0" name="totalminutes">0<br>

            <input type="radio" value="25" name="totalminutes">15<br>

            <input type="radio" value="50" name="totalminutes">30<br>

            <input type="radio" value="75" name="totalminutes">45<br>

            notes<input type="text" name="notes" style="height: 50px;"><br>

            <input type="submit">


 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/282118-joining-form-data-to-make-query/
Share on other sites

sorry i need to explain, can you write what i should paste into the code directly? i know its a = b + c. but i dont know how to code that. is it:

 

 

'$_POST[totalhours]' + '$_POST[totalminutes]'

 

 

 

 

or do i join them as strings -  i will need to get the decimal point in there for the query?

 

'$_POST[totalhours]' . "." . '$_POST[totalminutes]'

  • Solution

Just use the arithmetic, no string concatenation required.

 

Try it out for yourself - rocket science it ain't

$b = 5; // hours
$c = .25; // mins
$a = $b + $c; // add them
echo $a; // see the result --> 5.25
Edited by Barand

Variables inside single quotes don't work

 

eg

$string1 = "happy";
$string2 = "birthday";

echo '$string1' . " " . '$string2'; // --> $string1 $string2
echo "$string1 $string2";           // --> happy birthday
echo $string1 . ' ' . $string2;     // --> happy birthday

awesome. ok, so im going to guess how to submit this to the database -  my php will be:

 

$string1 = $_POST[string1];

$string2 = $_POST[string2];

$string3 = $string1 . ' ' . $string2;

 

$sql="INSERT INTO MyTable (date, notes)
VALUES
('$_POST[date]','$string3')";

 


Numerics can be sanitized with intval() or floatval().

 

In a manner of speaking.

 

You can't just cast to integer using intval and  put the result in the query, that would replace "hello" with zero, which would be bad.

You can't do the simple ($suspect == intval($suspect)) trick either, because comparing to an integer will cause the other side to be cast too, and you're back at zero==zero.

You have to cast everything to string and then compare:

 

$suspect = (string) 'hello';
$safe = (string) intval($suspect);
 
if ($suspect == $safe) {
    echo $suspect . ' equals ' . $safe . "<br/>";
}
else {
    echo $suspect . ' does not equal' . $safe . "<br/>";
}

 

In a manner of speaking.

 

You can't just cast to integer using intval and  put the result in the query, that would replace "hello" with zero, which would be bad.

So are you saying that writing "hello" to a numeric type column would be better than writing 0?

 

If the input is supposed to be an integer then intval() will ensure it really is.

 


So are you saying that writing "hello" to a numeric type column would be better than writing 0?

 

Of course :)

If you try to insert "hello" into a numeric column, the database will refuse the query and your application will let the user know that whatever he was trying to do didn't work. Your data remains in tact and the user can fix the problem, or email you to fix a bug.

If you use intval() then PHP will change "hello" to 0, the query will work, the user thinks he has successfully stored "hello". But he hasn't,the data is corrupt and you get to fix the consequences.

 

Naturally it's already bad that "hello" ever made it to the query where an integer value is expected, but the database is the last line of defense against the thousands of ways in which your script can fail at sending the correct data to the query. If you modify the data just to stop the database from telling you that you're doing it wrong... wel... :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.