insert a variable into a database

[garydt]

Hi

I have a form which a logged in user fills in. When it is submitted I want the variable of MM_Username to be stored in the database as later on i want to search the database by the username. Please can you tell me how i can insert the variable of MM_Username into the database?

[Psycho]

Based on your question I woulld have to assume you have not written any code working with a database. In that case trying to describe the entire process in a forum post would be difficult. There are plenty of tutorials out there one the process.

 

Here are a few:

 

http://www.freewebmasterhelp.com/tutorials/phpmysql

http://www.php-mysql-tutorial.com/

http://www.webmonkey.com/programming/php/tutorials/tutorial4.html

[garydt]

Thanks. I've looked at those links and understand how to insert data into database.  I can enter data from a form but i can't enter the MM_Username too. Here's the code-

 

<?php

session_start();

?>

<?php require_once('Connections/registration.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

 

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

  $insertSQL = sprintf("INSERT INTO information (favsong) VALUES (%s)",

                      GetSQLValueString($_POST['textfield'], "text"));

  ("INSERT INTO information (usernm) VALUES ($_SESSION['MM_Username'])");

 

  mysql_select_db($database_registration, $registration);

  $Result1 = mysql_query($insertSQL, $registration) or die(mysql_error());

 

  $insertGoTo = "recordin.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title>

</head>

 

<body>

<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">

  <label>song

  <input type="text" name="textfield" />

  </label>

  <p>

    <label>

    <input type="submit" name="Submit" value="Submit" />

    </label>

  </p>

  <input type="hidden" name="MM_insert" value="form1">

</form>

<body>

</html>

 

[hitman6003]

Why is this query just floating in the middle of nowhere?

 

 ("INSERT INTO information (usernm) VALUES ($_SESSION['MM_Username'])");

 

I'm assuming you want something like:

 

$insertSQL = sprintf("INSERT INTO information (usernm, favsong) VALUES (%s, %s)", $_SESSION['MM_Username'], GetSQLValueString($_POST['textfield'], "text"));

[garydt]

Thanks for the reply.

I copied that piece of code you suggested and it worked, but when the form was submitted i get this-

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 'testing')' at line 1

[garydt]

I tried it again with the  MM_Username variable as garydt and when the form is submitted this error comes up-

 

Unknown column 'garydt' in 'field list'

 

What does it mean?

[camdagr81]

The problem is that  you're not quoting your field and variable names.

//Set the username as a variable
$uname = $_SESSION['MM_Username'];

("INSERT INTO `information` (`usernm`) VALUES ('$uname')")

[garydt]

I put that code in and when i tried it i get this error-

Unknown column '$uname' in 'field list'

 

This is the piece of code-

 

 

//Set the username as a variable

$uname = $_SESSION['MM_Username'];

 

 

 

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

    $insertSQL = sprintf("INSERT INTO information (usernm, favsong) VALUES (%s, %s)", ('$uname'), GetSQLValueString($_POST['textfield'], "text"));

 

 

  mysql_select_db($database_registration, $registration);

  $Result1 = mysql_query($insertSQL, $registration) or die(mysql_error());

 

[garydt]

Has anyone got any suggestions?

[Psycho]

It sounds as if the resulting query is not what you think it is. Echo the query to the page before running it to verify it's contents.

[garydt]

I'm still having problems. I know MM_Username has a variable because i can echo it to the screen (garydt). I've tried inserting MM_Username as a variable and as a string and i get errors both ways. The latest error i have is-

garydtYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1

 

The code is-

<?php

  session_start();

  ?>

<?php require_once('Connections/registration.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

 

//Set the username as a variable

$uname = $_SESSION['MM_Username'];

echo $uname;

 

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

$insertSQL = sprintf("INSERT INTO information (favsong, usernm) VALUES (%s, '$s)", $_SESSION['MM_Username'], GetSQLValueString($_POST['textfield'], "text"));

 

  mysql_select_db($database_registration, $registration);

  $Result1 = mysql_query($insertSQL, $registration) or die(mysql_error());

 

  $insertGoTo = "recordin.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title>

</head>

 

<body>

<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">

  <label>song

  <input type="text" name="textfield" />

  </label>

  <p>

    <label>

    <input type="submit" name="Submit" value="Submit" />

    </label>

  </p>

  <input type="hidden" name="MM_insert" value="form1">

</form>

</body>

</html>

 

Is it possible to insert a variable/string and data from a form into the same record of a database?

[Psycho]

It sounds as if the resulting query is not what you think it is. Echo the query to the page before running it to verify it's contents.

 

And post the query as printed to the page here.

[garydt]

Sorry for being stupid but how do i echo the query?

[Psycho]

Put this after you set the value for $insertSQL:

 

echo $insertSQL;

[camdagr81]

I tried to simplify what you're trying to do and maybe this will work. Try leaving the sprintF and the variable typing alone and see if that works:

 

 

//Set the username as a variable
$uname = $_SESSION['MM_Username'];
$favsong = "Whatever your $_POST is for the favsong";


if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
   $insertSQL = "INSERT INTO `information` (`usernm`, `favsong`) VALUES ('$uname', '$favsong')";  
   mysql_select_db($database_registration, $registration);
   $Result1 = mysql_query($insertSQL) or die(mysql_error());
}

[garydt]

Thanks for the replies.

 

I echoed the query and got this-

INSERT INTO information (favsong, usernm) VALUES (, )You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' )' at line 1

-------

 

What i want to happen is when the logged in user submits the form, the data he has entered is inserted into 'favsong' and his username (that he entered on a previous page) is inserted into 'usernm' but i can't get it to work.

[Psycho]

Well, you are either not setting the values of $_SESSION['MM_Username'] and $_POST['textfield'] correctly or you are not referencing them correctly. In any event those variables appear to have no value on this page. Your problem lies elsewhere.

[garydt]

I'm still having trouble with this. I got a new error-

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES ('love me tonite', garydt)' at line 1

 

love me tonite' is what was entered in the form and 'garydt' is the mm_username,  both of which i'm trying to insert into a row of a database.  The code is-

 

<?php

session_start();

?>

<?php require_once('Connections/registration.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

 

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

  $insertSQL = sprintf("INSERT INTO info (favsong, usernm,) VALUES (%s, %s)",

                      GetSQLValueString($_POST['textfield'], "text"), $_SESSION['MM_Username']);

 

  mysql_select_db($database_registration, $registration);

  $Result1 = mysql_query($insertSQL, $registration) or die(mysql_error());

 

  $insertGoTo = "recordin.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title>

</head>

 

<body>

<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">

  <label>song

  <input type="text" name="textfield" />

  </label>

  <p>

    <label>

    <input type="submit" name="Submit" value="Submit" />

    </label>

  </p>

  <input type="hidden" name="MM_insert" value="form1">

</form>

<p><?php echo $_SESSION['MM_Username']; ?></p>

</body>

</html>

 

[garydt]

If this can't be done then is there another way?

 

[redarrow]

$insertSQL = sprintf("INSERT INTO `info` (`favsong`, `usernm`) VALUES ('%s', '%s')",

 

[garydt]

I did what you said and i got this-

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''favsong', 'usernm') VALUES ('hurt', garydt)' at line 1

 

As you can see, it's picking up the values but i don't know what syntax to use.