Jump to content

Archived

This topic is now archived and is closed to further replies.

adi9

Insert statement using $_GET

Recommended Posts

hi

i am having problems in using the $_GET function to insert into a database using php

i have given the value cid to customer_id which has successfully been sent from the previous script, however i am having problems in using it in this form could you please help?
my code is as follows
<?
if (isset($_POST['submit'])) { // Handle the form.

//require_once ('includes/mysql_connect.php'); // Connect to the database.


// Check for a subject
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['subject'])))) {
$s = escape_data($_POST['subject']);
} else {
$s = FALSE;
echo '<p><font color="red" size="+1">Please enter your subject!</font></p>';
echo $cid;
}

// Check for a message
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['message'])))) {
$m = escape_data($_POST['message']);
} else {
$m = FALSE;
echo '<p><font color="red" size="+1">Please enter your message!</font></p>';
echo $cid;
}


if ($s && $m) {
// CLOSE gets iid //OPEN if(isset($iid))

$query2 = ("SELECT * FROM user WHERE user.customer_id = '$cid'");
$result2 = mysql_query ($query2);
$row = mysql_fetch_array ($result2, MYSQL_ASSOC);

if ($result2)
{
if(isset($_GET['cid']))
{

$query = "INSERT INTO my_messages (customer_id, from_customer_id, subject, message, sent_date)
VALUES ('{$_GET['cid']',{$_SESSION['customer_id']},'$subject', '$message', NOW())";

$result = mysql_query ($query); // Run the query.
} else {
echo "didnt work";
}

if ($result) {

echo '<h1>Thank you!</h1>
You are now registered. Please Check your Email!';
//header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/viewit.php");
echo '<br>';

echo 'been sent';

exit();

} else {

echo '<h1>System Error</h1>
<p>You could not be registered due to a system error. We apologize for any inconvenience.</p>';
exit();
}
mysql_close();
} else {

echo '<center><h1>Error!<h1>';

}
echo '</p><p>Please try again.</p><p><br /></p></center>';

} // End of if .

} // End of the main Submit conditional.

?>
<table align ="center" width = "50%" bgcolor = "lightblue">
<tr>
<td align = "center" valign = "top">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<tr>
<th align="right" valign = "top">subject: </td>
<td><input type = "text" name = "subject" size="30" maxlength="40" value="<?php if (isset($_POST['subject'])) echo $_POST['subject']; ?>"></td>
</tr>
<tr>
<th align="right" valign = "top">Message: </td>
<td><textarea rows="10" cols="30" name = "message" value="<?php if (isset($_POST['message'])) echo $_POST['message']; ?>"></textarea></td>
</tr>
<tr>
</td>
<?
echo $cid;
?>
<td align = "center">
<center><div align="center"><input type="submit" name="submit" value="Send"/></div>
<input type="hidden" name="submitted" value="TRUE" /></center>
</form>
</td>
</tr>
</table>



thanx for the help in advance

Share this post


Link to post
Share on other sites
It's better to turn your $_GET's $_SESSION's and $_POST's invto other variable, for cleaner code. Also, it would be ideal to shoot them thru some kind of processing to make sure they are the right kind of values (ie, not injections)

For your problem, I would transfer your $_GET request into a variable firstly

$cid = $_GET['cid'];

try that. if it doesn't work, print out $query and print $cid. what do you get? if nothing, then you are passing it wrong.

always remember to print out everything you possibly can, even if it means adding more temporary code for dubugging. make sure everything's value is what its supposed to be.

Share this post


Link to post
Share on other sites
Change this...

$query = "INSERT INTO my_messages (customer_id, from_customer_id, subject, message, sent_date)
VALUES ('{$_GET['cid']',{$_SESSION['customer_id']},'$subject', '$message', NOW())";

to this...

$query = "INSERT INTO my_messages (customer_id, from_customer_id, subject, message, sent_date)
VALUES (" . $_GET['cid'] . ", " . $_SESSION['customer_id'] . ",'" . $subject . "', '" . $message . "', '" . NOW() . "')";

Now this is my preferred method of generating strings - i like to concatenate as the colours of teh text change in my scripting app so I can see what is where.

Your code however seems to be missing just a closing curly brace for the $_GET['cid'] bit - maybe put that in and see how it goes.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.