Jump to content

Insert statement using $_GET


adi9

Recommended Posts

hi

i am having problems in using the $_GET function to insert into a database using php

i have given the value cid to customer_id which has successfully been sent from the previous script, however i am having problems in using it in this form could you please help?
my code is as follows
<?
if (isset($_POST['submit'])) { // Handle the form.

//require_once ('includes/mysql_connect.php'); // Connect to the database.


// Check for a subject
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['subject'])))) {
$s = escape_data($_POST['subject']);
} else {
$s = FALSE;
echo '<p><font color="red" size="+1">Please enter your subject!</font></p>';
echo $cid;
}

// Check for a message
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['message'])))) {
$m = escape_data($_POST['message']);
} else {
$m = FALSE;
echo '<p><font color="red" size="+1">Please enter your message!</font></p>';
echo $cid;
}


if ($s && $m) {
// CLOSE gets iid //OPEN if(isset($iid))

$query2 = ("SELECT * FROM user WHERE user.customer_id = '$cid'");
$result2 = mysql_query ($query2);
$row = mysql_fetch_array ($result2, MYSQL_ASSOC);

if ($result2)
{
if(isset($_GET['cid']))
{

$query = "INSERT INTO my_messages (customer_id, from_customer_id, subject, message, sent_date)
VALUES ('{$_GET['cid']',{$_SESSION['customer_id']},'$subject', '$message', NOW())";

$result = mysql_query ($query); // Run the query.
} else {
echo "didnt work";
}

if ($result) {

echo '<h1>Thank you!</h1>
You are now registered. Please Check your Email!';
//header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/viewit.php");
echo '<br>';

echo 'been sent';

exit();

} else {

echo '<h1>System Error</h1>
<p>You could not be registered due to a system error. We apologize for any inconvenience.</p>';
exit();
}
mysql_close();
} else {

echo '<center><h1>Error!<h1>';

}
echo '</p><p>Please try again.</p><p><br /></p></center>';

} // End of if .

} // End of the main Submit conditional.

?>
<table align ="center" width = "50%" bgcolor = "lightblue">
<tr>
<td align = "center" valign = "top">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<tr>
<th align="right" valign = "top">subject: </td>
<td><input type = "text" name = "subject" size="30" maxlength="40" value="<?php if (isset($_POST['subject'])) echo $_POST['subject']; ?>"></td>
</tr>
<tr>
<th align="right" valign = "top">Message: </td>
<td><textarea rows="10" cols="30" name = "message" value="<?php if (isset($_POST['message'])) echo $_POST['message']; ?>"></textarea></td>
</tr>
<tr>
</td>
<?
echo $cid;
?>
<td align = "center">
<center><div align="center"><input type="submit" name="submit" value="Send"/></div>
<input type="hidden" name="submitted" value="TRUE" /></center>
</form>
</td>
</tr>
</table>



thanx for the help in advance
Link to comment
Share on other sites

It's better to turn your $_GET's $_SESSION's and $_POST's invto other variable, for cleaner code. Also, it would be ideal to shoot them thru some kind of processing to make sure they are the right kind of values (ie, not injections)

For your problem, I would transfer your $_GET request into a variable firstly

$cid = $_GET['cid'];

try that. if it doesn't work, print out $query and print $cid. what do you get? if nothing, then you are passing it wrong.

always remember to print out everything you possibly can, even if it means adding more temporary code for dubugging. make sure everything's value is what its supposed to be.
Link to comment
Share on other sites

Change this...

$query = "INSERT INTO my_messages (customer_id, from_customer_id, subject, message, sent_date)
VALUES ('{$_GET['cid']',{$_SESSION['customer_id']},'$subject', '$message', NOW())";

to this...

$query = "INSERT INTO my_messages (customer_id, from_customer_id, subject, message, sent_date)
VALUES (" . $_GET['cid'] . ", " . $_SESSION['customer_id'] . ",'" . $subject . "', '" . $message . "', '" . NOW() . "')";

Now this is my preferred method of generating strings - i like to concatenate as the colours of teh text change in my scripting app so I can see what is where.

Your code however seems to be missing just a closing curly brace for the $_GET['cid'] bit - maybe put that in and see how it goes.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.