11 Replies - 767 Views - Last Post: 03 May 2011 - 01:50 PM Rate Topic: -----

#1 carmelraj  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 50
  • Joined: 28-April 11

problem in inserting the values into mysql database

Posted 03 May 2011 - 05:49 AM

There is a problem when i am trying to inserting the vales. The data is not inserted into mysql databases it is not showing any error . I don't know what problem.

<?php 
setcookie("userid", $id, time()-60*60*24*30);
session_start();
require_once("dbconn.php");
$id=$_REQUEST['coid1'];
if(isset($_SESSION['User']))
{

 if (isset($_POST['Submit']) && $_POST['Submit'] == 'Submit')
{
$today = mktime(0,0,0,date("m"),date("d"),date("Y"));
$today=date("Y-m-d", $today);
 
$sql="insert into Advertisementt(co_id,publish_date,advertise_size,order_details_id,bookingf_no,page_no,rate)values('$id','$_POST[publish_date]','$_POST[size1]','$_POST[order_details_id]','$_POST[bookingf_no]','$_POST[page_no]','$_POST[rate]')";
mysql_query($sql) or die('Error: ' . mysql_error());
}
?>


Is This A Good Question/Topic? 0
  • +

Replies To: problem in inserting the values into mysql database

#2 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3390
  • View blog
  • Posts: 9,586
  • Joined: 08-June 10

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 05:55 AM

if it is not inserting the data, then there must be an error. can you confirm the DB connection?

PS. $today = date("Y-m-d");

PPS. you’re wide open to SQL Injection Attacks. at least run your values through mysql_real_escape_string() (though there are better possibilities)

This post has been edited by Dormilich: 03 May 2011 - 05:56 AM

Was This Post Helpful? 1
  • +
  • -

#3 carmelraj  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 50
  • Joined: 28-April 11

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 05:57 AM

$today is not included in database... that is i not needed ....
Was This Post Helpful? 0
  • +
  • -

#4 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3390
  • View blog
  • Posts: 9,586
  • Joined: 08-June 10

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 05:59 AM

View Postcarmelraj, on 03 May 2011 - 01:57 PM, said:

$today is not included in database... that is i not needed ....

but you get what I mean by that?
Was This Post Helpful? 0
  • +
  • -

#5 carmelraj  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 50
  • Joined: 28-April 11

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 06:02 AM

what is this mysql_real_escape_string() .... can u tell me.
Was This Post Helpful? 0
  • +
  • -

#6 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3390
  • View blog
  • Posts: 9,586
  • Joined: 08-June 10

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 06:08 AM

it is a way to avoid most of the SQL Injections, see mysql_real_escape_string() (there are also examples).
Was This Post Helpful? 0
  • +
  • -

#7 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3635
  • View blog
  • Posts: 5,756
  • Joined: 08-June 10

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 06:37 AM

View Postcarmelraj, on 03 May 2011 - 12:49 PM, said:

There is a problem when i am trying to inserting the vales. The data is not inserted into mysql databases it is not showing any error . I don't know what problem.


You should turn error reporting on. Running your code on a server that is configured to actually show errors, you get this:

Quote

Parse error: syntax error, unexpected $end in /opt/lampp/htdocs/test.php on line 18

You are missing the end } for the IF statement on line #6.

This is the reason why you should ALWAYS indent your code properly. It makes errors like these obvious, which saves a lot of time when you eventually make mistakes like these. I mean, just look what happens if I indent your code:
<?php

setcookie("userid", $id, time() - 60 * 60 * 24 * 30);
session_start();
require_once("dbconn.php");
$id = $_REQUEST['coid1'];
if (isset($_SESSION['User'])) {

    if (isset($_POST['Submit']) && $_POST['Submit'] == 'Submit') {
        $today = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
        $today = date("Y-m-d", $today);

        $sql = "insert into Advertisementt(co_id,publish_date,advertise_size,order_details_id,bookingf_no,page_no,rate)values('$id','$_POST[publish_date]','$_POST[size1]','$_POST[order_details_id]','$_POST[bookingf_no]','$_POST[page_no]','$_POST[rate]')";
        mysql_query($sql) or die('Error: ' . mysql_error());
    }
?>


It's obvious there that the IF block isn't closed.

This post has been edited by Atli: 03 May 2011 - 06:37 AM

Was This Post Helpful? 1
  • +
  • -

#8 carmelraj  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 50
  • Joined: 28-April 11

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 06:41 AM

i didn't send the full code... here is the full code.. the coding is not in proper order...
<?php 
setcookie("userid", $id, time()-60*60*24*30);
session_start();
require_once("dbconn.php");
$id=$_REQUEST['coid1'];
if(isset($_SESSION['User']))
{

 if (isset($_POST['Submit']) && $_POST['Submit'] == 'Submit')
{
//$today = mktime(0,0,0,date("m"),date("d"),date("Y"));
//$today=date("Y-m-d", $today);
 
$sql="insert into Advertisementt(co_id,publish_date,advertise_size,order_details_id,bookingf_no,page_no,rate)values('$id','$_POST[publish_date]','$_POST[size1]','$_POST[order_details_id]','$_POST[bookingf_no]','$_POST[page_no]','$_POST[rate]')";
mysql_query($sql) or die('Error: ' . mysql_error());
}
?>
<html>
<head>
<title>ksi-crm</title>
<link href="admin/styles.css" rel="stylesheet" type="text/css" />
<link href="admin/styles.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="calender/calendar.js"></script>
<script type="text/javascript" src="calender/calendar-en.js"></script>
<link href="calender/calendar-system.css" rel="stylesheet" type="text/css"/>
<link rel="stylesheet" type="text/css" media="all" href="calender/skins/aqua/theme.css" 
title="Aqua" />
<script type="text/javascript">
var oldLink = null;
// code to change the active stylesheet
function setActiveStyleSheet(link, title) {
  var i, a, main;
  for(i=0; (a = document.getElementsByTagName("link")[i]); i++) {
    if(a.getAttribute("rel").indexOf("style") != -1 && a.getAttribute("title")) {
      a.disabled = true;
      if(a.getAttribute("title") == title) a.disabled = false;
    }
  }
  if (oldLink) oldLink.style.fontWeight = 'normal';
  oldLink = link;
  link.style.fontWeight = 'bold';
  return false;
}

// This function gets called when the end-user clicks on some date.
function selected(cal, date) {
  cal.sel.value = date; // just update the date in the input field.
  if (cal.dateClicked && (cal.sel.id == "sel1" || cal.sel.id == "sel3"))
    // if we add this call we close the calendar on single-click.
    // just to exemplify both cases, we are using this only for the 1st
    // and the 3rd field, while 2nd and 4th will still require double-click.
    cal.callCloseHandler();
}

// And this gets called when the end-user clicks on the _selected_ date,
// or clicks on the "Close" button.  It just hides the calendar without
// destroying it.
function closeHandler(cal) {
  cal.hide();                        // hide the calendar
//  cal.destroy();
  _dynarch_popupCalendar = null;
}

// This function shows the calendar under the element having the given id.
// It takes care of catching "mousedown" signals on document and hiding the
// calendar if the click was outside.
function showCalendar(id, format, showsTime, showsOtherMonths) {
  var el = document.getElementById(id);
  if (_dynarch_popupCalendar != null) {
    // we already have some calendar created
    _dynarch_popupCalendar.hide();                 // so we hide it first.
  } else {
    // first-time call, create the calendar.
    var cal = new Calendar(1, null, selected, closeHandler);
    // uncomment the following line to hide the week numbers
    // cal.weekNumbers = false;
    if (typeof showsTime == "string") {
      cal.showsTime = true;
      cal.time24 = (showsTime == "24");
    }
    if (showsOtherMonths) {
      cal.showsOtherMonths = true;
    }
    _dynarch_popupCalendar = cal;                  // remember it in the global var
    cal.setRange(1900, 2070);        // min/max year allowed.
    cal.create();
  }
  _dynarch_popupCalendar.setDateFormat(format);    // set the specified date format
  _dynarch_popupCalendar.parseDate(el.value);      // try to parse the text in field
  _dynarch_popupCalendar.sel = el;                 // inform it what input field we use

  // the reference element that we pass to showAtElement is the button that
  // triggers the calendar.  In this example we align the calendar bottom-right
  // to the button.
  _dynarch_popupCalendar.showAtElement(el, "Br");        // show the calendar

  return false;
}

var MINUTE = 60 * 1000;
var HOUR = 60 * MINUTE;
var DAY = 24 * HOUR;
var WEEK = 7 * DAY;

// If this handler returns true then the "date" given as
// parameter will be disabled.  In this example we enable
// only days within a range of 10 days from the current
// date.
// You can use the functions date.getFullYear() -- returns the year
// as 4 digit number, date.getMonth() -- returns the month as 0..11,
// and date.getDate() -- returns the date of the month as 1..31, to
// make heavy calculations here.  However, beware that this function
// should be very fast, as it is called for each day in a month when
// the calendar is (re)constructed.
function isDisabled(date) {
  var today = new Date();
  return (Math.abs(date.getTime() - today.getTime()) / DAY) > 10;
}

function flatSelected(cal, date) {
  var el = document.getElementById("preview");
  el.innerHTML = date;
}

function showFlatCalendar() {
  var parent = document.getElementById("display");

  // construct a calendar giving only the "selected" handler.
  var cal = new Calendar(0, null, flatSelected);

  // hide week numbers
  cal.weekNumbers = false;

  // We want some dates to be disabled; see function isDisabled above
  cal.setDisabledHandler(isDisabled);
  cal.setDateFormat("%A, %B %e");

  // this call must be the last as it might use data initialized above; if
  // we specify a parent, as opposite to the "showCalendar" function above,
  // then we create a flat calendar -- not popup.  Hidden, though, but...
  cal.create(parent);

  // ... we can show it here.
  cal.show();
}
</script>
<style type="text/css">
<!--
.style3 {
	color: #FF3300;
	font-weight: bold;
	font-size: 24px;
}
.style7 {color: #FF0000}
.style8 {color: #0000FF}
.style9 {
	color: #FF0000;
	font-weight: bold;
	font-size: 18px;
}
-->
</style>

</head>

<body>
<table width="100%" height="100%" border="0" align="center" cellpadding="0" cellspacing="3" bgcolor="#CCCCCC">
<tr>
    <td width="100%" height="52" align="center" valign="middle"><table width="714" border="0" align="left" cellpadding="0" cellspacing="0">
      <tr>
        <td width="239" align="left"></td>
        <td width="475" align="center"><span class="style3">KARNATAKA STATE INDUSTRIAL TIMES</span></td>
      </tr>
    </table></td>
    <td width="0%" align="center" valign="bottom" ></td>
</tr>
  <tr align="center">
    <td height="27" colspan="2" valign="bottom"><table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="19%"><span class="style7">Welcome</span> <span class="style8"><?php echo $_SESSION['User']; ?></span></td>
    <td width="37%">&nbsp;</td>
    <td width="19%">&nbsp;</td>
    <td width="25%" align="left" class="style7"><a href="change_password.php" class="style7">Change Password</a>&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;<a href="logout.php" class="style7">Logout</a></td>
  </tr>
</table>
</td>
  </tr>
  <tr>
  <td height="94" valign="middle" align="center"><?php include_once("menu.php");?></td>
  </tr>
  <tr>
    <td height="115" colspan="2" align="center" class="text">
		<table width="37%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td align="center"><span class="style9">ADVERTISEMENT DETAILS </span></td>
  </tr>
</table>

<?php
$query1=mysql_query("SELECT order_id FROM order_details WHERE co_id='$id'")or die(mysql_error());
$row=mysql_fetch_array($query1) or die(mysql_error());

$query2=mysql_query("SELECT bookingf_no FROM order_details WHERE co_id='$id'") or die(mysql_error());
$row1=mysql_fetch_array($query2) or die(mysql_error());
?>
<form name="order" method="post" action="#" style="padding:5px;" enctype="multipart/form-data">
      <table width="55%" border="1" bgcolor="#f4f4f4" cellpadding="0" cellspacing="0" bordercolor="#003E45">
        <tr>
          <td height="284" align="center" valign="top">
		  <table width="100%" border="0" cellpadding="0" cellspacing="4" style="font:Arial, Helvetica, sans-serif; font-size:12px; font-weight:500; color:#005761;">
              <tr>
              <td height="35" align="right">COMPANY ID :</td>
              <td>
                <input type="text" name="company_id" id="company_id" disabled="disabled" value="<?php echo $id; ?>">
              </td>
            </tr>

            <tr>
              <td height="22" align="right">PUBLISH DATE : </td>
              <td><label>
       <input type="text" name="publish_date" id="publish_date" />
          <img src="calender.jpg" width="20" height="18" onclick="return showCalendar('publish_date', '%Y-%m-%d ', '12');"/>
          </label></td>
            </tr>
            <tr>
              <td height="22" align="right">ADVERTISEMENT SIZE : </td>
              <td>
                 <select name="size1">
                     <option value="0"><--SELECT SIZE--></option>
                     <option value="2250">1/4 col-Any Page</option>	
		     <option value="4150">2 1/4 col-Any Page</option>
		     <option value="3950">1/2 col-Any Page</option>
	             <option value="7250">2 1/2 col-Any Page</option>
		     <option value="10000">3 1/2 col-Any Page</option>
		     <option value="15500">Half Page -Any Page</option>
		     <option value="28500">Full Page -Any Page</option>
		     <option value="13000">1/2 col-Page 3</option>
		     <option value="9425">2 1/2 col-Page 3</option>
		     <option value="5395">2 1/4 col-Page 3</option>
		     <option value="37000">Full Page -Back Page</option>
                 </select>
                   <input type="hidden" name="size2">
              </td>
            </tr>
            <tr>
              <td height="22" align="right">ORDER DETAIL ID : </td>
              <td><input type="text" name="order_details_id" readonly="readonly" value="<?php echo $row['order_id']; ?>" > </td>
            </tr>
            <tr>
              <td height="22" align="right">BOOKING FORM NO : </td>
              <td><input type="text" readonly="readonly" name="bookingf_no" value="<?php echo $row1[bookingf_no];?>"></td>
            </tr>
			<tr>
              <td height="22" align="right">PAGE NO :  </td>
              <td><input type="text" name="page_no"></td>
            </tr>
			<tr>
              <td height="22" align="right">RATE : </td>
              <td><input type="text" name="rate"></td>
            </tr>
            
			 <tr>
              <td height="37" align="right"><label>
                <input type="button" name="Back" value="Back" onclick="history.go(-1);return true;">
                <input type="submit" name="Next" value="Next">
              </label></td>
              <td><input type="Reset" name="Reset" value="Reset"></td>
            </tr>
          </table></td>
        </tr>
      </table>
    </form>
		
	</td>
  </tr>
  <tr>

  </tr>
 
  <tr>
    <td colspan="2">
    </table>
</body>
</html>
<?php
}
else 
{
echo "<br><a href='index.php'>Click here to Login</a><br>";

}
?>


Was This Post Helpful? 0
  • +
  • -

#9 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3635
  • View blog
  • Posts: 5,756
  • Joined: 08-June 10

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 07:04 AM

Ok. It would be helpful if you could point minor details like that out from the start. Would save a lot of time.

Anyways...
Before you attempt the insert, you do:
if (isset($_POST['Submit']) && $_POST['Submit'] == 'Submit')

Presumably to verify that the form was submitted. The problem is that your form has no such submit button. Your submit button looks like this:
<input type="submit" name="Next" value="Next">

Which means that no matter what, your form won't trigger the update.


It's generally not a good idea to use a submit button to verify that a form has been submitted. They are unreliable, as they are not always sent with the data. (Like, in some cases, if you use the enter button to submit it when another input has focus.)

Instead, you should verify the data. That is, after all, what your code needs to bet set.
if (isset($_POST['data1'], $_POST['data2'], $_POST['etc...'])) { ... }


Was This Post Helpful? 0
  • +
  • -

#10 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 943
  • View blog
  • Posts: 2,353
  • Joined: 15-February 11

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 08:29 AM

View PostAtli, on 03 May 2011 - 10:04 AM, said:

It's generally not a good idea to use a submit button to verify that a form has been submitted. They are unreliable, as they are not always sent with the data. (Like, in some cases, if you use the enter button to submit it when another input has focus.)

Instead, you should verify the data. That is, after all, what your code needs to bet set.
if (isset($_POST['data1'], $_POST['data2'], $_POST['etc...'])) { ... }



Just to throw in my 2 cents...

die isn't a very user-friendly way to handle errors and it exposes your site's internals.

Check out set_error_handler to set a function to handle the errors on your own.

@Atli
I found that assigning a random key to a form each time it's generated is a better way to ensure that the data came from a form on your website.
<form ... >
	...
	<input type="hidden" name="key" value="<?php echo generateRandomKey();/*user-defined function*/ ?>" />
	...
</form>


Was This Post Helpful? 1
  • +
  • -

#11 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3635
  • View blog
  • Posts: 5,756
  • Joined: 08-June 10

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 08:56 AM

View Postcodeprada, on 03 May 2011 - 03:29 PM, said:

@Atli
I found that assigning a random key to a form each time it's generated is a better way to ensure that the data came from a form on your website.

That's a good method, but it's not at all what I was aiming for. My only goal with the isset function is to ensure that the data was passed, regardless of where it came from. Constraining the source of the data is a totally different headache :)

Edit: Worth pointing out that even with the random key to verify the source, it's still a good idea to use isset() to make sure the data was actually sent. Assuming input data exists without actually making sure it does can cause real problems.


I agree with you on the die function. It's really not a good idea to use it the way most people do. I mean, instead of doing:
mysql_query($sql) or die(mysql_error())

People would be much better of doing:
mysql_query($sql) or trigger_error(mysql_error(), E_USER_ERROR);

It could be channeled into a log file and the user would never have to see it.

This post has been edited by Atli: 03 May 2011 - 09:03 AM

Was This Post Helpful? 1
  • +
  • -

#12 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3390
  • View blog
  • Posts: 9,586
  • Joined: 08-June 10

Re: problem in inserting the values into mysql database

Posted 03 May 2011 - 01:50 PM

View PostAtli, on 03 May 2011 - 04:56 PM, said:

I agree with you on the die function. It's really not a good idea to use it the way most people do.

totally right, that’s why I love Exceptions.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1