3 Replies - 497 Views - Last Post: 16 May 2011 - 07:20 AM Rate Topic: -----

#1 carmelraj  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 50
  • Joined: 28-April 11

problem in insertion using php

Posted 15 May 2011 - 11:18 PM

if (isset($_SESSION['User']))
{
 
if (isset($_GET['Submit']) && $_GET['Submit'] == 'Submit')
{
$query="insert into adv4 (co_id, order_id, bookingf_no, cname, amount, no_of_issues, balance) values ('$_GET[company_id]', '$_GET[order_id]', '$_GET[bookingf_no]', '$_GET[cname]', '$_GET[amount]', '$_GET[a]','$_GET[balance_payed]')";
mysql_query($query) or die('Errors in sql'.mysql_error());



                                                                                
$sql="insert into adv (co_id, order_id, bookingf_no, cname, amount, no_of_issues, balance, adv_size_one, date1, remark1, adv_size_two, date2, remark2, adv_size_three, date3, remark3, adv_size_four, date4, remark4, adv_size_five, date5, remark5) values ('$_GET[id]', '$_GET[order_id]', '$_GET[bookingf_no]', '$_GET[cname]', '$_GET[no_of_issues]', '$_GET[amount]', '$_GET[balance_payed]', '$_GET[size1]', '$_GET[publish_date_one]', '$_GET[remark1]', '$_GET[size2]', '$_GET[publish_date_two]', '$_GET[remark2]', '$_GET[size3]', '$_GET[publish_date_three]', '$_GET[remark3]', '$_GET[size4]', '$_GET[publish_date_four]', '$_GET[remark4]', '$_GET[size5]', '$_GET[publish_date_five]', '$_GET[remark5]')";
if (mysql_query($sql))
{
       $add_id=mysql_insert_id();
       
echo "<script>window.location.href='cheque_details.php?adv_id=$add_id&order_id=order_id'</script>";


}
die('Error: ' . mysql_error());

}



While trying to insert the values there is a problem coming... i am inserting values on two tables... the problem in conditions for submit. if i remove that condition it show error . There are two tables adv and adv4. IF the condition is given value is inserted only in adv4 tabes. if i take the condition then values is inserted only in adv table.. i don't know what is the problem.... the codition and code i sended plz see it..

This post has been edited by Dormilich: 16 May 2011 - 02:06 AM
Reason for edit:: pretty print formatting


Is This A Good Question/Topic? 0
  • +

Replies To: problem in insertion using php

#2 japanir  Icon User is offline

  • jaVanir
  • member icon

Reputation: 1011
  • View blog
  • Posts: 3,025
  • Joined: 20-August 09

Re: problem in insertion using php

Posted 16 May 2011 - 01:43 AM

I am not sure that is a valid syntax..
Correct me if I'm wrong, but I think that in order to access a $_GET variable you should add '' inside, like so:
$_GET['remark5']

also, I am not sure if you can use it likse that in a string. I think you have to concat with a '.' like:
"values(".$_GET['id'].", ".$_GET['order_id'].", ..."


I am not sure what that means:

Quote

the problem in conditions for submit

Was This Post Helpful? 0
  • +
  • -

#3 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3576
  • View blog
  • Posts: 10,441
  • Joined: 08-June 10

Re: problem in insertion using php

Posted 16 May 2011 - 02:03 AM

View Postjapanir, on 16 May 2011 - 10:43 AM, said:

I am not sure that is a valid syntax..
Correct me if I'm wrong, but I think that in order to access a $_GET variable you should add '' inside, like so:
$_GET['remark5']

also, I am not sure if you can use it likse that in a string. I think you have to concat with a '.' like:
"values(".$_GET['id'].", ".$_GET['order_id'].", ..."

inside string is the only allowed possibility to used that syntax, although it is bad practice. you can either use string concatenation (as demonstrated) or wrap the array call in curly braces ("bla {$array['key']} blubb").

nevertheless, it all poses the opportunity for SQL Injection attacks.

@carmelraj: you should definitely think about a better table design, you have 3 columns that repeat 5 times with a different number. it is very likely that those have a near identical purpose and thus should be moved out of the main table.

This post has been edited by Dormilich: 16 May 2011 - 02:10 AM

Was This Post Helpful? 0
  • +
  • -

#4 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3099
  • View blog
  • Posts: 10,887
  • Joined: 08-August 08

Re: problem in insertion using php

Posted 16 May 2011 - 07:20 AM

*** OBLIGATORY WARNING ABOUT SQL INJECTION ATTACKS ***
You're begging to have your site hacked. Use prepared statements if you're going to put user supplied data directly into a query.
***
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1