3 Replies - 300 Views - Last Post: 20 February 2013 - 07:24 AM Rate Topic: -----

#1 jordfc  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 16
  • Joined: 09-November 12

Problem with insert statement

Posted 19 February 2013 - 08:22 PM

Hi there, i am having trouble inserting form fields into a database, it inserts the first 3 columns then just leaves all the rest blank and cant figure out for the life of me why, any help is appreciated, thanks.

the table columns are..
user_id | p_id | p_name | p_category | p_category_refined | p_condition | p_end | p_start_price | p_buyout | p_description | p_trade

Here is the form code
<form name="form" id="form" class="form" action="listitem.php" method="get" >
			<ul>
				<li>
					<label>*Product Name:</label>
					<input type="text" name="p_name"/>
				</li>
				<li>
		   			<label>*Product Category:</label>
		   			<select name="p_category" id="category" >
						<option value="">--</option>
						<option value="books">Books</option>
						<option value="equipment">Equipment</option>
					</select>
				</li>

				<li>
					<label>*Refine Category:</label>
					<select name="p_category_refined" id="categoryrefined">
						<option value="">--</option>
						<option value="php">php</option>
						<option value="java">java</option>
					</select>
				</li>

				<li>
		   			<label>*Condition:</label>
		   			<select name="p_condition">
		   				<option value="">--</option>
		   				<option value="new">New</option>
						<option value="used">Used</option>
					</select>
				</li>
				<li>
					<label>*End Date: </label>
					<input type="text" id="datepicker" name="p_end"/>
					
				</li>
				<li>
					<label>*Starting Price: (&pound;)</label>
					<input type="text" name="p_start_price"/>
				</li>
				<li>
					<label>Buy It Now: (&pound;)</label>
					<input type="text" name="p_buyout"/>
				</li>
				<li>
		   			<label>*Description: </label>
		   			<textarea cols="30" rows="4" name="p_description"/></textarea>
		   		</li>
		   		<li>
		   			<label>Sell option: </label>
		   			Sell<input type="radio" name="trade" value="sell"/>&nbsp;&nbsp;&nbsp;&nbsp;
		   			Trade<input type="radio" name="trade" value="trade"/>&nbsp;&nbsp;&nbsp;&nbsp;
		   			Both<input type="radio" name="trade" value="both" checked/>
				</li>
				<li>
					<input type="submit" value="Add New Item" />
				</li>
			</ul>
		</form>



And here is the sql statement that i am using. (the user_id and table name are defined in functions in other files)
$user_id = $user_data['user_id'];

$p_name = mysql_real_escape_string($_GET['p_name']);
$p_category = $_GET['$p_category'];
$p_category_refined = $_GET['$p_category_refined'];
$p_condition = $_GET['$p_condition'];
$p_end = $_GET['$p_end'];
$p_start_price = $_GET['$p_start_price'];
$p_buyout = $_GET['$p_buyout'];
$p_description = mysql_real_escape_string($_GET['$p_description']);
$p_trade = $_GET['$p_trade'];

mysql_query("INSERT INTO `ip_products` (`user_id`, `p_name`, `p_category`, `p_category_refined`, `p_condition`, `p_end`, `p_start_price`, `p_buyout`, `p_description`, `p_trade`)
				VALUES ('$user_id', '$p_name', '$p_category', '$p_category_refined', '$p_condition', '$p_end', '$p_start_price', '$p_buyout', '$p_description', '$p_trade')");


echo $p_buyout;
echo $p_category;
echo $p_category_refined;
echo $p_condition;
echo $p_description;
echo $p_end;
echo $p_name;
echo $p_start_price;
echo $p_trade;



The echo's wont be there once it works but when i tried to echo them out it only displayed p_name

Is This A Good Question/Topic? 0
  • +

Replies To: Problem with insert statement

#2 laytonsdad  Icon User is offline

  • Cheese and Sprinkles
  • member icon

Reputation: 440
  • View blog
  • Posts: 1,867
  • Joined: 30-April 10

Re: Problem with insert statement

Posted 19 February 2013 - 08:51 PM

First off why are you using get instead of post?

also you added a $ to the other get variables, Like so:
$p_name = mysql_real_escape_string($_GET['p_name']);
//notice the below code has an added $
$p_category = $_GET['$p_category'];


This post has been edited by laytonsdad: 19 February 2013 - 09:18 PM

Was This Post Helpful? 0
  • +
  • -

#3 jordfc  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 16
  • Joined: 09-November 12

Re: Problem with insert statement

Posted 20 February 2013 - 04:24 AM

Ah thank you, such a stupid mistake to make!

I was using get originally to see if the form fields were being past through to make sure it wasn't an error on that page because they weren't showing when I tried to echo them but now I know why.

Thanks again.
Was This Post Helpful? 0
  • +
  • -

#4 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2992
  • Posts: 10,337
  • Joined: 08-August 08

Re: Problem with insert statement

Posted 20 February 2013 - 07:24 AM

Are you trying to have your site hacked? MySQL functions are deprecated because they're insecure. They mix user supplied data with the query, allowing hackers to use SQL injection attacks. Use prepared statements.

By the way: $x = $_POST['x']; or $x = $_GET['x']; is always bad. Don't copy from one variable to another without a good reason.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1