Advanced Search

Results 1 to 9 of 9

Thread: How to store hidden field data into database?

  1. #1
    Join Date
    Aug 2007
    Location
    Malaysia
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default How to store hidden field data into database?

    Hey,guys!

    I have a form which have some hidden fields because those fields' value need to be displayed in next page by using $_GET.However,I also need to store them into database while form submitted,but my query statement didn't work,what went wrong with it?

    PHP Code:
    <?
    $tbl_name 
    "reserve";
    if (isset(
    $_GET['confirm'])){
    $insert mysql_query("INSERT INTO $tbl_name (reserve_date,reserve_time,seat_qty,ref_code)VALUES ('" $_GET['selected_date'] . "','" $_GET['showtime'] . "','" $_GET['noOfSeat'] . ".,'" $_GET['refCode'] . "')") or die(mysql_error()); 

    }
    ?>
    Code:
    <tr>
        <td><strong>Showtime</strong></td> 
        <td><?php echo $time; ?></td> 
         <input type="hidden" name="showtime" value="<?php echo $time; ?>">
    </tr> 
    			
    <tr>
          <td><strong>Date</strong></td> 
          <td><?php echo $_GET['selected_date']; ?></td>
          <input type="hidden" name="selected_date" 
           value="<?php $_GET['selected_date']; ?>">
    </tr> 
    						
    <tr> 
         <td><font face="Arial"><strong>No. of Seats</strong></font></td>
         <td><font face="Arial"><?php echo $noOfSeat; ?></td>
         <input type="hidden" name="noOfSeat" 
          value="<?php echo $noOfSeat; ?>">
    </tr>
               
    <tr>
         <td>
         <input type="hidden" name="refCode" value="<?php echo $refCode; ?>">
         </td>
    </tr>
    RefCode is generated in current page but only displays in next page.

  2. #2
    Join Date
    Oct 2005
    Posts
    255
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    try using this instead of the php code...


    Code:
    <? 
    $tbl_name = "reserve"; 
    if (isset($_GET['confirm'])){
    
    $insert =MYSQL_QUERY("INSERT INTO tbl_name (id,title,date,news,link,img,contact,author)". "VALUES ('NULL', '$title', '$date', '$news', '$link', '$img', '$contact', '$author')");
    
    } 
    ?>
    just change the other content oh yeh there is no dollor sign suppose to be in tbl_name

    This is what you have!

    Code:
    <? 
    $tbl_name = "reserve"; 
    if (isset($_GET['confirm'])){ 
    $insert = mysql_query("INSERT INTO $tbl_name (reserve_date,reserve_time,seat_qty,ref_code)VALUES ('" . $_GET['selected_date'] . "','" . $_GET['showtime'] . "','" . $_GET['noOfSeat'] . ".,'" . $_GET['refCode'] . "')") or die(mysql_error());  
    
    } 
    ?>
    This is what you should try!!!

    Code:
    <? 
    $tbl_name = "reserve"; 
    if (isset($_GET['confirm'])){ 
    $insert = mysql_query("INSERT INTO tbl_name (reserve_date,reserve_time,seat_qty,ref_code)VALUES ('" . $_GET['selected_date'] . "','" . $_GET['showtime'] . "','" . $_GET['noOfSeat'] . ".,'" . $_GET['refCode'] . "')") or die(mysql_error());  
    
    } 
    ?>
    maybe it might work.. but i dont understand why you have this

    $tbl_name = 'reserve';
    Hey new design new look, goto xudas for personal webdsign help.. (:

  3. #3
    Join Date
    Aug 2007
    Location
    Malaysia
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    $tbl_name = "reserve"; just stated that table name is 'reserve'
    Here is the sql code for reserve table:

    Code:
    CREATE TABLE `reserve` (
      `reserve_id` int(4) NOT NULL auto_increment,
      `reserve_date` date NOT NULL,
      `reserve_time` time NOT NULL,
      `seat_qty` int(2) NOT NULL,
      `ref_code` varchar(50) collate latin1_general_ci NOT NULL,
      `movie_id` int(4) NOT NULL,
      `member_id` int(4) NOT NULL,
      PRIMARY KEY  (`reserve_id`),
      KEY `movie_id` (`movie_id`),
      KEY `member_id` (`member_id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=1 ;
    Maybe no value being assigned to two foreign keys(movie_id and member_id) because I not sure how to refer it.So,I rewrite the query statement as shown below BUT data still CAN'T store in database.

    PHP Code:
    <?
    //$tbl_name = "reserve";
    if (isset($_GET['confirm'])){ 
        
    $sql 'INSERT INTO `reserve` SET';
        
    $sql .= ' `reserve_date` = \''.mysql_real_escape_string($_GET['selected_date']).'\'';
        
    $sql .= ', `reserve_time` = \''.mysql_real_escape_string($_GET['showtime']).'\'';
        
    $sql .= ', `seat_qty` = '.((int)$_GET['noOfSeat']);
        
    $sql .= ', `ref_code` = \''.mysql_real_escape_string($_GET['refCode']).'\'';
        
    $sql .= ', `movie_id` = 1'//  I just put 1 so it would actually do something.
        
    $sql .= ', `member_id` = 1'// I just put 1 so it would actually do something.
        
    mysql_query($sql) or die(mysql_error());
    }

    ?>


    Quote Originally Posted by insanemonkey View Post
    try using this instead of the php code...


    Code:
    <? 
    $tbl_name = "reserve"; 
    if (isset($_GET['confirm'])){
    
    $insert =MYSQL_QUERY("INSERT INTO tbl_name (id,title,date,news,link,img,contact,author)". "VALUES ('NULL', '$title', '$date', '$news', '$link', '$img', '$contact', '$author')");
    
    } 
    ?>
    just change the other content oh yeh there is no dollor sign suppose to be in tbl_name

    This is what you have!

    Code:
    <? 
    $tbl_name = "reserve"; 
    if (isset($_GET['confirm'])){ 
    $insert = mysql_query("INSERT INTO $tbl_name (reserve_date,reserve_time,seat_qty,ref_code)VALUES ('" . $_GET['selected_date'] . "','" . $_GET['showtime'] . "','" . $_GET['noOfSeat'] . ".,'" . $_GET['refCode'] . "')") or die(mysql_error());  
    
    } 
    ?>
    This is what you should try!!!

    Code:
    <? 
    $tbl_name = "reserve"; 
    if (isset($_GET['confirm'])){ 
    $insert = mysql_query("INSERT INTO tbl_name (reserve_date,reserve_time,seat_qty,ref_code)VALUES ('" . $_GET['selected_date'] . "','" . $_GET['showtime'] . "','" . $_GET['noOfSeat'] . ".,'" . $_GET['refCode'] . "')") or die(mysql_error());  
    
    } 
    ?>
    maybe it might work.. but i dont understand why you have this

    $tbl_name = 'reserve';

  4. #4
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,878
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    $insert =MYSQL_QUERY("INSERT INTO tbl_name (id,title,date,news,link,img,contact,author)". "VALUES ('NULL', '$title', '$date', '$news', '$link', '$img', '$contact', '$author')");
    None of those variables is necessarily defined, and NULL is not a string. You've also forgotten to escape the values, giving an attacker full access to execute arbitrary queries.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  5. #5
    Join Date
    Aug 2007
    Location
    Malaysia
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    I reliazed mt_rand() return an integer,so change ref_code to int,however data yet to be stored.What weent wrong actually???Hope someone can help me....

    PHP Code:
    <?
    //$tbl_name = "reserve";
    if (isset($_GET['confirm'])){ 
        
    $sql 'INSERT INTO `reserve` SET';
        
    $sql .= ' `reserve_date` = '.($_GET['selected_date']);
        
    $sql .= ', `reserve_time` = '.($_GET['showtime']);
        
    $sql .= ', `seat_qty` = '.((int)$_GET['noOfSeat']);
        
    $sql .= ', `ref_code` = '.((int)$_GET['refCode']);
        
    $sql .= ', `movie_id` = 1'//I just put 1 so it would actually do something.
        
    $sql .= ', `member_id` = 1'// I just put 1 so it would actually do something.
        
    mysql_query($sql) or die(mysql_error());
    }

    ?>
    Code:
    CREATE TABLE `reserve` (
      `reserve_id` int(4) NOT NULL auto_increment,
      `reserve_date` date NOT NULL,
      `reserve_time` time NOT NULL,
      `seat_qty` int(2) NOT NULL,
      `ref_code` int(5) NOT NULL,
      `movie_id` int(4) NOT NULL,
      `member_id` int(4) NOT NULL,
      PRIMARY KEY  (`reserve_id`),
      KEY `movie_id` (`movie_id`),
      KEY `member_id` (`member_id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=1 ;

  6. #6
    Join Date
    Aug 2007
    Location
    Malaysia
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    I have changed my query
    PHP Code:

    <?php 
    //$tbl_name = "reserve"; 
    if (isset($_GET['confirm'])){ 
        
    $sql 'INSERT INTO `reserve` SET'
        
    $sql .= ' `reserve_date` = \''.mysql_real_escape_string($_GET['selected_date']).'\'';
        
    $sql .= ', `reserve_time` = \''.mysql_real_escape_string($_GET['showtime']).'\'';
        
    $sql .= ', `seat_qty` = '.((int)$_GET['noOfSeat']); 
        
    $sql .= ', `ref_code` = '.((int)$_GET['refCode']); 
        
    $sql .= ', `movie_id` = 1'//I just put 1 so it would actually do something. 
        
    $sql .= ', `member_id` = 1'// I just put 1 so it would actually do something. 
         
            
    print "SQL STATEMENT: "
            
    var_dump($sql); 
             
            
    $result mysql_query($sql); 
             
            print 
    "MYSQL RETURN: "
            
    var_dump($result); 
             
            print 
    "MYSQL ERROR: "
            
    var_dump(mysql_error()); 
    } else { 
            print 
    "FORM NEVER SENT confirm VALUE"

    ?>
    These are what displayed when action=reservation3.php,the current page rather than next page which I wanted.

    FORM NEVER SENT confirm VALUE

    SQL STATEMENT: string(155) "INSERT INTO `reserve` SET `reserve_date` = 'Sun 30th Sep', `reserve_time` = '6 :00pm', `seat_qty` = 3, `ref_code` = 451910, `movie_id` = 1, `member_id` = 1" MYSQL RETURN: bool(true) MYSQL ERROR: string(0) ""

    Warning: Invalid argument supplied for foreach()
    PHP Code:
    <? 
    // key-value pair of time array 
    foreach ($_GET['time'] as $key => $value) { 
        
    $name $key
        
    $time $value

    ?>
    'time' is derived from previos page(reservation2.php)
    PHP Code:
    <? 
    if (isset($_SESSION['gmemberid'])) { 

        
    $tbl_name "movie"
        
    $result mysql_query(sprintf('SELECT name,classification,screeningTime FROM %s 
                 LIMIT 7'
    $tbl_name)) or die('Cannot execute query.'); 


        
    //$numrow = mysql_num_rows($result); 


        
    while ($rows mysql_fetch_assoc($result)) { 
            echo 
    '<table width="100%" border="0"><tr><td height="68"> 
                      <table width="100%" height="47" border="0"> 
                       ---------------------------------------------------------------------------------------------------------<br>'


            echo 
    '<strong>' $rows['name'] . ' (' $rows['classification'] . ') 
                     <br></strong>'

            foreach (
    explode(','$rows['screeningTime']) as $time) { ?> 
                <label> 
                <input type="radio"  name="time[<?php echo $rows['name']; ?>]" 
                  title ="screening time" value="<?php echo $time?>"> 
                 <input type="hidden" name="selected_date" 
                    value="<?php echo $_GET['selected_date']; ?>"> 
                 
                <?php echo $time?>&nbsp;&nbsp;&nbsp; 
                </label> 
                <?php ?> 
    <? 
        



    ?>

  7. #7
    Join Date
    Aug 2007
    Location
    Malaysia
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Well,I changed my query again,

    PHP Code:
    if (isset($_GET['confirm'])){ 
        
    $selected_date mysql_real_escape_string($_GET['selected_date']); 
        
    $reserve_time mysql_real_escape_string($_GET['showtime']); 
        
    $noOfSeat = (int) $_GET['noOfSeat']; 
        
    $refCode = (int) $_GET['refCode']; 
        
    $sql =<<<SQLSTM 
            INSERT 
                INTO 
    `reserve
                
    SET 
                    reserve_date 
    '$selected_date'
                    
    reserve_time '$reserve_time'
                    
    seat_qty $noOfSeat
                    
    ref_code $refCode
                    
    movie_id 
    SQLSTM
    ;
        if(
    $res mysql_query($sql,$dbconnectionidentifier)) 
        { 
            echo(
    'Record inserted successfully blah blah blah'); 
        } 
        else 
        { 
            die(
    $sql.' '.mysql_error()); // For debugging only 
            // handle error gracefully in production 
        


    When having action=reservation3.php,it displayed Record inserted successfully blah blah blah,however why mt_rand() always remain the same value in multiple records?
    PHP Code:
    if (!isset($_SESSION['refCode'])) { 
        
    $_SESSION['refCode'] = mt_rand(100000999999); 

    $refCode $_SESSION['refCode']; 
    And also what actually want the form to submitted and display all the value,including refCode in NEXT PAGE(reservation4.php).However,when putting action=reservation4.php, old problem raise back,no new record found in database.

    You guys have any idea?It seems like my query is correct but database is not updating while form submitted into next page.I'm looking for your generious help...

  8. #8
    Join Date
    Oct 2005
    Posts
    255
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    $insert =MYSQL_QUERY("INSERT INTO tbl_name (id,title,date,news,link,img,contact,author)". "VALUES ('NULL', '$title', '$date', '$news', '$link', '$img', '$contact', '$author')");
    so how do i put in escape values or what should i do....
    Hey new design new look, goto xudas for personal webdsign help.. (:

  9. #9
    Join Date
    May 2006
    Location
    Sydney, Australia - Near the coast.
    Posts
    1,995
    Thanks
    0
    Thanked 8 Times in 7 Posts

    Default

    If you want to escape values, then you'll need to use the function mysql_real_escape_string()

    You'll need to escape everything that's parsed except the SQL string itself.

    PHP Code:
    $title mysql_real_escape_string($title);
    $date mysql_real_escape_string($date);
    //and so on for all your values.

    $insert =MYSQL_QUERY("INSERT INTO tbl_name (id,title,date,news,link,img,contact,author)""VALUES ('NULL', '$title', '$date', '$news', '$link', '$img', '$contact', '$author')"); 
    Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
    Currently: enjoying the early holidays :)
    Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •