homepage Welcome to WebmasterWorld Guest from 54.204.59.230
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderators: physics

Databases Forum

    
insert data in mysql
magneto




msg:4238244
 7:47 am on Dec 3, 2010 (gmt 0)

Here's a basic rundown of my code:

<form action="http://www.test.com/insert-data.php" method="post">
<table>
<tr>
<td><div align="left">Items</div></td>
<td><div align="left">
<select onchange="house(form)" name="houses">
<option selected="selected" value="100000" >House 1</option>
<option value = "80000" >House 2</option>
<option value= "300000" ">House 3</option>
</select>
</div></td>
</tr>
</table>
<input name="cost" type="text" class="textbox"/>
<input name="submit" type="submit" value="Submit" /></form>


In essence, what this code does is it creates a table with a dropdown menu of 3 houses, each one with a different value.

Now i am using this php code to store the values in a mysql database.

<?php
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("data1") or die(mysql_error());

$houses = $_POST["houses"];

mysql_query("INSERT INTO test(houses) values('$houses') ")
or die(mysql_error());
;?>


Now what i would like to do is to store both the value and the name of the selection made by the user. For example, if the user selects the first option, the data stored in the database is only 100000. How can i modify my php or the html code from the form to be able to insert the 100000 and also House 1 into the database. I need both values to be passed on to my database.
Thanks for your help

 

LifeinAsia




msg:4238397
 5:25 pm on Dec 3, 2010 (gmt 0)

One way would be to change the value from "100000" to "100000,House 1" then parse out the values before inserting into the DB.

StoutFiles




msg:4238423
 6:40 pm on Dec 3, 2010 (gmt 0)

Make sure you clean up the post value to check for SQL injection. It would be very easy to use Mozilla's Firebug to cut off your insert statement and drop your table.

magneto




msg:4238535
 11:27 pm on Dec 3, 2010 (gmt 0)

thank you both for your solutions....@ Asia, that is the idea, however, im also running a javascript code that will add the values from many drop down menus and insert the total in one box. if i add the comma as suggested, the java code stops working. you can check the sample table here.

[hardydiesel.com...]

LifeinAsia




msg:4238537
 11:32 pm on Dec 3, 2010 (gmt 0)

Then you can either:
A) Update the JavaScript to take that into account, or
B) Add a hidden field and add more JavaScript code to update the hidden field when an item from the drop-down is selected.

rocknbil




msg:4238557
 1:08 am on Dec 4, 2010 (gmt 0)


obj = form.ac.options[form.ac.selectedIndex].value;
objects = obj.split(',');
ac = parseInt(objects[0]);

I'd use something besides a comma, but if you relibly have no commas in your numbers . . . should work.

SteveWh




msg:4238605
 4:50 am on Dec 4, 2010 (gmt 0)

If you're unfamiliar with the term "SQL injection", read StoutFiles's post 5 times, then do a web search on "SQL injection".

If your versions of PHP and MySQL are high enough to support it, have a look at the object-oriented methods of PHP's "mysqli" extension and its "prepared statements" methods (instead of using the PHP "mysql" extension). Study and use their example code (such as at [us2.php.net...] ) to create the methods you can use from now on for your PHP/MySQL coding. If you create safe and reliable procedures now and make them a habit, you'll save having to run through your site correcting poor coding after having your site get hacked.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved