homepage Welcome to WebmasterWorld Guest from 54.196.194.204
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
big brother
time record system
dubhfearchat




msg:4020605
 7:24 pm on Nov 6, 2009 (gmt 0)

hi can someone help me please. I have a select statement that uses an inner join on two of my tables prj_name and users I then want to insert this result into a timesheet. i am using a pop-up that the user uses to select their project and a javascript calender to select the data. the prj_name is being stored and the data and time what I need to store with this data is the user_name, user_id and maybe the session details. I hope that this makes sense. here is the select statement

$query = "SELECT prj_name.prj_name,users.user_name
FROM prj_name INNER JOIN users ON users.user_id = prj_name.user_id
ORDER BY prj_name";

$result_id = mysql_query ($query);
print ("<select name=\"prj_name\">\n");
while (list ($prj_name) = mysql_fetch_row ($result_id))
{
$prj_name = htmlspecialchars ($prj_name);
print ("<option value=\"$prj_name\">$prj_name</option>\n");

}
mysql_free_result ($result_id);

function make_popup_menu ($prj_name, $values, $labels, $default)
{
if (!is_array ($values))
return ("make_popup_menu: values argument must be an array");
if (!is_array ($labels))
return ("make_popup_menu: labels argument must be an array");
if (count ($values) != count ($labels))
return ("make_popup_menu: value and label list size mismatch");
$str = "";
for ($i = 0; $i < count ($values); $i++)
{
# select the item if it corresponds to the default value
$checked = ($values[$i] == $default ? " selected=\"selected\"" : "");
$str .= sprintf (
"<option value=\"%s\"%s>%s</option>\n",
htmlspecialchars ($values[$i]),
$checked,
htmlspecialchars ($labels[$i]));
}
$str = sprintf (
"<select name=\"%s\">\n%s</select>\n",
htmlspecialchars ($name),
$str);
return ($str);
}

print ("</select>\n");
than the users hits the submit button and this is the insert statement

$sql = "INSERT INTO `workhours`.`workingtimes` (`id`, `begintime`, `endtime`, `prj_name`, `prj_id`, `employee_id`, `user_name`, `user_id`, `sess_id`) VALUES (NULL,'$_POST[begintime]',NULL,'$_POST[prj_name]','$_POST[prj_id]','$_POST[employee_id]','$_POST[user_name]',NULL,'1234')";

I would appricate any comments thanks.

 

JohnCanyon




msg:4020673
 8:53 pm on Nov 6, 2009 (gmt 0)


hi can someone help me please.

Having read through your post, you ask for help.. however then do not ask any questions?

Can you be more specific with the issue you are having or the help you need?

Now, moving on to your sql statement.. I would recommend you google "SQL Injection". Inserting input directly into the database without any validation and/or filtering should be avoided.

Cheers.

dubhfearchat




msg:4020967
 2:26 pm on Nov 7, 2009 (gmt 0)
hi john, thanks for the prompt reply. my problem is when I hit the submit button on my webpage the insert statement is only inserting the date and time with prj_name how do I include an inner join select statement that includes session details and user_id and prj_id. i am not familiar with injection must take a look thanks.
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved