Welcome to WebmasterWorld Guest from 54.145.208.64

Forum Moderators: open

Message Too Old, No Replies

insert data in mysql

   
7:47 am on Dec 3, 2010 (gmt 0)



Here's a basic rundown of my code:

<form action="http://www.test.com/insert-data.php" method="post">
<table>
<tr>
<td><div align="left">Items</div></td>
<td><div align="left">
<select onchange="house(form)" name="houses">
<option selected="selected" value="100000" >House 1</option>
<option value = "80000" >House 2</option>
<option value= "300000" ">House 3</option>
</select>
</div></td>
</tr>
</table>
<input name="cost" type="text" class="textbox"/>
<input name="submit" type="submit" value="Submit" /></form>


In essence, what this code does is it creates a table with a dropdown menu of 3 houses, each one with a different value.

Now i am using this php code to store the values in a mysql database.

<?php
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("data1") or die(mysql_error());

$houses = $_POST["houses"];

mysql_query("INSERT INTO test(houses) values('$houses') ")
or die(mysql_error());
;?>


Now what i would like to do is to store both the value and the name of the selection made by the user. For example, if the user selects the first option, the data stored in the database is only 100000. How can i modify my php or the html code from the form to be able to insert the 100000 and also House 1 into the database. I need both values to be passed on to my database.
Thanks for your help
5:25 pm on Dec 3, 2010 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



One way would be to change the value from "100000" to "100000,House 1" then parse out the values before inserting into the DB.
6:40 pm on Dec 3, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Make sure you clean up the post value to check for SQL injection. It would be very easy to use Mozilla's Firebug to cut off your insert statement and drop your table.
11:27 pm on Dec 3, 2010 (gmt 0)



thank you both for your solutions....@ Asia, that is the idea, however, im also running a javascript code that will add the values from many drop down menus and insert the total in one box. if i add the comma as suggested, the java code stops working. you can check the sample table here.

[hardydiesel.com...]
11:32 pm on Dec 3, 2010 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Then you can either:
A) Update the JavaScript to take that into account, or
B) Add a hidden field and add more JavaScript code to update the hidden field when an item from the drop-down is selected.
1:08 am on Dec 4, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member




obj = form.ac.options[form.ac.selectedIndex].value;
objects = obj.split(',');
ac = parseInt(objects[0]);

I'd use something besides a comma, but if you relibly have no commas in your numbers . . . should work.
4:50 am on Dec 4, 2010 (gmt 0)

5+ Year Member



If you're unfamiliar with the term "SQL injection", read StoutFiles's post 5 times, then do a web search on "SQL injection".

If your versions of PHP and MySQL are high enough to support it, have a look at the object-oriented methods of PHP's "mysqli" extension and its "prepared statements" methods (instead of using the PHP "mysql" extension). Study and use their example code (such as at [us2.php.net...] ) to create the methods you can use from now on for your PHP/MySQL coding. If you create safe and reliable procedures now and make them a habit, you'll save having to run through your site correcting poor coding after having your site get hacked.