insert data in mysql - Databases forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

insert data in mysql

magneto

7:47 am on Dec 3, 2010 (gmt 0)

10+ Year Member

Here's a basic rundown of my code:

<form action="http://www.test.com/insert-data.php" method="post">
<table>
<tr>
<td><div align="left">Items</div></td>
<td><div align="left">
<select onchange="house(form)" name="houses">
<option selected="selected" value="100000" >House 1</option>
<option value = "80000" >House 2</option>
<option value= "300000" ">House 3</option>
</select>
</div></td>
</tr>
</table>
<input name="cost" type="text" class="textbox"/>
<input name="submit" type="submit" value="Submit" /></form>

In essence, what this code does is it creates a table with a dropdown menu of 3 houses, each one with a different value.

Now i am using this php code to store the values in a mysql database.

<?php
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("data1") or die(mysql_error());

$houses = $_POST["houses"];

mysql_query("INSERT INTO test(houses) values('$houses') ")
or die(mysql_error());
;?>

Now what i would like to do is to store both the value and the name of the selection made by the user. For example, if the user selects the first option, the data stored in the database is only 100000. How can i modify my php or the html code from the form to be able to insert the 100000 and also House 1 into the database. I need both values to be passed on to my database.

Thanks for your help

LifeinAsia

5:25 pm on Dec 3, 2010 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Top Contributors Of The Month

One way would be to change the value from "100000" to "100000,House 1" then parse out the values before inserting into the DB.

StoutFiles

6:40 pm on Dec 3, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Make sure you clean up the post value to check for SQL injection. It would be very easy to use Mozilla's Firebug to cut off your insert statement and drop your table.

magneto

11:27 pm on Dec 3, 2010 (gmt 0)

10+ Year Member

thank you both for your solutions....@ Asia, that is the idea, however, im also running a javascript code that will add the values from many drop down menus and insert the total in one box. if i add the comma as suggested, the java code stops working. you can check the sample table here.

[hardydiesel.com...]

LifeinAsia

11:32 pm on Dec 3, 2010 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Top Contributors Of The Month

Then you can either:
A) Update the JavaScript to take that into account, or
B) Add a hidden field and add more JavaScript code to update the hidden field when an item from the drop-down is selected.

rocknbil

1:08 am on Dec 4, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

obj = form.ac.options[form.ac.selectedIndex].value;
objects = obj.split(',');
ac = parseInt(objects[0]);

I'd use something besides a comma, but if you relibly have no commas in your numbers . . . should work.

SteveWh

4:50 am on Dec 4, 2010 (gmt 0)

10+ Year Member

If you're unfamiliar with the term "SQL injection", read StoutFiles's post 5 times, then do a web search on "SQL injection".

If your versions of PHP and MySQL are high enough to support it, have a look at the object-oriented methods of PHP's "mysqli" extension and its "prepared statements" methods (instead of using the PHP "mysql" extension). Study and use their example code (such as at [us2.php.net...] ) to create the methods you can use from now on for your PHP/MySQL coding. If you create safe and reliable procedures now and make them a habit, you'll save having to run through your site correcting poor coding after having your site get hacked.