Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

big brother

time record system

7:24 pm on Nov 6, 2009 (gmt 0)

New User

5+ Year Member

joined:July 3, 2009
posts: 5
votes: 0

hi can someone help me please. I have a select statement that uses an inner join on two of my tables prj_name and users I then want to insert this result into a timesheet. i am using a pop-up that the user uses to select their project and a javascript calender to select the data. the prj_name is being stored and the data and time what I need to store with this data is the user_name, user_id and maybe the session details. I hope that this makes sense. here is the select statement

$query = "SELECT prj_name.prj_name,users.user_name
FROM prj_name INNER JOIN users ON users.user_id = prj_name.user_id
ORDER BY prj_name";

$result_id = mysql_query ($query);
print ("<select name=\"prj_name\">\n");
while (list ($prj_name) = mysql_fetch_row ($result_id))
$prj_name = htmlspecialchars ($prj_name);
print ("<option value=\"$prj_name\">$prj_name</option>\n");

mysql_free_result ($result_id);

function make_popup_menu ($prj_name, $values, $labels, $default)
if (!is_array ($values))
return ("make_popup_menu: values argument must be an array");
if (!is_array ($labels))
return ("make_popup_menu: labels argument must be an array");
if (count ($values) != count ($labels))
return ("make_popup_menu: value and label list size mismatch");
$str = "";
for ($i = 0; $i < count ($values); $i++)
# select the item if it corresponds to the default value
$checked = ($values[$i] == $default ? " selected=\"selected\"" : "");
$str .= sprintf (
"<option value=\"%s\"%s>%s</option>\n",
htmlspecialchars ($values[$i]),
htmlspecialchars ($labels[$i]));
$str = sprintf (
"<select name=\"%s\">\n%s</select>\n",
htmlspecialchars ($name),
return ($str);

print ("</select>\n");
than the users hits the submit button and this is the insert statement

$sql = "INSERT INTO `workhours`.`workingtimes` (`id`, `begintime`, `endtime`, `prj_name`, `prj_id`, `employee_id`, `user_name`, `user_id`, `sess_id`) VALUES (NULL,'$_POST[begintime]',NULL,'$_POST[prj_name]','$_POST[prj_id]','$_POST[employee_id]','$_POST[user_name]',NULL,'1234')";

I would appricate any comments thanks.

8:53 pm on Nov 6, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 10, 2004
votes: 0

hi can someone help me please.

Having read through your post, you ask for help.. however then do not ask any questions?

Can you be more specific with the issue you are having or the help you need?

Now, moving on to your sql statement.. I would recommend you google "SQL Injection". Inserting input directly into the database without any validation and/or filtering should be avoided.


2:26 pm on Nov 7, 2009 (gmt 0)

New User

5+ Year Member

joined:July 3, 2009
posts: 5
votes: 0

hi john, thanks for the prompt reply. my problem is when I hit the submit button on my webpage the insert statement is only inserting the date and time with prj_name how do I include an inner join select statement that includes session details and user_id and prj_id. i am not familiar with injection must take a look thanks.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members