I'm not for sure on the tinyint and smallint, what do you need them for? However for the other ones (1-4) just read my comments in the code below.

<html>
<?php

//this is the format for all of your
//date and times you can change it
//to whatever you like or replace the
//$format with your own date string
//i.e. if you just want the days just remove
//the h:i:s
$format = "Y-m-d h:i:s";

//this needs to be the input date you want
//to convert from m d y to y-m-d h:i:s
$time = "01-06-2010";

//split them based on -
$timeArr = split("-", $time);

$month = $timeArr[0];
$day = $timeArr[1];
$year = $timeArr[2];

//since we don't have hour minute second we are just passing 0
//h m s m d y
$date = date($format, mktime(0, 0, 0, $month, $day, $year));

//the current date and time
$now = date($format);

//the time two days from now
//you can change +2 days to a number of things
//that seem logical i.e. +2 years +5 months
//-1 week etc...
$twoDaysFromNow = date($format, (strtotime("+2 days", time())));

//to get an int number you have something like this
$double = 16.56;
$int = intval($double);

echo("Formatted date = $date<br />Today's Date = $now<br />Two days from now = $twoDaysFromNow<br />The int value = $int");

?>
</html>

I'm not for sure on the tinyint and smallint, what do you need them for?

Just convert them to a $var=intval($variable); as with $int above...
(The reason it won't work if you don't convert them is variable values are passed as strings, which cannot be inserted into a numeric col type, because they're a string, not a number.)

I would guess the need to use them has to do with storage space requirements.
1 byte v 4 bytes for a tinyint rather than int and 2 bytes v 4 bytes for a smallint v int.

Thanks....

I;m not sure how to incorporate this into a $_POST string. I see some issues popppopping up without trying to apply this to my method.

FYI I am grabbing the data froma form with various field relating to the table.

Here's a quick part of the form with two fields... a date field and a hidden field.

<li class="mainForm" id="fieldBox_8">
<label class="formFieldQuestion">start_date</label><input type=text name=start_date id=start_date value="">
<button type=reset class=calendarStyle id=fieldDateTrigger_8></button>
<SCRIPT type='text/javascript'> Calendar.setup({
  inputField  : "start_date", 
  ifFormat  : "%m/%d/%Y", 
  showsTime  : false,   
  button   : "fieldDateTrigger_8",
  singleClick : true,   
  step   : 1    
});</SCRIPT></li>
//From FORM: Need this to be int(10)
 
<input type=hidden name=parent_id id=parent_id value="0">

I'm passing it using POST to trbltckinsert.php

include("db_config.php");
$link = mysql_connect($db_host,$db_user,$db_pass);
if(!$link) die ('Could not create ticket. Could not connect to DB: '.mysql_error());
mysql_select_db($db_name,$link);
$query = "INSERT into `".$db_table."` (Name,Email,Phone,parent_id,title,text,due_date,start_date,assigned_to_company_id,assigned_to_user_id,assigned_on,assigned_by_id,time_estimate,completed_on,completed_by_id,created_on,created_by_id,updated_on,updated_by_id,trashed_on,trashed_by_id,archived_on,archived_by_id,started_on,started_by_id,priority,state,order,milestone_id,is_private,is_template,from_template_id,repeat_end,repeat_forever,repeat_num,repeat_d,repeat_m,repeat_y,repeat_by,object_subtype, RushJob) VALUES ('" . $_POST['Name'] . "','" . $_POST['Email'] . "','" . $_POST['Phone'] . "','" . $_POST['parent_id'] . "','" . $_POST['title'] . "','" . $_POST['text'] . "','" . $_POST['due_date'] . "','" . $_POST['start_date'] . "','" . $_POST['assigned_to_company_id'] . "','" . $_POST['assigned_to_user_id'] . "','" . $_POST['assigned_on'] . "','" . $_POST['assigned_by_id'] . "','" . $_POST['time_estimate'] . "','" . $_POST['completed_on'] . "','" . $_POST['completed_by_id'] . "','" . $_POST['created_on'] . "','" . $_POST['created_by_id'] . "','" . $_POST['updated_on'] . "','" . $_POST['updated_by_id'] . "','" . $_POST['trashed_on'] . "','" . $_POST['trashed_by_id'] . "','" . $_POST['archived_on'] . "','" . $_POST['archived_by_id'] . "','" . $_POST['started_on'] . "','" . $_POST['started_by_id'] . "','" . $_POST['priority'] . "','" . $_POST['state'] . "','" . $_POST['order'] . "','" . $_POST['milestone_id'] . "','" . $_POST['is_private'] . "','" . $_POST['is_template'] . "','" . $_POST['from_template_id'] . "','" . $_POST['repeat_end'] . "','" . $_POST['repeat_forever'] . "','" . $_POST['repeat_num'] . "','" . $_POST['repeat_d'] . "','" . $_POST['repeat_m'] . "','" . $_POST['repeat_y'] . "','" . $_POST['repeat_by'] . "','" . $_POST['object_subtype'] . "','" . $_POST[‘RushJob’] . "')";
VALUES ('" . $_POST['Name'] . ";
mysql_close($link);

So I'm currious how I implement the above to apply to what I'm doing. Again... I see some problems as how to integrate this.

I think I need to cast the int and tinyint as well as the date but I'm not sure how to do this. DO I need to send the values seperately or can I keep them all like the above string? Will my form collection data need to be formated at trblticket.php?

The insert into worked great on my temporary table I created. That is until I remembered I had to format all of the above fields to their respective int, tinyint, etc. valuse so my Visual Basic application can calculate on the dates and relate to other tables Primary keys. It's a legacy application that I'm trying to integrate a PHP form for my clients to insert data too.

Thanks in advance!

[edited by: DickWeed at 10:11 pm (utc) on Jan. 6, 2010]

Can you post the html form you are working with?

Well, there's a huge security risk in inserting $_POST data straight into a DB, but that's another question, here's an example of the answer to the question you asked:

From your insert:
'" . $_POST['created_by_id'] . "'

Change to:

Before Your Insert:
$created_by_id=intval($_POST['created_by_id']);

In the Insert:
" . $created_by_id . "

Notice the change of the value to a numeric type and the removal of the single quotes from around the insert variable.

Sure..... Here it is...

[Code]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Create Trouble Ticket</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"><link href="style.css" rel="stylesheet" type="text/css">
<!-- calendar stuff -->
<link rel="stylesheet" type="text/css" href="calendar/calendar-blue2.css" />
<script type="text/javascript" src="calendar/calendar.js"></script>
<script type="text/javascript" src="calendar/calendar-en.js"></script>
<script type="text/javascript" src="calendar/calendar-setup.js"></script>
<!-- END calendar stuff -->

<!-- expand/collapse function -->
<SCRIPT type=text/javascript>
<!--
function collapseElem(obj)
{
var el = document.getElementById(obj);
el.style.display = 'none';
}

function expandElem(obj)
{
var el = document.getElementById(obj);
el.style.display = '';
}

//-->
</SCRIPT>
<!-- expand/collapse function -->

<!-- expand/collapse function -->
<SCRIPT type=text/javascript>
<!--

// collapse all elements, except the first one
function collapseAll()
{
var numFormPages = 1;

for(i=2; i <= numFormPages; i++)
{
currPageId = ('mainForm_' + i);
collapseElem(currPageId);
}
}

//-->
</SCRIPT>
<!-- expand/collapse function -->

<!-- validate -->
<SCRIPT type=text/javascript>
<!--
function validateField(fieldId, fieldBoxId, fieldType, required)
{
fieldBox = document.getElementById(fieldBoxId);
fieldObj = document.getElementById(fieldId);

if(fieldType == 'text' ¦¦ fieldType == 'textarea' ¦¦ fieldType == 'password' ¦¦ fieldType == 'file' ¦¦ fieldType == 'phone' ¦¦ fieldType == 'website')
{
if(required == 1 && fieldObj.value == '')
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}

}

else if(fieldType == 'menu' ¦¦ fieldType == 'country' ¦¦ fieldType == 'state')
{
if(required == 1 && fieldObj.selectedIndex == 0)
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}

}

else if(fieldType == 'email')
{
if((required == 1 && fieldObj.value=='') ¦¦ (fieldObj.value!='' && !validate_email(fieldObj.value)))
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}

}

}

function validate_email(emailStr)
{
apos=emailStr.indexOf("@");
dotpos=emailStr.lastIndexOf(".");

if (apos<1¦¦dotpos-apos<2)
{
return false;
}
else
{
return true;
}
}

function validateDate(fieldId, fieldBoxId, fieldType, required, minDateStr, maxDateStr)
{
retValue = true;

fieldBox = document.getElementById(fieldBoxId);
fieldObj = document.getElementById(fieldId);
dateStr = fieldObj.value;

if(required == 0 && dateStr == '')
{
return true;
}

if(dateStr.charAt(2) != '/' ¦¦ dateStr.charAt(5) != '/' ¦¦ dateStr.length != 10)
{
retValue = false;
}

else// format's okay; check max, min
{
currDays = parseInt(dateStr.substr(0,2),10) + parseInt(dateStr.substr(3,2),10)*30 + parseInt(dateStr.substr(6,4),10)*365;
//alert(currDays);

if(maxDateStr != '')
{
maxDays = parseInt(maxDateStr.substr(0,2),10) + parseInt(maxDateStr.substr(3,2),10)*30 + parseInt(maxDateStr.substr(6,4),10)*365;
//alert(maxDays);
if(currDays > maxDays)
retValue = false;
}

if(minDateStr != '')
{
minDays = parseInt(minDateStr.substr(0,2),10) + parseInt(minDateStr.substr(3,2),10)*30 + parseInt(minDateStr.substr(6,4),10)*365;
//alert(minDays);
if(currDays < minDays)
retValue = false;
}
}

if(retValue == false)
{
fieldObj.setAttribute("class","mainFormError");
fieldObj.setAttribute("className","mainFormError");
fieldObj.focus();
return false;
}
}
//-->
</SCRIPT>
<!-- end validate -->

</head>

<body onLoad="collapseAll()">

<div id="mainForm">

<div id="formHeader">
<h2 class="formInfo">Create Trouble Ticket</h2>
<p class="formInfo"></p>
</div>

<BR/><!-- begin form -->
<form method=post enctype=multipart/form-data action=trbltckinsert.php onSubmit="return validatePage1();"><ul class=mainForm id="mainForm_1">

<li class="mainForm" id="fieldBox_1">
<label class="formFieldQuestion">Name&nbsp;*&nbsp;<a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>Please enter your full name. </span></a>
<input class=mainForm type=text name=Name id=Name size='20' value=''>
</label>
</li>

<li class="mainForm" id="fieldBox_2">
<label class="formFieldQuestion">Email&nbsp;*&nbsp;<a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>Please enter a valid email address.</span></a>
<input class=mainForm type=email name=Email id=Email size=40 value="" style="background-image:url(imgs/email.png); background-repeat: no-repeat; padding: 2px 2px 2px 25px;">
</label>
</li>

<li class="mainForm" id="fieldBox_3">
<label class="formFieldQuestion">Phone&nbsp;*&nbsp;<a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>Please enter a valid phone number which is best to contact you at</span></a>
<input class=mainForm type=phone name=Phone id=Phone size=20 value="" style="background-image:url(imgs/phone.png); background-repeat: no-repeat; padding: 2px 2px 2px 25px;">
<input type=hidden name=parent_id id=parent_id value="0">
</label>
</li>
<li class="mainForm" id="fieldBox_5">
<label class="formFieldQuestion">Name of Your Request&nbsp;*&nbsp;<a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>Enter a short Title, being sure to include your company number. e.g. 1234 Ticket Type etc.</span></a><br>
</label>
<input class=mainForm type=text name=title id=title size='80' value=''></li>

<li class="mainForm" id="fieldBox_6"><strong>Enter A Description For Your Trouble Ticket</strong><br>
<strong>a.</strong> Please be as descriptive as possible<br>
<strong>b. </strong>Please include any pertinent specifications <br>
<strong>c. </strong>Add any special instructions .
<label class="formFieldQuestion">Description:&nbsp;*</label><textarea class=mainForm name=text id=text rows=20 cols=80></textarea></li>

<li class="mainForm" id="fieldBox_7">
<label class="formFieldQuestion">Due Date Requested&nbsp;*</label><input type=text name=due_date id=due_date value=""><button type=reset class=calendarStyle id=fieldDateTrigger_7></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "due_date",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_7",
singleClick : true,
step : 1
});</SCRIPT></li>

<li class="mainForm" id="fieldBox_8">
<label class="formFieldQuestion">start_date</label><input type=text name=start_date id=start_date value="0000-00-00 00:00:00"><button type=reset class=calendarStyle id=fieldDateTrigger_8></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "start_date",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_8",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=assigned_to_company_id id=assigned_to_company_id value="1"><input type=hidden name=assigned_to_user_id id=assigned_to_user_id value="2">

<li class="mainForm" id="fieldBox_11">
<label class="formFieldQuestion">assigned_on&nbsp;*</label><input type=text name=assigned_on id=assigned_on value="now()"><button type=reset class=calendarStyle id=fieldDateTrigger_11></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "assigned_on",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_11",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=assigned_by_id id=assigned_by_id value="5"><input type=hidden name=time_estimate id=time_estimate value="0">

<li class="mainForm" id="fieldBox_14">
<label class="formFieldQuestion">completed_on</label><input type=text name=completed_on id=completed_on value=""><button type=reset class=calendarStyle id=fieldDateTrigger_14></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "completed_on",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_14",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=completed_by_id id=completed_by_id value="">

<li class="mainForm" id="fieldBox_16">
<label class="formFieldQuestion">created_on&nbsp;*</label><input type=text name=created_on id=created_on value=""><button type=reset class=calendarStyle id=fieldDateTrigger_16></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "created_on",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_16",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=created_by_id id=created_by_id value="5">

<li class="mainForm" id="fieldBox_18">
<label class="formFieldQuestion">updated_on&nbsp;*</label><input type=text name=updated_on id=updated_on value=""><button type=reset class=calendarStyle id=fieldDateTrigger_18></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "updated_on",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_18",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=updated_by_id id=updated_by_id value="5">

<li class="mainForm" id="fieldBox_20">
<label class="formFieldQuestion">trashed_on</label><input type=text name=trashed_on id=trashed_on value="0000-00-00 00:00:00"><button type=reset class=calendarStyle id=fieldDateTrigger_20></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "trashed_on",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_20",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=trashed_by_id id=trashed_by_id value="">

<li class="mainForm" id="fieldBox_22">
<label class="formFieldQuestion">archived_on&nbsp;*</label><input type=text name=archived_on id=archived_on value="0000-00-00 00:00:00"><button type=reset class=calendarStyle id=fieldDateTrigger_22></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "archived_on",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_22",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=archived_by_id id=archived_by_id value="">

<li class="mainForm" id="fieldBox_24">
<label class="formFieldQuestion">started_on&nbsp;*</label><input type=text name=started_on id=started_on value=""><button type=reset class=calendarStyle id=fieldDateTrigger_24></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "started_on",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_24",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=started_by_id id=started_by_id value="">

<li class="mainForm" id="fieldBox_26">
<label class="formFieldQuestion">priority&nbsp;*&nbsp;<a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>100 = Low
200- Normal
300 = High</span></a></label><select class=mainForm name=priority id=priority><option value=''></option><option value="300">300</option><option value="200">200</option><option value="100">100</option></select></li><input type=hidden name=state id=state value=""><input type=hidden name=order id=order value="0"><input type=hidden name=milestone_id id=milestone_id value="1"><input type=hidden name=is_private id=is_private value="0"><input type=hidden name=is_template id=is_template value="0"><input type=hidden name=from_template_id id=from_template_id value="0">

<li class="mainForm" id="fieldBox_33">
<label class="formFieldQuestion">repeat_end</label><input type=text name=repeat_end id=repeat_end value="0000-00-00 00:00:00"><button type=reset class=calendarStyle id=fieldDateTrigger_33></button><SCRIPT type='text/javascript'> Calendar.setup({
inputField : "repeat_end",
ifFormat : "%m/%d/%Y",
showsTime : false,
button : "fieldDateTrigger_33",
singleClick : true,
step : 1
});</SCRIPT></li><input type=hidden name=repeat_forever id=repeat_forever value=""><input type=hidden name=repeat_num id=repeat_num value="0"><input type=hidden name=repeat_d id=repeat_d value=""><input type=hidden name=repeat_m id=repeat_m value=""><input type=hidden name=repeat_y id=repeat_y value=""><input type=hidden name=repeat_by id=repeat_by value="'"><input type=hidden name=object_subtype id=object_subtype value="0">

<li class="mainForm" id="fieldBox_41">
<label class="formFieldQuestion">Fulfillment &nbsp;*&nbsp;<a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox></span></a></label><span><input class=mainForm type=checkbox name=field_41[] id=field_41_option_1 value="Provide Estimate For Fulfillment " /><label class=formFieldOption for="field_41_option_1"><strong>Provide Estimate For Fulfillment </strong><br>
</label></span></li>

<!-- end of this page -->

<!-- page validation -->
<SCRIPT type=text/javascript>
<!--
function validatePage1()
{
retVal = true;
if (validateField('Name','fieldBox_1','text',1) == false)
retVal=false;
if (validateField('Email','fieldBox_2','email',1) == false)
retVal=false;
if (validateField('Phone','fieldBox_3','phone',1) == false)
retVal=false;
if (validateField('parent_id','fieldBox_4','hidden',0) == false)
retVal=false;
if (validateField('title','fieldBox_5','text',1) == false)
retVal=false;
if (validateField('text','fieldBox_6','textarea',1) == false)
retVal=false;
if (validateDate('due_date','fieldBox_7','date',1,'','') == false)
retVal=false;
if (validateDate('start_date','fieldBox_8','date',0,'','') == false)
retVal=false;
if (validateField('assigned_to_company_id','fieldBox_9','hidden',0) == false)
retVal=false;
if (validateField('assigned_to_user_id','fieldBox_10','hidden',0) == false)
retVal=false;
if (validateDate('assigned_on','fieldBox_11','date',1,'','') == false)
retVal=false;
if (validateField('assigned_by_id','fieldBox_12','hidden',0) == false)
retVal=false;
if (validateField('time_estimate','fieldBox_13','hidden',0) == false)
retVal=false;
if (validateDate('completed_on','fieldBox_14','date',0,'','') == false)
retVal=false;
if (validateField('completed_by_id','fieldBox_15','hidden',0) == false)
retVal=false;
if (validateDate('created_on','fieldBox_16','date',1,'','') == false)
retVal=false;
if (validateField('created_by_id','fieldBox_17','hidden',0) == false)
retVal=false;
if (validateDate('updated_on','fieldBox_18','date',1,'','') == false)
retVal=false;
if (validateField('updated_by_id','fieldBox_19','hidden',0) == false)
retVal=false;
if (validateDate('trashed_on','fieldBox_20','date',0,'','') == false)
retVal=false;
if (validateField('trashed_by_id','fieldBox_21','hidden',0) == false)
retVal=false;
if (validateDate('archived_on','fieldBox_22','date',1,'','') == false)
retVal=false;
if (validateField('archived_by_id','fieldBox_23','hidden',0) == false)
retVal=false;
if (validateDate('started_on','fieldBox_24','date',1,'','') == false)
retVal=false;
if (validateField('started_by_id','fieldBox_25','hidden',0) == false)
retVal=false;
if (validateField('priority','fieldBox_26','menu',1) == false)
retVal=false;
if (validateField('state','fieldBox_27','hidden',0) == false)
retVal=false;
if (validateField('order','fieldBox_28','hidden',0) == false)
retVal=false;
if (validateField('milestone_id','fieldBox_29','hidden',0) == false)
retVal=false;
if (validateField('is_private','fieldBox_30','hidden',0) == false)
retVal=false;
if (validateField('is_template','fieldBox_31','hidden',0) == false)
retVal=false;
if (validateField('from_template_id','fieldBox_32','hidden',0) == false)
retVal=false;
if (validateDate('repeat_end','fieldBox_33','date',0,'','') == false)
retVal=false;
if (validateField('repeat_forever','fieldBox_34','hidden',0) == false)
retVal=false;
if (validateField('repeat_num','fieldBox_35','hidden',0) == false)
retVal=false;
if (validateField('repeat_d','fieldBox_36','hidden',0) == false)
retVal=false;
if (validateField('repeat_m','fieldBox_37','hidden',0) == false)
retVal=false;
if (validateField('repeat_y','fieldBox_38','hidden',0) == false)
retVal=false;
if (validateField('repeat_by','fieldBox_39','hidden',0) == false)
retVal=false;
if (validateField('object_subtype','fieldBox_40','hidden',0) == false)
retVal=false;
if (validateField('field_41','fieldBox_41','checkbox',1) == false)
retVal=false;

if(retVal == false)
{
alert('Please correct the errors. Fields marked with an asterisk (*) are required');
return false;
}
return retVal;
}
//-->
</SCRIPT>

<!-- end page validaton -->

<!-- next page buttons --><li class="mainForm">
<label class="formFieldQuestion">
Type the following:&nbsp;<a class=info href=#><img src=imgs/tip_small.png border=0><span class=infobox>For security purposes, please type the letters in the image.</span></a><BR><img src="CaptchaSecurityImages.php" />
</label>

<input id="captchaForm" name="security_code" class="mainForm" type="text"/>
</li><li class="mainForm">
<input id="saveForm" class="mainForm" type="submit" value="Submit" />
</li>

</form>
<!-- end of form -->
<!-- close the display stuff for this page -->
</ul></div><div id="footer"><p class="footer"><a class=footer href=http://www.removedforthisforumpurpose.com>We know how to help you!</a></p></div>

</body>
</html>
[\code]

To work with the post data you have there, you would just use $_post. i.e. the name the person enters in the name textbox would be
$_POST['Name']; the email they enter would be
$_POST['Email']; Get your post data that way and plug it into the code I posted to format it.

I am just using $_Post now and it's not working.

TheMadScientist brought up a good point regarding security. I'm not sure I'm using $_POST to insert directly into the DB. I thought I was using PHP server side language which is only viewable as HTML to the internet.

Again..
trblticket.php is where my form ** will reside
It's currently on trblticket.html which is above.
db_config.php is where my connection string resides.
trbltckinsert.php is where my insert statement and handlers reside.
trbltckinsert.php is the sending the $_POST variables to the DB which it is grabbing from trblticket.html (soon to be trbleticket.php)

I've briefly read about mysql_real_escape_string() but I haven't tried to implement this yet. This form isn't live yet.... I've got to get it to work with the insert into mysql before I try to impliment mysql_real_escape_string().

That is what I should use no? Any other suggestions?

The real escape string is fairly simple to use you just create your query as you would normally and then put it in that method.
I'm curious as to what other way you insert data into a database other than by post data. You put in things such as captcha and using the mysql_real... function to secure you site.

Haven't had a chance to try any of the suggestions yet. But as for inserting data into my DB in the mysql format I'm planning on trying the following:

for int I was going to try and cast the value in the string like...

instead of . $_POST['parent_id'] .
I'd use . (int)$_POST['parent_id'] .

Call me lazy...but if that will work it will save me time from typing
$parent_id=intval($_POST['parent_id'])
as well as having to modify more than just the $query

I don't know why I didn't join this forum along time ago. You guys and gals are quick with the replies. I'm not used to such great response times.... You're spoiling me you know.

Thanks again!

[edited by: DickWeed at 11:22 pm (utc) on Jan. 6, 2010]

I'm not sure I'm using $_POST to insert directly into the DB. I thought I was using PHP server side language which is only viewable as HTML to the internet.

You are...

The PHP is only 'seen by' the server, but since you allow me (or anyone) to enter info into your forms I (or anyone on the Internet) can put anything we feel like in there, including the very non-malicious ', which will break your insert and could expose DB information to anyone on the Internet who submits data with an ' in it... Try entering a name in your form like O'Connor. It'll break your insert because your data is not checked or escaped, unless magic_quotes is turned on, which is about worse than not checking the data submitted.

This is not the place to be lazy or take short cuts because you don't feel like typing ... 'script kiddy', or worse, might decide to try and have some fun with your databases and by not checking and escaping your data you're making it easy for them...

BTW: Welcome to WebmasterWorld

Yes entering O'Connor would break it, unless you use the mysql_real... function as he had previously stated. It takes care of most things of that nature. While no website is ever truly secure, you just have to make it better than "the next guy's" website and hackers will look for the easiest route. MadScientist, if using post data to enter in your website is bad, how do you recommend capturing data from a user and storing it in the DB?

I'm not saying entering POST data is bad at all...
Only not checking or escaping it in any way.

Let me clarify what I mean by 'Inserting Directly' into a DB...
I mean entering the $_POSTed array pieces into the DB without a single check.
IOW: The insert string being used in this thread...

Personally, I double check about everything with JS and PHP and basically force
visitors to have JS turned on by using AJAX for all form submissions...

IOW I make it a pain-in-the-a** to try and get past the scrubbing of entered
information for the reason you stated previously. The tougher you make it the
more likely someone is to move on when you store non-critical information so
there's really no incentive to keep trying when you can visit someone else's site
and do the same thing with 1/10th the effort.

[edited by: TheMadScientist at 11:46 pm (utc) on Jan. 6, 2010]

Well.... I'm really not lazy... But a little frustrated. I really do want to secure the form and protect my database as there is 4 years of data in there. I do back it up but why go through the headache of losing even a days worth of data if I don't have too.

Again...still haven't tried any suggestions.. I'm reading up more on PHP and I have a lot to catch up on.

Sincerely do appreciate your input Mad... was hoping you could walk me through one more time to insure I got it.

You recomended:

From your insert:
'" . $_POST['created_by_id'] . "'

Change to:

Before Your Insert:
$created_by_id=intval($_POST['created_by_id']);

In the Insert:
" . $created_by_id . "

So I should Create a list like the following for any field that needs to be transmitted to an int column in the DB just before my code:

include("db_config.php"); 
$link = mysql_connect($db_host,$db_user,$db_pass); 
if(!$link) die ('Could not create ticket. Could not connect to DB: '.mysql_error()); 
mysql_select_db($db_name,$link); 
$query = "INSERT into `".$db_table."`

And it should look something like this.....

$parent_id=intval($_POST['parent_id']);
$assigned_to_company_id=intval($_POST['assigned_to_company_id']);
$assigned_to_user_id=intval($_POST['assigned_to_user_id']);
$assigned_by_id=intval($_POST['assigned_by_id']);
$completed_by_id=intval($_POST['completed_by_id']);
$created_by_id=intval($_POST['created_by_id']);
$updated_by_id=intval($_POST['updated_by_id']);

How about the date? the open source calendar plugin I snagged, and for the sake of the users, currently inseerts the dates into the form field as
m/d/Y. How do I convert that back to Y-m-d h:i:s for mysql datetime?

can I pass the tinyint and small int using the intval as above too?

Sincerely appreciate your help. And please know I didn't mean to suggest I'm a part time hack. Just not all that familiar with PHP. Really new to it but been around long enough to know for my own sake and my systems sake short cuts are to be used very sparingly....

Thanks again.

Well, I'm a bit lazy too, because sometimes I use a foreach even though I usually recommend against it:

foreach($_POST as $k => $v) { 
 /* Find out if it should be an integer based on some known 
 portion of the key... I don't know your code very well, so I used _id. 
 If _id is part of the $_POST['key'] EG $_POST['key_id'] convert it to an integer. */ 
 if(strpos($k,'_id')!==FALSE) { 
 /* If the POST key contains _id convert it to an integer and set a variable variable  
 to the same name as the POST key */ 
 $$k=intval($v); 
 } 
 else { 
 /* If the POST key does not contain _id escape it and set a variable variable  
 to the same name as the POST key */ 
 $$k=mysql_real_escape_string($v); 
 } 
} 

Then you can just change your insert string from '".$_POST['key']."' to '".$key."'

* Make sure you connect to the DB before using mysql_real_escape_string() or you will get an error.

How about the date?

Use andrewsmd's code.

can I pass the tinyint and small int using the intval as above too?

Yes, they just need to be set as a numeric variable rather than a string variable
to work, so converting them using intval() will work.

Cool.....so I keep the code the way I had it. Right?

In regards to the mysql_real_escape_string()

where exactly to I place that? In my db_config.php file which contains the connection strings or in my processing file trbltckinsert.php (which I think is what you mean since this is where and when I initiate the connection to the db..... Please tell me if I am putting mysql_real_escape_string() in the correct spot.... as well as your nifty little _id function.

\\Put your code before the following?
include("db_config.php"); 
$link = mysql_connect($db_host,$db_user,$db_pass); 
if(!$link) die ('Could not create ticket. Could not connect to DB: '.mysql_error()); 
mysql_select_db($db_name,$link); 
$query = "INSERT into `".$db_table."`
\\ bla bla bla more SQL string goes here....into columns and VALUES
mysql_query($query);
\\ Put the mysql_real_escape_string() HERE? 
\\Do I just Put "mysql_real_escape_string()" and nothing to define ()?
mysql_close($link);

Now how about that tricky datetime problem

Thanks for the Date.... our posts missed eachother by a few seconds or I would have left out that last line...

Yes, leave it basically the way it is, then adjust to this:

include("db_config.php"); 
$link = mysql_connect($db_host,$db_user,$db_pass); 
if(!$link) die ('Could not create ticket. Could not connect to DB: '.mysql_error()); 
mysql_select_db($db_name,$link); 
foreach($_POST as $k => $v) {  
 if(strpos($k,'_id')!==FALSE) { 
 $$k=intval($v); 
 } 
 else { 
 $$k=mysql_real_escape_string($v); 
 } 
} 
  
$query = "INSERT into `".$db_table."` (Name /* ETC */) VALUES ('".$Name."' /* ETC */)  
mysql_query($query); 
mysql_close($link); 

Should get you close...

mysql_real_escape_string() is a pre-defined PHP function that works with a connection
to a MySQL DB, so you don't need to define it, just connect before you use it.

Quick question.....

Should I define Stime with or without the quotes?
$time = "$_POST['start_date']"; OR $time = $_POST['start_date'];

Without... Quotes just makes the parser work harder.
If you want to define a variable as a string use:
$time='';

To define it as a number use:
$time=0;

Otherwise it will be defined as whatever the information passed to it is, so in this case it would be defined as a string, even without the quotes, and should be fine...

Cool.... Very thankfull to both of you for your help. I'm re-writting all the code now and I'll let you know how it all worked out.

Thanks again!