...

View Full Version : Problem inserting NULL



Arcticwarrio
08-05-2012, 11:39 PM
how can i change this to inset null instead of blank???

this is the address bar:


http://***/mara/cat/adminproducts.php?Action=insert&SectionID=1&CategoryID=1&ProductID=34&ProductCode=62905&ProductName=Cloth+Sheets&CategoryID=1&ProductType=3M%28TM%29+314D+Utility+Cloth+Rolls+%26+Sheets&ProductDescription=A+resin+bond+J+weight+flexible+cloth+product%0D%0AUsed+for+all+maintenance+and+ge neral+workshop+applications%0D%0AAvailable+in+very+fine+grades+for+even+finer+finishes%0D%0ARolls%3A +1+roll+per+box%0D%0ASheets%3A+50+sheets+per+sleeve&Field0=Size&Value0=230mm+x+280mm&Field1=Grade&Value1=P50&Field2=&Value2=&Field3=&Value3=&Field4=&Value4=&Field5=&Value5=&CostPrice=0.00&SellPrice=54.03&PackQty=50+Sheets&submit=Insert


the problem lies with this line:




//inserts blank value
(!empty($_GET['Field3']) ? mysql_real_escape_string($_GET['Field3']) : NULL)


//inserts the word NULL
(!empty($_GET['Field3']) ? mysql_real_escape_string($_GET['Field3']) : "NULL")







and this is my insert script:


if ((isset($_GET['Action'])) && ($_GET['Action'] == 'insert')){
$ProductType = mysql_real_escape_string($_GET['ProductType']);
$ProductDescription = mysql_real_escape_string($_GET['ProductDescription']);
$Regme = Q("INSERT INTO tblproducts (
ProductName,
ProductCode,
CategoryID,
ProductType,
ProductDescription,
`Field[0]`,
`Value[0]`,
`Field[1]`,
`Value[1]`,
`Field[2]`,
`Value[2]`,
`Field[3]`,
`Value[3]`,
`Field[4]`,
`Value[4]`,
`Field[5]`,
`Value[5]`,
CostPrice,
SellPrice,
PackQty
)VALUES (
'".mysql_real_escape_string($_GET['ProductName'])."',
'".mysql_real_escape_string($_GET['ProductCode'])."',
'".mysql_real_escape_string($_GET['CategoryID'])."',
'".$ProductType."',
'".$ProductDescription."',
'".(!empty($_GET['Field0']) ? mysql_real_escape_string($_GET['Field0']) : NULL)."',
'".(!empty($_GET['Value0']) ? mysql_real_escape_string($_GET['Value0']) : NULL)."',
'".(!empty($_GET['Field1']) ? mysql_real_escape_string($_GET['Field1']) : NULL)."',
'".(!empty($_GET['Value1']) ? mysql_real_escape_string($_GET['Value1']) : NULL)."',
'".(!empty($_GET['Field2']) ? mysql_real_escape_string($_GET['Field2']) : NULL)."',
'".(!empty($_GET['Value2']) ? mysql_real_escape_string($_GET['Value2']) : NULL)."',
'".(!empty($_GET['Field3']) ? mysql_real_escape_string($_GET['Field3']) : NULL)."',
'".(!empty($_GET['Value3']) ? mysql_real_escape_string($_GET['Value3']) : NULL)."',
'".(!empty($_GET['Field4']) ? mysql_real_escape_string($_GET['Field4']) : NULL)."',
'".(!empty($_GET['Value4']) ? mysql_real_escape_string($_GET['Value4']) : NULL)."',
'".(!empty($_GET['Field5']) ? mysql_real_escape_string($_GET['Field5']) : NULL)."',
'".(!empty($_GET['Value5']) ? mysql_real_escape_string($_GET['Value5']) : NULL)."',
'".mysql_real_escape_string($_GET['CostPrice'])."',
'".mysql_real_escape_string($_GET['SellPrice'])."',
'".mysql_real_escape_string($_GET['PackQty'])."'
)");
$_GET['ProductID'] = mysql_insert_id();
}

Arcticwarrio
08-05-2012, 11:59 PM
p.s.

print_r is showing


INSERT INTO tblproducts ( ProductName, ProductCode, CategoryID, ProductType, ProductDescription, `Field[0]`, `Value[0]`, `Field[1]`, `Value[1]`, `Field[2]`, `Value[2]`, `Field[3]`, `Value[3]`, `Field[4]`, `Value[4]`, `Field[5]`, `Value[5]`, CostPrice, SellPrice, PackQty )VALUES ( 'Cloth Sheets', '62903', '1', '3M(TM) 314D Utility Cloth Rolls & Sheets', 'A resin bond J weight flexible cloth product\r\nUsed for all maintenance and general workshop applications\r\nAvailable in very fine grades for even finer finishes\r\nRolls: 1 roll per box\r\nSheets: 50 sheets per sleeve', 'Size', '230mm x 280mm', 'Grade', 'P80', '', '', '', '', '', '', '', '', '0.00', '46.50', '50 Sheets' )

Arcticwarrio
08-06-2012, 12:18 AM
nvm i fixed it, thanks for looking



$Field0=(strlen($_GET['Field0']) > 0 ? "'".mysql_real_escape_string($_GET['Field0'])."'" : 'NULL');
$Value0=(strlen($_GET['Value0']) > 0 ? "'".mysql_real_escape_string($_GET['Value0'])."'" : 'NULL');
$Field1=(strlen($_GET['Field1']) > 0 ? "'".mysql_real_escape_string($_GET['Field1'])."'" : 'NULL');
$Value1=(strlen($_GET['Value1']) > 0 ? "'".mysql_real_escape_string($_GET['Value1'])."'" : 'NULL');
$Field2=(strlen($_GET['Field2']) > 0 ? "'".mysql_real_escape_string($_GET['Field2'])."'" : 'NULL');
$Value2=(strlen($_GET['Value2']) > 0 ? "'".mysql_real_escape_string($_GET['Value2'])."'" : 'NULL');
$Field3=(strlen($_GET['Field3']) > 0 ? "'".mysql_real_escape_string($_GET['Field3'])."'" : 'NULL');
$Value3=(strlen($_GET['Value3']) > 0 ? "'".mysql_real_escape_string($_GET['Value3'])."'" : 'NULL');
$Field4=(strlen($_GET['Field4']) > 0 ? "'".mysql_real_escape_string($_GET['Field4'])."'" : 'NULL');
$Value4=(strlen($_GET['Value4']) > 0 ? "'".mysql_real_escape_string($_GET['Value4'])."'" : 'NULL');
$Field5=(strlen($_GET['Field5']) > 0 ? "'".mysql_real_escape_string($_GET['Field5'])."'" : 'NULL');
$Value5=(strlen($_GET['Value5']) > 0 ? "'".mysql_real_escape_string($_GET['Value5'])."'" : 'NULL');


if ((isset($_GET['Action'])) && ($_GET['Action'] == 'insert')){
$ProductType = mysql_real_escape_string($_GET['ProductType']);
$ProductDescription = mysql_real_escape_string($_GET['ProductDescription']);
$Regme = Q("INSERT INTO tblproducts (
ProductName,
ProductCode,
CategoryID,
ProductType,
ProductDescription,
`Field[0]`,
`Value[0]`,
`Field[1]`,
`Value[1]`,
`Field[2]`,
`Value[2]`,
`Field[3]`,
`Value[3]`,
`Field[4]`,
`Value[4]`,
`Field[5]`,
`Value[5]`,
CostPrice,
SellPrice,
PackQty
)VALUES (
'".mysql_real_escape_string($_GET['ProductName'])."',
'".mysql_real_escape_string($_GET['ProductCode'])."',
'".mysql_real_escape_string($_GET['CategoryID'])."',
'".$ProductType."',
'".$ProductDescription."',
".$Field0.",
".$Value0.",
".$Field1.",
".$Value1.",
".$Field2.",
".$Value2.",
".$Field3.",
".$Value3.",
".$Field4.",
".$Value4.",
".$Field5.",
".$Value5.",
'".mysql_real_escape_string($_GET['CostPrice'])."',
'".mysql_real_escape_string($_GET['SellPrice'])."',
'".mysql_real_escape_string($_GET['PackQty'])."'
)");

AndrewGSW
08-06-2012, 02:27 AM
You could investigate prepared statements (http://il.php.net/manual/en/mysqli.quickstart.prepared-statements.php) which would avoid the need to real escape all the data.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum