Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Regular Coder
    Join Date
    Jan 2007
    Posts
    154
    Thanks
    52
    Thanked 0 Times in 0 Posts

    Striplashes to database

    Hi all. Very quick question (I hope!)

    I'm trying to post some values to my database onsubmit.

    The field names in the db are correct and the first two values sumbit (the id and product number)

    Here is the complete php code. Really appreciate any help as this is driving me crazy!!

    PHP Code:

    <?php session_start();

        if (isset(
    $_SESSION['again'])) {
            
    $again $_SESSION['again'];
            unset(
    $_SESSION['again']);
        }

        
    // Include the MySQL Connect file.
        
    include('admin/components/mysql_connect.inc');
        
    // Include a function to build the URL.
        
    include('components/build-url.php');
        
    // Include the code to build the query.
        
    include('components/build-query.php');
        
        
        
    // Ensure there's an ID and validate it
        
    if (!isset($_GET['carpet']) || !is_numeric($_GET['carpet'])) {
            
    header('Location: /results.php');
            exit;
        }
        else {
            
    $id $_GET['carpet'];     
                
            
    $query "SELECT products.*, ranges.*, manufacturers.*, piles.* FROM products, ranges, manufacturers, piles WHERE products.range_id=ranges.range_id AND ranges.manufacturer_id=manufacturers.manufacturer_id AND ranges.pile_id=piles.pile_id AND products.product_id=" mysql_real_escape_string($id);      
            
    $result mysql_query($query);
            
            if (
    mysql_num_rows($result) != 1) {
                
    header('Location: /results.php');
                exit;
            }
            else {
                
    $row mysql_fetch_assoc($result);
                
                
    $product_image $row['product_image'];
                
    $product_name $row['product_name'];
                
    $range_name $row['range_name'];
                
    $product_description $row['product_description'];
                
    $range_on_sale $row['range_on_sale'];
                
    $range_resell_price $row['range_resell_price'];
                
    $range_sale_discount $row['range_sale_discount'];
                
    $manufacturer_name $row['manufacturer_name'];
                
    $range_backing $row['range_backing'];
                
    $range_width $row['range_width'];
                
    $pile_name $row['pile_name'];
                
    $range_warranty $row['range_warranty'];
                
    $range_british_wool $row['range_british_wool'];
                
    $room_id $row['room_id'];
                
    $range_id $row['range_id'];
            
                
                
                
    $query2 "SELECT * FROM fitting WHERE fitting_id=1";      
                
    $result2 mysql_query($query2);
                
    $row2 mysql_fetch_assoc($result2);
                
                
    $fitting_price $row2['fitting_price'];
            }

        }
        
        
        if (
    $_GET['unknown']) {
            
            
    // Ensure there's an ID and validate it
            
    if (!isset($_GET['carpet']) || !is_numeric($_GET['carpet'])) {
                
    header('Location: /results.php');
                exit;
            }
            
            if (
    $range_on_sale == 'Y') { 
                
    $basket_carpet_price number_format($range_resell_price/100*(100-$range_sale_discount), 2);
            }
            else {
                
    $basket_carpet_price $range_resell_price;    
            }
                
                        
    $query sprintf("INSERT INTO basket (product_id, basket_name, session_id, ) VALUES ('$id', '%s', '%s')",
                    
    mysql_real_escape_string(stripslashes(strip_tags($_POST['roomsize']))),
                    
    mysql_real_escape_string(session_id()));

                    
                
            
    $result mysql_query($query);
                
            
    $_SESSION['url'] = $_SERVER['REQUEST_URI'];
            
    $_SESSION['just_added'] = $_GET['carpet'];
            
    $_SESSION['room_name'] = 'Unnamed Room';
            
    $_SESSION['unknown'] = 'Y';
                
            
    header('Location: /basket.php');
            
        }

    ?>



    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <link rel="stylesheet" href="css/lightbox.css" type="text/css" media="screen" />


    </head>
    <body>
    <form action="" method="post" name="confirm_form">

            
    <select name="roomsize" size="1">
    <option value="Living Room" <?php if ($_POST['roomsize'] == 'Living Room') { echo 'selected="selected"'; } ?>>Living Room</option>
    <option value="Bedroom 1" <?php if ($_POST['roomsize'] == 'Bedroom 1') { echo 'selected="selected"'; } ?>>Bedroom 1</option>
    <option value="Bedroom 2" <?php if ($_POST['roomsize'] == 'Bedroom 2') { echo 'selected="selected"'; } ?>>Bedroom 2</option>
    </select>     

    </form>

      <?php 
                
                
                
    if ($_SESSION['unknown']) { 
                    echo 
    '<a href="1702.php?carpet=' $id '&amp;unknown=y" target="_parent"><img src="/images/basketlink.jpg" border="0" alt="ADD >" title="ADD >" /></a>';
                } 
                else {
                    echo 
    '<a href="1702.php?carpet=' $id '&amp;unknown=y" target="_parent"><img src="/images/basketlink.jpg" border="0" alt="ADD >" title="ADD >" /></a>';    
                }
                
    ?>
                
           
    </body>
    </html>

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Change
    PHP Code:
    $result mysql_query($query); 
    to
    PHP Code:
    $result mysql_query($query) or die($query."<br>Error:"mysql_error()); 
    to check whether the query is getting populated well.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Regular Coder
    Join Date
    Jan 2007
    Posts
    154
    Thanks
    52
    Thanked 0 Times in 0 Posts
    Thanks for reply. The error showed me I had a trailing comma at the end of my $query. This did not fix the entry problem however.

    product_id goes into db
    session_id goes into db

    basket_name does not go into db

    I think the problem must lie within the:

    PHP Code:
    <select name="roomsize" size="1">
    <option value="Living Room" <?php if ($_POST['roomsize'] == 'Living Room') { echo 'selected="selected"'; } ?>>Living Room</option>
    <option value="Bedroom 1" <?php if ($_POST['roomsize'] == 'Bedroom 1') { echo 'selected="selected"'; } ?>>Bedroom 1</option>
    <option value="Bedroom 2" <?php if ($_POST['roomsize'] == 'Bedroom 2') { echo 'selected="selected"'; } ?>>Bedroom 2</option>
    </select>
    or in the mysql_real_escape_string(stripslashes(strip_tags($_POST['roomsize']))),

    Help!?

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Help!?
    Please show the output of what I've suggested.
    Last edited by abduraooft; 12-08-2010 at 09:34 AM.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    Regular Coder
    Join Date
    Jan 2007
    Posts
    154
    Thanks
    52
    Thanked 0 Times in 0 Posts
    The output is that page redirects to the basket page which is correct. With the comma in I get:
    PHP Code:
    INSERT INTO basket (product_idbasket_namesession_id, ) VALUES ('666''''8fc21078ab0e220873436d6b90712691'
    I can see by looking in the mysql database what has been inserted.

    Database screenshot:
    Last edited by thoford75; 12-08-2010 at 09:41 AM.

  • #6
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Oh..sorry, that won't show anything if there's no error. What do you get for
    PHP Code:
    echo '<pre>';
    print_r($_POST);
    echo 
    '</pre>';

    echo 
    $query
    there?
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • Users who have thanked abduraooft for this post:

    thoford75 (12-08-2010)

  • #7
    Regular Coder
    Join Date
    Jan 2007
    Posts
    154
    Thanks
    52
    Thanked 0 Times in 0 Posts
    PHP Code:
    Array
    (
    )
    INSERT INTO basket (product_idbasket_namesession_idVALUES ('666''''8fc21078ab0e220873436d6b90712691'

  • #8
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Array
    (
    )
    Means, your $_POST array is empty! Have you specified the method="post" attribute to your form?
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #9
    Regular Coder
    Join Date
    Jan 2007
    Posts
    154
    Thanks
    52
    Thanked 0 Times in 0 Posts
    Yes.

    PHP Code:
    <form action="" method="post" name="confirm_form">

            
    <select name="roomsize" size="1">
    <option value="Living Room" <?php if ($_POST['roomsize'] == 'Living Room') { echo 'selected="selected"'; } ?>>Living Room</option>
    <option value="Bedroom 1" <?php if ($_POST['roomsize'] == 'Bedroom 1') { echo 'selected="selected"'; } ?>>Bedroom 1</option>
    <option value="Bedroom 2" <?php if ($_POST['roomsize'] == 'Bedroom 2') { echo 'selected="selected"'; } ?>>Bedroom 2</option>
    </select>     

    </form>
    Not sure if the form is submitting correctly though.

  • #10
    Regular Coder
    Join Date
    Jan 2007
    Posts
    154
    Thanks
    52
    Thanked 0 Times in 0 Posts
    Not sure if the form is submitting correctly though.
    Ill expand on this.

    The submit button in the form is:

    PHP Code:
    echo '<a href="1702.php?carpet=' $id '&amp;unknown=y" target="_parent"><img src="/images/basketlink.jpg" border="0" alt="ADD >" title="ADD >" /></a>'
    At the top of the page the script to process this is:

    PHP Code:
    if ($_GET['unknown']) {
            
            
    // Ensure there's an ID and validate it
            
    if (!isset($_GET['carpet']) || !is_numeric($_GET['carpet'])) {
                
    header('Location: /results.php');
                exit;
            }
            
            
                
                        
    $query sprintf("INSERT INTO basket (product_id, basket_name, session_id) VALUES ('$id', '%s', '%s')",
                    
    mysql_real_escape_string(stripslashes(strip_tags($_POST['roomsize']))),
                    
    mysql_real_escape_string(session_id()));

                    
                
            
    $result mysql_query($query) or die($query."<br>Error:"mysql_error());  
                
            
    $_SESSION['url'] = $_SERVER['REQUEST_URI'];
            
    $_SESSION['just_added'] = $_GET['carpet'];
            
    $_SESSION['room_name'] = 'Unnamed Room';
            
    $_SESSION['unknown'] = 'Y';
                
            
    header('Location: /basket.php');
            
        } 
    I wonder if i need to create a 'bridged' page to process this submit before the headers redirect to basket.php....?

  • #11
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Ill expand on this.

    The submit button in the form is:
    There's the catch! An anchor can't behave like a "submit" button. You'd either need to use an input-submit / button-submit element Or an input-image, like
    Code:
    <input type="image" src="/images/basketlink.jpg" border="0" alt="ADD" value="ADD" >
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • Users who have thanked abduraooft for this post:

    thoford75 (12-08-2010)

  • #12
    Regular Coder
    Join Date
    Jan 2007
    Posts
    154
    Thanks
    52
    Thanked 0 Times in 0 Posts
    Excellent! That fixed it! Changed my code to:
    PHP Code:

    <form action="1702.php?carpet=<?php echo $id?>&amp;unknown=y" target="_parent" method="post">

            
    <select name="roomsize" size="1">
    <option value="Living Room" <?php if ($_POST['roomsize'] == 'Living Room') { echo 'selected="selected"'; } ?>>Living Room</option>
    <option value="Bedroom 1" <?php if ($_POST['roomsize'] == 'Bedroom 1') { echo 'selected="selected"'; } ?>>Bedroom 1</option>
    <option value="Bedroom 2" <?php if ($_POST['roomsize'] == 'Bedroom 2') { echo 'selected="selected"'; } ?>>Bedroom 2</option>
    </select>     
    <input name="" type="submit" />
    </form>
    Shame an anchor can't behave like the submit button but there's always another way. Thanks again!

  • #13
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Quote Originally Posted by thoford75 View Post
    Shame an anchor can't behave like the submit button but there's always another way. Thanks again!
    anchor has its own purpose ans is doing well that
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •