www.webdeveloper.com
Page 2 of 2 FirstFirst 12
Results 16 to 20 of 20

Thread: Insert PHP variable in to MySQL database?

  1. #16
    Join Date
    Jul 2009
    Posts
    23

    Exclamation

    Quote Originally Posted by Mindzai View Post
    Just pass in the userid when you call the function. For example:

    PHP Code:
    function saveItem($userid) {
        echo 
    "User ID: $userid";
    }

    $userid 66;
    saveItem($userid); 
    This may also help, especially the part about parameters.
    Thank's for your helpful response, I've tried placing the $userid variable in a function and calling it but the value that is sent is still null.

    If on the other hand I specify a value above the function call like in your example:

    $userid = 66;
    saveItem($userid);

    Then the value 66 is inserted in the database.

    But the value that I am trying to insert isn't a specific value like 66, rather it has been taken from the database and stored in a variable ($userid).

    Is it possible for you to show me what the code would look like, based on my code for inserting value from the variable $userid in to the database?

    - The insert query is in function SaveItem()

  2. #17
    Join Date
    Nov 2008
    Posts
    2,477
    Please post your full code as you have it now (inside [php] tags ) and I will take a look.

  3. #18
    Join Date
    Jul 2009
    Posts
    23

    Exclamation

    Quote Originally Posted by Mindzai View Post
    Please post your full code as you have it now (inside [php] tags ) and I will take a look.
    Hi again, thank's for continuing to help, here is the full code:

    PHP Code:
    <?php
    include("scripts/dbconnection.php"); //start database connection

    //checks cookies to make sure they are logged in
    if(isset($_COOKIE['ID_my_site']))
    {
    $email $_COOKIE['ID_my_site'];
    $pass $_COOKIE['Key_my_site'];
    $query "SELECT forename, surname FROM user WHERE email = '$email'";
    $result mysql_query($query) or die(mysql_error());
    $row mysql_fetch_array($result) or die(mysql_error());
    $check mysql_query("SELECT * FROM user WHERE email = '$email'")or die(mysql_error());
    while(
    $info mysql_fetch_array$check ))
    {

    //if the cookie has the wrong password, they are taken to the login page
    if ($pass != $info['password'])
    header("Location: login.php");
    }

    //otherwise they are shown the admin area
    else
    {
    }
    }
    }
    else

    //if the cookie does not exist, they are taken to the login screen
    {
    header("Location: login.php");
    }
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <title>Cleaning Rota - Options</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta http-equiv="Content-Style-Type" content="text/css" />
    <link href="css/layout.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
    <noscript><p>** Scripts have been disabled in your web browser, as a result of this some features may be unavailable. **</p></noscript>
    <div id="rotamenu"> <br />
    <?php
    $useridquery 
    "SELECT userid FROM user WHERE email = '$email'";
    $result mysql_query($useridquery);
    while (
    $row mysql_fetch_assoc($result)) {
    $userid $row["userid"];
    }

    switch(
    $_GET['action']){
    case 
    'delete':
    $title 'Delete a Person';
    $content DeleteItem();
    break;
    case 
    'new':
    $title 'Add a Person';
    $content ManageItem();
    break;
    case 
    'save':
    $title 'Save a Person';
    $content SaveItem();
    break;
    default:
    $title 'Options';
    $content ShowList();
    break;
    }


    function 
    ShowList(){
    // we are showing the table, no initial actions are needed
    // so we'll jump straight into the table

    $output '<table border="1" width="620" cellpadding="9" style="border-collapse: collapse">
    <tr>
    <th>Person</th>
    <th width="76">Action</th>
    </tr>'
    ;

    // run the query, we're putting the things that aren't purchased at the top
    $query mysql_query("select * from rota where userid='$userid' order by person asc");

    // loop all the records
    while($row mysql_fetch_assoc($query)){
    $output .= '<tr>';
    $output .= '<td>' $row['person'] . '</td>';
    $output .= '<td width="76"><a href="?action=edit&personid=' $row['personid'] . '"> ';

    // need to add slashes as we're dealing with javascript here
    $output .= '<a href="javascript:checkDelete(\'' addslashes($row['person']) . '\',' $row['personid'] . ');">Delete</a></td>';
    $output .= '</tr>';
    }
    $output .= '</table>';

    return 
    $output;
    }

    function 
    DeleteItem(){

    // in the query we convert it to an integer to prevent any injection
    if(mysql_query("delete from rota where personid='".(int)$_GET['personid']."'")){
    $output '<b>One member has been removed from the cleaning rota.</b><br/><br/>';
    }else{
    $output '<b>An Error Occurred: ' mysql_error() . '</b><br><br>';
    }
    // show the list
    $output .= ShowList();

    return 
    $output;
    }

    function 
    ManageItem(){
    if(isset(
    $_GET['personid'])){
    // if we're editing we need to grab the stuff from the database

    // convert to integer (if its not a number it'll become zero
    $personid= (int)$_GET['personid'];

    $query mysql_query("select * from rota where personid='" $personid "' limit 1");
    $row mysql_fetch_assoc($query);
    }else{
    // set up blank array
    $row['personid'] = '';
    $row['person'] = '';
    }

    // we have lots of HTML here, so we're breaking out of PHP, but we need to stop it outputting
    // so we'll use output buffering and capture the result

    ob_start();
    ?>
    <form method="POST" action="<?=$_SEVER['PHP_SELF']?>?action=save">
    <?php

    if(isset($_GET['personid']) && $personid 0){
    echo 
    '<input type="hidden" name="personid" value="' $personid '">';
    }

    ?>
    <table border="0" width="450">
    <tr>
    <td><font size="2">Person:</font></td>
    <td><input type="text" name="person" size="20" value="<?php echo htmlspecialchars($row['person']); ?>"></td>
    </tr>
    <tr>
    <td colspan="2">
    <p align="center">
    <input type="submit" value="Add Person" name="submit"></td>
    </tr>
    </table>
    </form>
    <?php
    // get output buffer and then clean it up
    $output ob_get_contents();
    ob_end_clean();

    return 
    $output;
    }

    function 
    SaveItem(){

    if(isset(
    $_POST['personid'])){
    // we are updating
    // using our custom db escape function
    $query 'update `rota` set ';
    $query .= " `person`='".db_escape($_POST['person'])."', ";
    $query .= " where personid='".(int)$_POST['personid']."' limit 1";

    if(
    mysql_query($query)){
    $output '<b>Your person has been updated.</b><br/><br/>';
    }else{
    $output '<b>An Error Occurred: ' mysql_error() . '</b><br><br>';
    }

    }else{
    // we are adding

    // we are updating
    // using our custom db escape function
    $query "INSERT INTO rota (userid, person) VALUES ('$userid','".db_escape($_POST['person'])."')";

    if(
    mysql_query($query)){
    $output '<b>One person has been added to the cleaning rota.</b><br/><br/>';
    }else{
    $output '<b>An Error Occurred: ' mysql_error() . '</b><br><br>';
    }
    }
    // show the list
    $output .= ShowList();

    return 
    $output;

    }

    function 
    db_escape($string){
    if(
    function_exists('mysql_real_escape_string')){
    return 
    mysql_real_escape_string($string);
    }else{
    return 
    mysql_escape_string($string);
    }
    }
    ?>

    <style>
    body,table, td, th, tr {
    font-family: georgia;
    font-size: 10pt;
    }
    </style>
    <script>
    function checkDelete(person,personid){
    if(confirm('Are you sure you want to remove "'+ person +'" from the rota?')){
        window.location = '?action=delete&personid='+personid;
    }else{

    }
    }
    </script>
    <h1>Cleaning Rota - <?=$title?></h1>
    <a href="/hms/rota5.php">Summary</a>  |  <a href="/hms/rotaoptions.php?action=new">Add Someone</a>  |  <a href="/hms/rotaoptions.php">Remove Someone</a><br><br>
    <?=$content?>
    </div>
    </body>
    </html>

  4. #19
    Join Date
    Nov 2008
    Posts
    2,477
    Well you still aren't passing in the $userid variable as a parameter to your SaveItem function. You need to change the function declaration like so:

    PHP Code:
    function SaveItem($userid) {
        
    // ... 
    Then when you call the function, supply the user id:

    PHP Code:
    $content SaveItem($userid); 
    A couple of other things, you need to escape all user input. Currently I could manually set a cookie value which would inject SQL into your queries. Data from cookies should be treated with the same suspicion as any other user-supplied data. You already have a function for cleaning data so you just need to call it.

    Also you will probably find it easier to write cleaner code if you indent statements. If nothing else it makes it easier to read.

  5. #20
    Join Date
    Jul 2009
    Posts
    23

    Post

    Thank's for all of your feedback Mindzai, it's really useful. I think I'm sorted now, just in the process of implementing all of the changes that you suggested!

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles