0

I am building a mini library management system but ran into a few issues and was hoping I could get some tips and suggestions.

Currently I have two pages: one insert.php, and one HTML page.

When I successfully insert a book or transaction into the database a new page opens up and I receive a success status message.

  1. Is it possible to combine both these pages into one and return the success message below the submit button?

  2. I tried using the following to pull lms_status_types_status_id directly from the database but failed:

    <select  name="lms_status_types_status_id" id="individual" multiple="multiple">
<option value="0" SELECTED>Select User</option> 
<?php foreach($RET as $userdata){ ?>
<option value="<?php echo $userdata['lms_status_types_status_id']; ?>"></option>
<?php } ?>
</select>

Any idea what I am doing wrong here?

I have tried asking Google for help but found it difficult to implement what was floating around. I am entirely new to php so please excuse me!

insert.php

<?php

$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

$RET = DBGet(DBQuery("SELECT * FROM lms_transactions")); 

mysql_select_db("my_db", $con);

$sql="INSERT INTO lms_books (book_id, tag, title, author, year)
  VALUES
('$_POST[book_id]','$_POST[tag]','$_POST[title]' ,'$_POST[author]' ,'$_POST[year]')";


$sql="INSERT INTO lms_transactions (student_id, lms_books_tag, lms_books_book_id, lms_status_types_status_id)
VALUES
('$_POST[student_id]','$_POST[lms_books_tag]','$_POST[lms_books_book_id]','$_POST[lms_status_types_status_id]')";


if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con);
?>

HTML File

<h2> Library Management System</h2>

<h3>Check-In/Check-Out Book:</h3>
<form action="/insert.php" method="post">
Student ID: <input type="text" name="student_id">
Book Tag: <input type="text" name="lms_books_tag">
Book ISBN: <input type="text" name="lms_books_book_id">
Status: <select name="lms_status_types_status_id">
    <option value="Checked-In">Checked-In</option>
    <option value="Checked-Out">Checked-Out</option>
    </select>
<input type="submit">
</form>


<h3>Insert Book:</h3>
<form action="/insert.php" method="post">
Book ISBN: <input type="text" name="book_id">
Tag: <input type="text" name="tag"> 
Title: <input type="text" name="title">
Author: <input type="text" name="author">
Year: <input type="text" name="year">
<input type="submit">
</form>
Improve this question
3
  • 1
    Your code has SQL injection issues. It also looks like you are using a couple of different database access methods. Commented Jan 20, 2013 at 3:59
  • @datasage Yes I've mashed this all up from a couple of places. I will clean it out and try posting a more consistent and revised version. Thanks! Commented Jan 20, 2013 at 5:56
  • about your first question to combine the 2 pages you can by doing <form action="<?php echo $_SERVER['PHP_SELF']; ?>" about the second question, as @child_Gilovitz already gave you some guidance I will not repeat what has been said Commented Jun 1, 2015 at 16:35

1 Answer 1

Reset to default
1

You are declaring the variable $sql twice, which means that when it comes to the mysql_query() function, only the second query string will ever be used.

Yes, it is possible to combine the HTML and the PHP on the same page. You can just put the PHP above the HTML and wrap it in an if($_POST){} (or if(!$_POST){}, depending on what you're trying to do). You then have the form submit to its own page.

Also, you should clean your POST inputs before inserting them into your database or you are opening yourself up to security risks as datasage mentions.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I didn't realize the $sql issue till you pointed it out. Could you guide me in the right direction on how to post multiple queries and call them? Meanwhile, I will try and post a revised and more consistent version as per your and datasage's comments. Appreciate it!
OK, very briefly, you need to: 1. Identify which form has been submitted - you might do that by if($_POST['student_id']{ //code for producing sql statement for the first form } elseif($_POST['book_id']{ //code for producing sql statemnt for second form } else { //whatever } 2. Then generate your sql query based on the statement you produced above. You might like to use different conditions in the if statements. You could even pass a unique variable in a hidden form input to determine which form has been submitted.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.