0

I am trying to get the right syntax to insert the variables from my form in to the database table.

here is my form...

<form name="texcom_daily" method="POST" action="actions/siteSubmit.php">
<input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" />
<table width="450px">
</tr>
<tr>
 <td valign="top">
  <label for="first_name">First name *</label>
 </td>
 <td valign="top">
  <input  type="text" value="<?php echo $_SESSION['first'] ?>" name="first_name" maxlength="50" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="last_name">Last name *</label>
 </td>
 <td valign="top">
  <input  type="text" value="<?php echo $_SESSION['last']?>" name="last_name" maxlength="50" size="40">
 </td>
</tr>
<tr>
 <td valign="top">
  <label for="email">Email Address *</label>
 </td>
 <td valign="top">
  <input  type="text" name="email" value="<?php echo $_POST['email']?>" maxlength="80" size="40">
 </td>

</tr>

<tr>
 <td valign="top">
  <label for="telephone">Telephone Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="telephone" value="<?php echo $_POST['telephone']?>" maxlength="40" size="40">

 </td>
</tr>

<tr>
 <td valign="top">
  <label for="truck_number">Truck Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="truck_number" value="<?php echo $_POST['truck_number']?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="truck_milage">Truck Mileage *</label>
 </td>
 <td valign="top">
  <input  type="text" name="truck_mileage" value="<?php echo $_POST['truck_mileage'] ?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="carrier">Carrier *</label>
 </td>
 <td valign="top">
  <input  type="text" name="carrier" maxlength="40" value="<?php echo $_POST['carrier']?>" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="site_number">Site Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="site_number" value="<?php echo $_POST['site_number']?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
 <label for="lat">Latitude:</label>
 </td>
  <td valign="top">
 <INPUT type="text" name="lat" ID="lat" value="<?php echo $_POST['lat']?>" maxlength="40" size="40">
 </td>
 </tr>

 <tr>
 <td valign="top">
 <label for="longitude">Longitude:</label>
 </td>
  <td valign="top">
 <input type="text" name="longitude" ID="longitude" value="<?php echo $_POST['longitude']?>" maxlength="40" size="40">
 </td>
 </tr>

<tr>
 <td valign="top">
  <label for="comments">Comments *</label>
 </td>
 <td valign="top">
  <textarea  name="comments" maxlength="1000" cols="40" rows="6"><?php echo $_POST['comments']?></textarea>
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="job_completion">Job Completion *</label>
 <td colspan="2" style="text-align">
  <?php $job_completion = isset($_POST['job_completion']) ? $_POST['job_completion'] : ''; ?> 
<input type="radio" name="job_completion" value="Yes" <?php echo $job_completion === 'Yes' ? "checked='checked'" : ''?> > Yes&nbsp;&nbsp;
<input type="radio" name="job_completion" value="No" <?php echo $job_completion === 'No' ? "checked='checked'" : ''?>> No
 </td>
</tr>
</table>
</form>

here is the sql statements. the first one works but the sql2 is not entering data into the database. 

      $sql = "INSERT INTO documents (id, userid, description, name, date) VALUES (NULL, {$_SESSION['id']}, '{$description}' ,'{$filename}', NOW())"; 
     $success = mysql_query($sql);  


     $sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) 
   VALUES  ( '$_POST[first]', '$_POST['last']', '$_POST['email']', '$_POST['telephone']', '$_POST['truck_number']', '$_POST['truck_mileage']', '$_POST['carrier']', '$_POST['site_number']', '$_POST['lat']', '$_POST['longitude']', '$_POST['comments']', '$_POST['job_completion']')";
     $success2 = mysql_query($sql2);
Improve this question
1
  • You don't escape user input which makes you wide open for attack. It also can cause your query to fail if certain data is provided. Commented Mar 5, 2014 at 21:18

2 Answers 2

Reset to default
1

Try this. You should always escape values using mysql_real_escape_string before submitting values to a database.

$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES  ( '" . $_POST['first'] . "', '" . $_POST['last'] . "', '" . $_POST['email'] . "', '" . $_POST['telephone']. "', '" . $_POST['truck_number'] . "', '" . $_POST['truck_mileage'] . "', '" . $_POST['carrier'] . "', '" . $_POST['site_number'] . "', '" . $_POST['lat'] . "', '" . $_POST['longitude'] . "', '" . $_POST['comments'] . "', '" . $_POST['job_completion'] . "')";
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

thank you but nothing gets entered to the database... neither statement.
did you look at the form? I am wondering if I am calling these variables correctly... Would you mind looking and making sure?
@NichoDiaz Firstly, you aren't starting the session anywhere. You shouldn't be using '$_SESSION' if you haven't started the session anywhere. Secondly, there's no need for the value field in the input tags. Fix these two things and it should work. If it still doesn't works, please run this and post the output in your question. var_dump($sql2); var_dump($success2);
The session has started just not where I should you. This is simply a form only accessible to people who are logged in. And your looking at the php when they click submit
@NichoDiaz Alright, so I guess your script works now ?
0

You have a typo here: '$_POST[first]' And I would prefer to concatenate the variables instead. Bothersome, but secure way. Try this instead:

"INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES ('" . $_POST['first'] . "', '" . $_POST['last'] "', '" ... etc

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.