2

Firstly forgive the use of mysql_*, I appreciate it is depreciated but for completely ridiculous reasons I have to use it for this project.

So I have a dropdown menu populated out of my database with the use of this function

func.php

    function artistQuery(){
    $myData = mysql_query("SELECT * FROM artists");
    while ($record = mysql_fetch_array($myData)){
    echo '<option value="' . $record['artistID'] . '">' . $record['artistFirst'] . ' ' . $record['artistSurname'] . '</option>';
    }

It populates the drop down menu on:

newprod.php

<h1>New Product Entry:</h1>
<form action="php/addproduct.php" method="_POST">

<p>Please select the artist:</p>

<select name="artist">
<?php artistQuery();
?>
</select>
</form>

So from my function although the first name and surname of the artist are displayed the option value is actually the artistID.

I then use

addproduct.php

<?php

    include_once 'php/dbconn.php';

    connect();


$artist = $_POST['artist'];

$query = "INSERT INTO products ('artistID') VALUES ('$artist')";

//execute query
$result = mysql_query($query) or die("Error in Query. $query. " . mysql_error());

echo "$artist";

    ?>

To write the artistID into the database, except it isn't writing.

I am assuming the issue lies somewhere in the newprod.php (Middle block of code) not assigning the artistID to the name of 'artist'.

Any and all help from you wonderful people would be appreciated.

EDIT: Missing letters!

Improve this question
5
  • Your code is wide open to sql injections! Stop using the long depricated old mysql extension. Use mysqli or PDO with prepared statements. This may be annoying now, but without the first clever user who comes by will completely destroy or take over your application if he wants to. Commented Nov 19, 2013 at 13:36
  • 2
    It should be method="post", not method="_post". It might get ignored and handled as a GET form. Commented Nov 19, 2013 at 13:41
  • arkascha, as I say at the very start of the post, for completely ridiculour reasons I have to use mysql_* for this project, it is not through choice. Commented Nov 19, 2013 at 13:42
  • I read that. First that is no excuse to not handle sql injection and second you should deny to obey. Commented Nov 19, 2013 at 13:52
  • Make sure you get error messages. Place error_reporting(E_ALL); ini_set('display_errors', 1); at the beginning of the scripts. use var_dump() to analyze your variables (var_dump($_POST);. Commented Nov 19, 2013 at 13:59

4 Answers 4

Reset to default
1

In addproduct.php, try this:

$query = "INSERT INTO products (artistID) VALUES ('$artist')";

Instead of quoted column name (bad):

$query = "INSERT INTO products ('artistID') VALUES ('$artist')";

MySQL column name can be neither single quoted 'artistID', nor double quoted "artistID", nor [artistID] like in Access Database. It must be either bare name artistID, or anti-quoted like

`artistID`

It's useful when you have spaces in the column name like 

`Artist Name`

.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Changed this and _post to post as recommended by Gerald and still no joy.
Have you: include_once 'php/dbconn.php'; connect(); in the file newprod.php?
Thanks Gerald/Jacouh, between you two I got this working. I appreciate it!
1

It should be method="POST", not method="_POST".

_POST is invalid and is ignored by the browser. The browser will then use GET as method, which is the default for HTML forms.

Edit: The answer by @jacouh is also valid, you have to do both his and my change to make it work.

Improve this answer

1 Comment

Thanks Gerald/Jacouh, between you two I got this working. I appreciate it!
0

To avoid some sql injections try to use mysql_escape_string

$query = "INSERT INTO products ('artistID') VALUES ('".mysql_escape_string($artist)."')";

Check if $artist has value, maybe is not inserting in the db, because is null. Or maybe is not the value the db is expecting, like artistID is an integer an $artist actually is a string.

Improve this answer

Comments

-1

Inside select box you should give some thing like this

<select name="artist">
<option value="artist"><?php artistQuery();?></option>
</select>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.