1

when i submit the form.. the form display the 'error' msg that mean the query does'nt work.. i've compare the code with the other code and it seem similar... i dont know what to do with this.. please guys... help me...

(here's is the form code)

<?php
if(isset($_GET['bookno']))
        $bookingno = $_GET['bookno'];
    elseif(isset($_POST['bookno']))
        $bookingno = $_POST['bookno'];
    else
        $bookingno = "";

    $db = mysql_connect('localhost','root') 
    or die ("unable to connect");
    mysql_select_db('fyp',$db) or die ("able to select");

$sql_select = "SELECT * FROM `booking` "
                    . " WHERE `bookingno`='".trim($bookingno)."'";

     $result = mysql_query($sql_select) or die ("Query failed!");
     $row = mysql_fetch_array($result);
     extract($row);

 ?>
    <form method ="post" action="appbooking.php">
<font face= "arial" size="2" font color="black">
<center>
<table width="800" height="150" border="0" cellspacing="0" cellpadding="2">
  <tr>
  <tr>
    <td height="28" colspan="8" valign="middle" bgcolor="#0A25E9"><center>
      <font color="white" size="3" face="Times New Roman" font="font"><b>BOOKING DETAIL</b></font>
    </center>
    </tr>
  <tr>
    <td width="129" align="left" ><font face="Arial" size="2" font color="#000000">Booking No</font></td>
    <td width="291"><input name="bookingno" type="text" value= "<?php echo $row['bookingno']; ?>" size="30" ></td>
    <td width="94" align="left" ><font face="Arial" size="2" font color="#000000">User ID</font></td>
    <td width="270"><input name="username" type="text" id="username" value= "<?php echo $row['username']; ?>" size="30" ></td>
  </tr>
  <tr>
    <td width="129" align="left"><font face="Arial" size="2" font color="#000000"> Name</font></td>
    <td width="291"><input name="name" type="text" id="name" value= "<?php echo $row['name']; ?>"size="45" ></td>
    <td width="94" align="left"><font face="Arial" size="2" font color="#000000">Department</font></td>
    <td><input name="department" type="text" id="department" value= "<?php echo $row['department']; ?>" size="45" >
    </tr>
  <tr>
    <td width="129" align="left" ><font face="Arial" size="2" font color="#000000">Required Date</font></td>
    <td width="291"><input name="u_g_date" type="text" id="g_date" value= "<?php echo $row['g_date']; ?>" size="30" ></td>
    <td width="94" align="left" ><font face="Arial" size="2" font color="#000000">Required Time</font></td>
    <td><input name="g_time" type="text" id="g_time" value= "<?php echo $row['g_time']; ?>" size="30" ></td>
  </tr>
  <tr>
    <td width="129" align="left" ><font face="Arial" size="2" font color="#000000">Return Date</font></td>
    <td width="291"><input name="u_r_date" type="text" id="r_date" value= "<?php echo $row['r_date']; ?>" size="30" ></td>
    <td width="94" align="left" ><font face="Arial" size="2" font color="#000000">Return Time</font></td>
    <td><input name="r_time" type="text" id="r_time" value= "<?php echo $row['r_time']; ?>" size="30" ></td>
  </tr>
  <tr>
    <td width="129" align="left"><font face="Arial" size="2" font color="#000000">Destination</font></td>
    <td width="291"><input name="u_destination" type="text" id="destination" value= "<?php echo $row['destination']; ?>" size="45" ></td>
    <td width="94" align="left"><font face="Arial" size="2" font color="#000000">Num Of Passengger</font></td>
    <td><input name="pass_num" type="text" id="pass_num" value= "<?php echo $row['pass_num']; ?>" ></td>
  </tr>
  <tr>
    <td width="129" align="left"><font face="Arial" size="2" font color="#000000">Purpose Of Trip</font></td>
    <td width="291"><textarea name="trip_purpose" rows="3" cols="40 " >
           <?php echo $row['trip_purpose']; ?>
           </textarea></td>
  </tr>
  <p>&nbsp;</p>
  <td><p>&nbsp;</p>
  <tr>
   <tr>
        <td height="28" colspan="8" valign="middle" bgcolor="#0A25E9">
        &nbsp;  &nbsp;  &nbsp;  &nbsp; &nbsp;   &nbsp;  &nbsp;  &nbsp;&nbsp;    &nbsp;  &nbsp;  &nbsp; &nbsp;   &nbsp;  &nbsp;  &nbsp; &nbsp; &nbsp;    &nbsp;  &nbsp;  &nbsp;&nbsp;    &nbsp;  &nbsp; &nbsp; &nbsp;    

        <font color="white" size="3" face="Times New Roman"     font="font"><b>APPROVE</b></font>
        &nbsp;  &nbsp;  &nbsp;  &nbsp; &nbsp;   &nbsp;  &nbsp;  &nbsp;&nbsp;    &nbsp;  &nbsp;  &nbsp; &nbsp;   &nbsp;  &nbsp;  &nbsp;&nbsp;&nbsp;  &nbsp;  &nbsp;  &nbsp; &nbsp;   &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp; &nbsp;   &nbsp;  &nbsp;  &nbsp;&nbsp;    &nbsp;  &nbsp;  &nbsp;  &nbsp;  &nbsp; &nbsp;   &nbsp;  &nbsp;  &nbsp;


        <font color="white" size="3" face="Times New Roman"     font="font"><b>REJECT</b></font>
</td>

  </tr>
  <p>&nbsp;</p>
  <?php
     $db = mysql_connect('localhost','root') 
     or die ("unable to connect");
    mysql_select_db('fyp',$db) or die ("able to select");

    $sql="SELECT * FROM vehicle WHERE v_status='READY'";

     $result = mysql_query($sql) or die ("Query failed!");  
 ?>
  <tr>
  <tr>
    <td>Registration Number 
    <td><select name="regno">
            <option value="" selected>--Registration No--</option>
            <?php while($row = mysql_fetch_array($result)){?>
            <option value="<?php echo $row['regno']; ?>"><?php echo $row['regno']; ?></option>
            <?php } ?>
        </select></td>
    <td>Reason</td>
  <td><textarea name="reason" rows="3" cols="50 "value = ""></textarea></td>
  </tr>
  <?php
     $db = mysql_connect('localhost','root') 
     or die ("unable to connect");
    mysql_select_db('fyp',$db) or die ("able to select");

    $sql="SELECT * FROM driver WHERE d_status='READY'";

     $result = mysql_query($sql) or die ("Query failed!");  
 ?>
  <tr>
    <td>Driver</td>
    <td><select id = "d_name" name="u_d_name">
      <option value="" selected>--Driver Name--</option>
      <?php while($row = mysql_fetch_array($result)){?>
      <option value="<?php echo $row['d_name']; ?>"><?php echo $row['d_name']; ?></option>
      <?php } ?>
    </select></td>
  </tr>
  <tr>
<?php                    
      mysql_close($db);
?>

</table>

(here's the code for the addprocessor)
<?php
   $db = mysql_connect('localhost','root') 
     or die ("unable to connect");
     mysql_select_db('fyp',$db)
     or die ("able to select");

    $bookingno=$_POST['bookingno'];
    $username=$_POST['username'];
    $name=$_POST['name'];
    $department=$_POST['department'];
    $g_date=$_POST['g_date'];
    $r_date=$_POST['r_date'];
    $r_time=$_POST['r_time'];
    $destination=$_POST['destination'];
    $pass_num=$_POST['pass_num'];
    $trip_purpose=$_POST['trip_purpose'];
    $regno=$_POST['regno'];
    $d_name=$_POST['d_name'];
    $reason=$_POST['reason'];


$sql = "INSERT INTO usage VALUES('$bookingno','$username','$name','$department', '$g_date', '$g_time', '$r_date', '$r_time', '$destination', '$pass_num', '$trip_purpose', '$regno', '$d_name', '$reason')";

$result = mysql_query($sql) or die ("error!");
//$result = mysql_query($sql) or die ($query);

echo "<font face = arial size= 3><b>Booking No : </b>".$bookingno."</font>"."<br>";  
echo "<font face = arial size= 3><b>Applicant's ID : </b>".$username."</font>"."<br>";
echo "<font face = arial size= 3><b>Applicant's Name : </b>".$name."</font>"."<br>";
echo "<font face = arial size= 3><b>Department : </b>".$department."</font>"."<br>";
echo "<font face = arial size= 3><b>Required Date : </b>".$g_date."</font>"."<br>";
echo "<font face = arial size= 3><b>Required Time: </b>".$g_time."</font>"."<br>";
echo "<font face = arial size= 3><b>Return Date : </b>".$r_date."</font>"."<br>";
echo "<font face = arial size= 3><b>Return Time : </b>".$r_time."</font>"."<br>";
echo "<font face = arial size= 3><b>Destinantion : </b>".$destination."</font>"."<br>";
echo "<font face = arial size= 3><b>Number Of Passenger : </b>".$pass_num."</font>"."<br>";
echo "<font face = arial size= 3><b>Trip Purpose : </b>".$trip_purpose."</font>"."<br>";
echo "<font face = arial size= 3><b>Registration Number : </b>".$regno."</font>"."<br>";
echo "<font face = arial size= 3><b>Driver Name : </b>".$d_name."</font>"."<br>";
echo "<font face = arial size= 3><b>Reject Reason : </b>".$reason."</font>"."<br>";


mysql_close($db);

echo "<font face = arial size= 4>You have sucessfully record booking details to the database.</font>";  

?>
Improve this question
7
  • @ejah85: Do you realize that your code looks like a mess? Would you mind to edit your question, reformat code, select it and press Ctrl+K to display it as code and check preview if it helped? Commented Mar 11, 2010 at 12:40
  • Red Alert: You are using POST parameters literally in the query. Don't do that, not even at home; bad habits are hard to unlearn. Use mysql_real_escape_string or something like that to prevent SQL injection. Commented Mar 11, 2010 at 12:41
  • Looks like extraneon did that formatting for you. Please check your edited question to find out why it looks better now... Commented Mar 11, 2010 at 12:41
  • thanks peter for that....trutly i doesnt know how to paste it as a code..thanks :-) Commented Mar 11, 2010 at 12:43
  • thanks everybody...i feel like i'am stupid idiot..im newbie in php and also new member in this forum... Commented Mar 11, 2010 at 12:48

3 Answers 3

Reset to default
3 
$bookingno=mysql_real_escape_string($_POST['bookingno']);

and so on

Note that

$result = mysql_query($sql) or trigger_error (mysql_error().' in '.$sql);

call would be much more informative in case of error

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

i've used the code and the error the system cannot detect the time in the time field..thans col..ur code are great :-)
note that mysql_real_escape_string() function must be applied to the every variable you put into query, which you enclose in quoptes. $bookingno in your SELECT query too. I's 2 parts of one mechanism - quotes and mysql_real_escape_string(), both must be used always together, they are useless alone. so, if you have something like '$var' in your query, it must be preceeded by mysql_real_escape_string($var); no exceptions
thanks col :-) u means that $bookingno=mysql_real_escape_string($_POST['bookingno']); should be $bookingno=mysql_real_escape_string($bookingno);?
what does it say about error? You have unusual structure of your script. It can be problem too. I'd suggest to separate form processing from the other code. make script action.php and make it action=action.php in the form
2

Try this instead:

$result = mysql_query($sql) or die('Invalid query: ' . mysql_error());

It should give you a better error message.

Improve this answer

Comments

1

You did'not specify a list of column names. Do you provide values for every column in the table?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.