Quick StartMost PopularNew StuffPeopleTagsAbout Us

How do you pass a variable from a form to ezsql in order to add info to a mysql db?

Rate this:
By animek2k3 (Contact - View My Woyano)
Published Sun 15 Apr 2007, 679 Views, 4 Comments

Here is the code im trying to work with thats been modified a couple of times. I have one page that has a form with 2 fields, title and author. when the user hits submit he will be brought to the the page that has all the code below to add the info to the db.

The db name is test, the table name is books, the fields in the table are id, title, and author.
using this code below adds blank info to the db. the variables dont seem to be passing correctly.

//check if the submit variable exists
    if ($_POST['title']&&$_POST['author']) {
        $db->query("INSERT INTO books (title,author) VALUES('$title','$author')");
            echo "<p><img src='images/36.gif'> It worked, we got". $_POST['title']." and ".$_POST['author']. ",Yay!</p>";

    }else{
    echo "<p><img src='images/40.gif'> it didnt work!</p>";

    }
   
    // get multiple rows
    $users = $db->get_results("SELECT title,author FROM books");
    foreach($users as $user){
    // Access data using object syntax
    echo "<b>";
    echo $user->title;
    echo "</b>";
    echo "&nbsp;";
    echo $user->author;
    echo "<br />";
    }
?>


This Item
Category: Knowledge, Questions, Technology
Tags: ezsql questions
Contributor
animek2k3
Share it
Link to this item:
Bookmark this item: RSS Feed

People who liked this item

    4 Comments

  1.  
    JV ~ 15 months ago
    0 votes thumbs up thumbs down






    // Only process this form if it is a submit
    if ( isset($_POST['title']) && isset($_POST['author']) )
    {
        // Ensure that variabls have a value
        if ( ! $_POST['title'] )
        {
            echo "Please enter title.";
        }
        else if ( ! $_POST['author'] )
        {
            echo "Please enter author.";
        }
        // Evaluate at the same time as inserting to save code
        // (Escape the incoming data to avoid sql injection attack and deal with 's)
        else if ( ! $num_affected_rows = $db->query("INSERT INTO books (title,author) VALUES('".$db->escape($_POST['title'])."','".$db->escape($_POST['author'])."')") )
        {
            echo "Error inserting into the database";    
        }
        else
        {
            echo "num_affected_rows: $num_affected_rows
    ";
            echo "insert_id: {$db->insert_id}
    ";
        }
    }

    if ( $results = $db->get_results("SELECT * FROM books") )
    {
        foreach($results as $result)
        {
            // Access data using object syntax
            echo "<b>";
            echo $result->title;
            echo "</b>";
            echo "    ";
            echo $result->author;
            echo "<br />";
        }
    }
    else
    {
        echo "There are no books just yet!";
    }
    [ reply ]
    1.  
      animek2k3 ~ 15 months ago
      0 votes thumbs up thumbs down
      thank you JV, that worked great. I was messing around with ezsql to get a grasp of the basics. im have an understanding of what you just did but can u explain to me exactly what you did on this snipped of code?

      // Evaluate at the same time as inserting to save code
      // (Escape the incoming data to avoid sql injection attack and deal with 's)
      else if ( ! $num_affected_rows = $db->query("INSERT INTO books (title,author) VALUES('".$db->escape($_POST['title'])."','".$db->escape($_POST['author'])."')") )
      {
      echo "Error inserting into the database";
      }
      else
      {
      echo "num_affected_rows: $num_affected_rows";
      echo "insert_id: {$db->insert_id}";
      }

      thankyou.
      [ reply ]
      1.  
        JV ~ 15 months ago
        0 votes thumbs up thumbs down
        // Escape apostrophise (') and avoid sql injection attack
        $db->escape($_POST['author'])

        // Get the number of changed rows
        if ( ! $num_affected_rows = $db->query( etc...

        // Evaluate the results of the query
        if ( ! $num_affected_rows = $db->query( etc...

        // If $num_affected_rows = 0 then it will be false
        // (if any rows changed it will give the number of changes and be true)
        [ reply ]
        1.  
          animek2k3 ~ 15 months ago
          0 votes thumbs up thumbs down
          thank you, I appreciate the prompt reply. I was really busting my head over this.
          [ reply ]
          1.  
            AdGuy
            22 votes thumbs up thumbs down
            This is my two cents...

               
            Hey you know AdGuy always gets the last word! ;)

          Please Login to Add Your Comment   ..or..  

          Replying to comment by