Passing values to INSERT query from form 2

[Evil8]

enterMeeting.php collects input.

<?php 
	$username="me";
	$host="me-meetingSchedual.mysql.me.com:3306";
	$password="******";
	$database="me-meetingSchedual";

	mysql_connect($host,$username,$password);
	@mysql_select_db($database) or die("Unable to select database");
	
	$query = 'SELECT name FROM `place` '
	. ' ORDER BY `name` '; 

	$result = mysql_query($query)
?>
<form action="checkMeeting.php" method="post">
	Place:<br />
	<select name='name'>
<?php
	While($row = mysql_fetch_array($result))
	{
		extract($row);
		echo "<option value='$name'>$name</option>\n";
	}
?>
	</select>
  <br>
  <br />
	Date:<br />
	<input name="date" type="text" maxlength="10" />
  <br>
  <br />
	Time:<br />
	<input name="time" type="text" maxlength="10" />
  <br>
  <br />
	Info:<br />
	<input name="info_id" type="radio" value="1" />
  Blue Cross Blue Sheild Medicare Plans<br />
  <input name="info_id" type="radio" value="2" />
  Hummana Medicare Plans<br />
  <input name="info_id" type="radio" value="3" />
  Medica Medicare Plans<br>
  <br />
  <input type="submit" value="Submit Meeting" />
</form>

checkMeeting.php displays the data and gives the user a chance to INSERT or Cancel.

<?php 
	foreach($_POST as $field => $value)
	{
		echo "$field = $value<br />\n";
	}
	
	echo "<form action='processTwoButtons.php' method='POST'>
		  <input type='submit' name='display_button' value='Ok' />
		  <input type='submit' name='display_button' value='Cancel' />
		  </form>";
?>

processTwoButtons.php inserts the new record into the database with the values input into enterMeeting.php or return to enterMeeting.php if Canceled.

<?php 
	if($_POST['display_button'] == "Ok")
		{
			$username="me";
			$password="******";
			$database="me-meetingSchedual";

			mysql_connect("me-meetingSchedual.mysql.me.com:3306",$username,$password);
			@mysql_select_db($database) or die("Unable to select database");
			$query = "INSERT INTO `meeting` (id, name, date, time, info_id)
					  VALUES ('NULL','$_POST[name]','$_POST[date]','$_POST[time]','$_POST[info_id]')";
			$result=mysql_query($query)
					or die("Couldn't execute query.");
		}
		else
		{
			header( 'Location: [URL unfurl="true"]http://www.mediqwest.com/enterMeeting.php');[/URL]
		}
?>

The problem is the values aren't being passed to the query properly. id increments okay, but name is null date is 0000-00-00 time is 00:00:00 and info-id is 0 no matter the values input into enterMeeting.php.

Thanks for your help.
Evil8

 

[jpadie]

in what format are you passing the date and time?

 

[Evil8]

the sql table meeting

id int(3) auto_increment
date 0000-00-00 which looks to me as like YYYY-MM-DD
time 00:00:00
name is varchar(50).
info_id int(3)

On the enterMeeting.php page I entered:
Old Post Office (picked from list)
2011-01-01
1:00
3 (picked from radio buttons)

Thanks for helping.

 

[jpadie]

you need to put the posted fields back into the confirmation form as hidden fields or store them as a session variable and then use them in the query.

only the form fields are submitted in the POST superglobal.

 

[vacunita]

The real question would be how are you getting the values from checkMeeting.php over to processTwoButtons.php

Posted data will only exist in the posted-to script. If you move onto a third script beyond that be it by redirect, or by posting another form, the original post data disappears.

You either need to collect the data and pass it in the URL, or use $_SESSIONS to store it so it will be available in the next script.

Personally I'd use Sessions. Additionally, I strongly suggest you clean your posted data before attempting to use it in a query. Otherwise you are open to sql injection attacks.

<?php
[red]
session_start();
$_SESSION['postdata']=$_POST;
[/red]
    foreach($_POST as $field => $value)
    {
        echo "$field = $value<br />\n";
    }
    ...

Then

<?php

[gray]
    if($_POST['display_button'] == "Ok")
        {
            $username="me";
            $password="******";
            $database="me-meetingSchedual";

            mysql_connect("me-meetingSchedual.mysql.me.com:3306",$username,$password);
            @mysql_select_db($database) or die("Unable to select database");

[red]session_start();
foreach($_SESSION['postdata'] as $field => $value){
$CleanPost[$field]=mysql_real_escape_string($value); 
 
}
[/red]

            $query = "INSERT INTO `meeting` (id, name, date, time, info_id)
                      VALUES ('NULL','[red]$CleanPost[name][/red]','[red]$CleanPost[date][/red]','[red]$CleanPost[time][/red]','[red]$CleanPost[info_id][/red]')";
            $result=mysql_query($query)
                    or die("Couldn't execute query.");
        }
        else
        {
            header( 'Location: [URL unfurl="true"]http://www.mediqwest.com/enterMeeting.php');[/URL]
        }[/gray]
?>

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[Evil8]

Thanks. I does work correctly when I don't use the checkMeeting.php page. More work and much more learning...

 

[Evil8]

Thanks vacunita, after jpadie's post I did look up sessions and incorporate that into my code. I did not, however, know about the CleanPost so a very big thanks on that. I'm getting there slowly but surely and having a cold for the last three weeks isn't helping me think clearly.

you guys rock!