Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PHP script

Status
Not open for further replies.
Skippie1

Skippie1

Technical User
May 7, 2012
29
0
0
ZA
Good day,

I am trying to insert a form into a table(A) in my database which is working OK but I would also want to add the name of the person and the contact number from another table(B) into the same table. I want to use the session username as reference to get other information from my table called users and add it to another table. Here is the script I am using:

Code: 
?
session_start();
?>
<?php 

mysql_connect("localhost", "username", "password") or die(mysql_error()) ; 
 mysql_select_db("table_name") or die(mysql_error()) ; 
 
 $email=$_POST[$_SESSION['MM_Username']];
 $email=mysql_real_escape_string($email);
 
 if($email<>""){
 $check_user_data = mysql_query("SELECT * FROM Users WHERE Username = '$email'") or die(mysql_error());
 if(mysql_num_rows($check_user_data) == 0){
 $row = mysql_fetch_array($check_user_data);$email=$row['Username'];

 $name=$row['Name'];
 $contact=$row['Contact'];
}}
 
 $target = "uploads/"; 
 $target = $target . basename( $_FILES['prodImg']['name']); 
 
 //This gets all the other information from the form 
 $afdeling=$_POST['afdeling']; 
 $kies=$_POST['kies'];  
 $prys=$_POST['prys'];
 $beskrywing=$_POST['beskrywing'];
 $pic=($_FILES['prodImg']['name']); 
 
 
 mysql_connect("localhost", "greytrad_skip", "Divisca123") or die(mysql_error()) ; 
 mysql_select_db("greytrad_oplaai") or die(mysql_error()) ; 
 
 
 //Writes the information to the database 
 mysql_query("INSERT INTO `$afdeling` (`kies`, `prys`, `beskrywing`, `file`, `name`, `contact`) VALUES ('$kies', '$prys', '$beskrywing','$pic','$name', '$contact')") ; 
  
 if(move_uploaded_file($_FILES['prodImg']['tmp_name'], $target)) 
 { 
 
 echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; 
 } 
 else { 
 
 echo "Sorry, there was a problem uploading your file."; 
 }
 ?>
 
Sort by date Sort by votes
And what is not working with that script?

Nb you must escape all the post data (and any other data you are adding to the database) before enquoting it and running the insert query. At the moment you do not which leaves you open to failed queries at best and SQL injection attacks at worst.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
114
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
105
PeDa
PeDa
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
118
vishvajit
vishvajit
lflynnlrf
  • Locked
  • Question
wordpress/ shortcode/ PHP duplicating code
Replies
1
Views
66
spamjim
spamjim
cmayo
  • Locked
  • Question
Is PHP/PEAR MDB2 dead? Which PHP abstraction layer should I use?
Replies
1
Views
51
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top