Monday, January 30, 2012

Multi entry form not passing info to mysql data base


I am trying create a form for my club which takes info from a database to enable a sub selection of trainees from the database. Then additionally select a from a list of events and INSERT both back into a database. It writes to the database OK and loops through the correct number of times but doesnt pass $trainee value to the database I think what is failing is the passing of the info from 





print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' />


to the $query in the if(isset($_POST['formSubmit'])) loop.



Anyone tell me where I am going wrong? Code listed below 





<?php 



//Retrieve trainees of specified grade



$data = mysql_query('SELECT * FROM membership WHERE grade = "Trainee"  ') 

or die(mysql_error()); // select works



// Writes to database OK, including Trainee if manual value entered into form like done in instrucot

   $query = "INSERT INTO testtraining ( trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ( '{$_POST['Trainee']}', '{$_POST['activity']}', '{$_POST['instructor']}',  '{$_POST['enteredBy']}', NOW())"; 



// Feedback and posting

    if(isset($_POST['formSubmit'])) 



{

    $aTrainee = $_POST['data'];

    $training = $_POST['activity'];



    if(empty($aTrainee)) 

        {

            echo("<p>You didn't select trainees.</p>\n");               

        }   else {

        $N = count($aTrainee);

        echo("<p>You selected $N trainee(s): ");



            for($i=0; $i < $N; $i++) // loop thru all selected checkbox adding 

                {

                    $trainee = $aTrainee[$i];

                    // Execute the query.

                    if (@mysql_query ($query))  { 

                        // lists OK on screen but does not pass to form for writing to database

                        print "<p>The $training added for  $trainee.</p>";  

                                    }

                }

        }                                   

}

// end of posting



// Start of form

// Creates list with checkbox, cycles through info from membership database and makes a     multi select checkbox list

 while($info = mysql_fetch_array( $data )) //repeat while there is still data from SELECT

{ 

?> 

<form action ="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"  >  

<input id= "<?= $info['no'] ?>" type="checkbox" name="data[]" value="<?= $info['no'] ?>" />

<label for="<?= $info['no'] ?>"><?= $info['_no'] ?></label>

<br />

<? 

 }  



// Training Activities checkbox, Displays training activity to be selected from

print '<p><input type="radio" name="activity" value="Training1" /> Training1</p>';       //works

print '<p><input type="radio" name="activity" value="Training2" /> Training2</p>'; //works



print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' />

<input type="hidden" name="instructor" value= anInstructor />   

<input type="hidden" name="enteredBy" value=' . ($_SESSION['username']) . ' /> 

<input type="submit" name="formSubmit" value="Add Training" />

</form>';



mysql_close(); // Close the database connection;

?>
Post by On
Tags , ,

1 comment:

  1. UserJanuary 30, 2012 at 7:54 PM

    Your query does not break out from the string to insert the variables.
    Instead try:

    $query = "INSERT INTO testtraining ( trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ( '".$_POST['Trainee']."', '".$_POST['activity']."', '".$_POST['instructor']."','".$_POST['enteredBy']."', NOW())";


    Though I would suggest first adding those $_POST variables into $variables and run some validation to ensure it is clean. addslashes() is a good start to ensure no SQL errors pop up. But this isn't a lecture on safely inserting sanitized user input.

    ReplyDelete

Subscribe to: Post Comments (Atom)