logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



PHP and Mysql

 
Post new topic   Reply to topic    Apache Forum Index -> Coding & Scripting Corner



View previous topic :: View next topic  
Author Message
fifimtwana



Joined: 24 Feb 2011
Posts: 22

PostPosted: Mon 11 Apr '11 14:01    Post subject: PHP and Mysql Reply with quote

Hey guys could you plese help me out... I'm new to PHP and have done research on the internet but have not been ble to find what im looking for..

My problem is that I want to be able to insert multiple records into a single table named "Attendance" using checkboxes. The array only inserts one record into the database,but doesnt insert the studentID in the ID column.

How do I Fix this problem, i've tried many solutions that I gt on the internet but they are just not helping..

Below is the code i used:
Code:
<script language="javascript" src="calendar.js"></script>

<?php
//============================================PHP START================================================//

//===================================Connecting to DB START=========================================//
$mysqluser = 'root';
$mysqlpasswd = '689453';
$mysqlhost = 'localhost';
$mysqlDB = 'p10DB';
mysql_connect($mysqlhost,$mysqluser,$mysqlpasswd);
mysql_select_db($mysqlDB) or die( "Unable to select database");
//===================================Connecting to DB STOP=========================================//
//===================================SQL Query START=========================================//


$STATUS = 'ACTIVE';
 $query55 = "select distinct Learnership, Level, YGroup from training_event where STATUS='$STATUS' order by Level";
$result55=mysql_query($query55);

$query2 = "select ID,Level from levels";
$result2=mysql_query($query2);
$num=mysql_numrows($result2);

$query3 = "select * from assessors";
$result3=mysql_query($query3);
$num=mysql_numrows($result3);

$LSHIP = $_GET[LSHIP];
$LVL = $_GET[LVL];
$GRP = $_GET[GRP];

$STATUS = "ACTIVE";
$query4 = "select ID,Name,Surname from students where Status='$STATUS' and LEARNERSHIP='$LSHIP' and LEVEL='$LVL' and YEARGROUP ='$GRP' order by Surname";
$result4=mysql_query($query4);
$num=mysql_numrows($result4);

?>
<table>
      <TR>
            <TD> <font size="2" face="bmwtyperegular">
                 Student Filter:
            </TD>
            <TD>
            </TD>
      </TR>
<?PHP
while($nt=mysql_fetch_array($result55))
   {
?>
      <TR>
            <TD> <font size="2" face="bmwtyperegular">
            </TD>
            <TD>
            <a href="indexp10_manage_students_book_student.php?LSHIP=<?PHP echo $nt[Learnership].'&LVL='.$nt[Level].'&GRP='.$nt[YGroup]  ?>">
            <font color="#808080" size="2" face="bmwtyperegular">
            <?PHP echo $nt[Learnership].' '.$nt[Level].' '.$nt[YGroup];?>
            </TD>
      </TR>
<?PHP
  }
?>
</table>
      <table border=0 width=1000>
        <tr>
               <td>
                   <HR NOSHADE size="1" color="#eeeeee">
               </td>
            </tr>
       </table>
<TABLE>
<font size="2" face="bmwtyperegular">
<FORM NAME ="ATT_REG" METHOD ="Get" ACTION = "">
      <TR>
          <TD>
<?PHP
     $array_holder = 0;
     ?>

      <TR>
            <TD>
                 <?PHP
                 while($nt=mysql_fetch_array($result4))
                  {
                   $INPUTID[$array_holder] = $nt[ID];

                 ?>

                 <TR>
                     <td align="right">
                         <input type="checkbox" name="<?PHP echo $array_holder ?>" value="<?PHP echo $nt[ID] ?>"  checked>
                     </td>
                     <TD width="150"> <font size="2" face="bmwtyperegular">
                       <?PHP echo $nt[ID] ?>
                     </TD>
                     <TD width="150">   <font size="2" face="bmwtyperegular">
                       <?PHP echo $nt[Surname]; ?>
                     </TD>
                     <TD width="150"> <font size="2" face="bmwtyperegular">
                       <?PHP echo $nt[Name]; ?>
                     </TD>
                </tr>
                   <?PHP
                 $array_holder++;
                     }
?>

            </TD>
      </TR>
      <TR>
            <TD> <font size="2" face="bmwtyperegular">
                 Leave Type:
            </TD>
            <TD>
                 <select name="Booking">
                 <option value="Offsite">Offsite Work</option>
                 <option value="Leave">Leave</option>
                 <option value="Sick">Sick Leave</option>
                 <option value="NO_SPEC">Change Time</option>
                 </select>
            </TD>
      </TR>
      <TR>
            <TD> <font size="2" face="bmwtyperegular">
                 Leave Date:
            </td>
              <TD>
  <?PHP
require_once('classes/tc_calendar.php');

//instantiate class and set properties
$myDate = date("d/m/Y");
$myDateY = date("Y");
$myDateM = date("m");
$myDateD = date("d");

$myCalendar = new tc_calendar("date1", true);
$myCalendar->setIcon("iconCalendar.gif");
$myCalendar->setDate($myDateD, $myDateM, $myDateY);
$myCalendar->writeScript();
$theDate = isset($_REQUEST["date1"]) ? $_REQUEST["date1"] : "";

           ?>
           <TD>
           </TD>
       </TR>
       <TR>
            <TD> <font size="2" face="bmwtyperegular">
                 Assessor ID:
            </TD>
            <TD>
                 <select name="AID">
                 <?PHP
                 while($nt=mysql_fetch_array($result3))
                 echo "<option value=$nt[ID]>$nt[Name] $nt[Surname]</option>";
                 echo "</select>";
                 ?>
            </TD>
      </TR>
      <TR>
            <TD> <font size="2" face="bmwtyperegular">
                 PIN Code:
            </TD>
            <TD>
                 <input type="password" name="PIN" value="" size ="4">
            </TD>
</table>
                 <input type="submit" name="SUB1" value="Book Learner">
</P>
</FORM>

<?PHP
$ID = $_GET['ID'];
$Booking = $_GET['Booking'];
$Date = $_GET['Date'];
$Date = $theDate[8].$theDate[9].'/'.$theDate[5].$theDate[6].'/'.$theDate[0].$theDate[1].$theDate[2].$theDate[3];

$AID = $_GET['AID'];
$PIN = $_GET['PIN'];
$Time = "06:59:59am";

$query1 = "select ID,PIN from assessors where ID='$AID'";
$result1=mysql_query($query1);
$num=mysql_numrows($result1);

$PIN_STATUS = "NOT_OK";

while($r=mysql_fetch_array($result1))
      {
      $TAID =$r["ID"];
      $TPIN =$r["PIN"];

      if($TAID == $AID)
               {
               if($TPIN == $PIN)
                    {
                    $PIN_STATUS = "OK";
                    }
               }
     }

if ($PIN_STATUS == "OK")
{

    $true_array++;
    $query1 = "DELETE FROM attendance WHERE ID='$ID' and Date='$Date'";
    $result1=mysql_query($query1);

    $query1 = "Insert into attendance(ID,UnitStandardID,Date,Time,AssessorID) VALUES ('$ID','$Booking','$Date','$Time','$AID')";
    $result1=mysql_query($query1);
    $s = $ID.' was booked successfully for Leave type '.$Booking.' on the following Date: '.$Date;
    $in = mysql_affected_rows();
    // echo  $s;
         ?>
       <table width="1000">
            <TR>
                   <?PHP
                   if($in == 1)
                     {
                     ?>
               <TD width="60">
                   <img src="./images/success.jpg">
               </tD>
               <TD> <font size="2" face="bmwtyperegular">

                     <?PHP echo  $s; ?>;
               </tD>
             </tr>
                     <?PHP
                     }
                     ?>
                   <?PHP
                   if($in <> 1)
                     {
                     ?>
               <TD width="60">
                   <img src="./images/error.jpg">
               </tD>
               <TD> <font size="2" face="bmwtyperegular">

                     Register was not Signed!


               </tD>
             </tr>
                     <?PHP
                     }
                     ?>
       </table>
       <?PHP
    }


mysql_close();
?>




   </body>

   </font>
</html>



Thanks in advance...
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6255
Location: Germany, Next to Hamburg

PostPosted: Mon 11 Apr '11 20:54    Post subject: Reply with quote

While inseting you should use something like this. To see if your query fails.

Code:

if(! mysql_query($query1)){
    echo mysql_error();
}


Do you get any error messages? It is also recommend to turn on error reporting during development

Code:

ini_set("display_errors",1);
error_reporting(E_ALL);
Back to top
smilerdude



Joined: 11 Apr 2011
Posts: 7

PostPosted: Tue 12 Apr '11 1:14    Post subject: Reply with quote

What's the column data type of ID ?

Are you trying to insert a string value into a column with type INT/DOUBLE/FLOAT ?


Depending on the answer, you might need to drop the single ' quotes that surround $ID in the INSERT statement.

e.g.
$query1 = "Insert into attendance(ID,UnitStandardID,Date,Time,AssessorID) VALUES ($ID,'$Booking','$Date','$Time','$AID')";

'
Back to top
fifimtwana



Joined: 24 Feb 2011
Posts: 22

PostPosted: Tue 12 Apr '11 8:30    Post subject: PHP and Mysql Reply with quote

The data type for the field ID is text
Back to top
Virsacer



Joined: 16 Jan 2010
Posts: 108
Location: Germany, Darmstadt

PostPosted: Tue 12 Apr '11 9:25    Post subject: Reply with quote

At least 2 queries are vulnerable to SQL-Injection!
Read http://www.php.net/manual/en/security.database.sql-injection.php
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Coding & Scripting Corner
Page 1 of 1