开发者

Inserting data into mysql from a html table

问答 作者:

im new to this but getting the hang of it but i need help on this. i currently have a php file called Newkpi.php which grabs all the users in the database table StaffList which i want and then put them into a table which i can enter data into. i then press the button and the data is sent to another table called Services. what im finding is that it creates records in the table but it doesnt insert any data it just put in a blank record the code i have is below

<?php 
include 'dbc.php';

page_protect();

if(!checkAdmin()) {
header("Location: myaccount.php");
exit();
}
company();
$page_limit = 10; 
$stafflist = mysql_query("SELECT * FROM StaffList WHERE full_name != 'Adam Carter' 
AND      full_name != 'Jakata' AND branch = '$_SESSION[branch]' ");

$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = @ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path   = rtrim($login_path, '/\\');

// filter GET values
foreach($_GET as $key => $value) {
    $get[$key] = filter($value);
}

foreach($_POST as $key => $value) {
    $post[$key] = filter($value);
}



$rs_all = mysql_query("select count(*) as total_all from StaffList") or die(mysql_error());
$rs_active = mysql_query("select count(*) as total_active from StaffList where approved='1'") or die(mysql_error());
$rs_total_pending = mysql_query("select count(*) as tot from StaffList where approved='0'");                           

list($total_pending) = mysql_fetch_row($rs_total_pending);
list($all) = mysql_fetch_row($rs_all);
list($active) = mysql_fetch_row($rs_active);


?>
<html>
<head>
<title>Administration Main Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>

</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr><br>
  </tr>
  <tr>
    <td width="14%" valign="top"><?php
    if (isset($_SESSION['user_id'])) {?>
<div class="myaccount">
  <p><strong>Administration</strong></p>
  <a href="CreateUser.php">Create New User</a><br>
  <a href="UserEdit.php">Edit User</a><br>
</div>


<?php }
if (checkAdmin()) {
/*******************************END**************************/
?>

      <?php } ?>
    </td>
    <td width="74%" valign="top" style="padding: 10px;">

      <p><?php 

      ?></p>

      <p>

      &nbsp;</p>
      <?php
      if($_POST['doSubmit'] == 'Create')
{


mysql_query("INSERT INTO Services (Staffname,ServiceAmount,ServiceDate,ForecastForNextMonth,ProductSales,ClientsThisMonth,personnelR开发者_高级运维etension, totalRetension, Colours, Cuts, PreBooking, TimeUsed)
             VALUES ('$post[user_name]','$post[Serviceamount]','$post[servicedate]','$post[forecast]','$post[productsales]','$post[Clientsthismonth]','$post[Personelret]','$post[Totalret]','$post[colours]','$post[cuts]','$post[prebooking]','$post[timeused]')
             ") or die(mysql_error()); 


echo "<div class=\"msg\">New KPI's Entered</div>"; 
}

      ?>

      <h3 class="titlehdr"><font color="#000050">Create New User</font></h3>
      <table width="300px" border="0" align="Centre" cellpadding="2" cellspacing="0">
          <tr bgcolor="#000050">
              <form name="form1" method="post" action="Newkpi.php">


            <td width="20px"><h3 class="Text2">Staff Member</h3></td>
            <td width="20px"><h3 class="Text2">Service Amount</h3></td>
            <td width="20px"><h3 class="Text2">Service Date</h3></td>
            <td width="20px"><h3 class="Text2">Forecast For Next Month</h3></td>
            <td width="20px"><h3 class="Text2">Product Sales</h3></td>
            <td width="20px"><h3 class="Text2">Clients This Month</h3></td>
            <td width="20px"><h3 class="Text2">Personel Retension</h3></td>
            <td width="20px"><h3 class="Text2">Total Retension</h3></td>
            <td width="20px"><h3 class="Text2">Colours</h3></td>
            <td width="20px"><h3 class="Text2">Cuts</h3></td>
            <td width="20px"><h3 class="Text2">Pre-Booking</h3></td>
            <td width="20px"><h3 class="Text2">Time Used</h3></td>

                   </tr>

          <?php while ($rrows = mysql_fetch_array($stafflist)) {?>
          <tr> 

           <td name="user_name"><h3 class="Text3"><?php echo $rrows['full_name'];?></h3></td>
           <td><input name="Serviceamount" type="text" size="4" id="Serviceamount"></td>
           <td><h3 class="Text3"><input name="servicedate" type="text" size="4" id="servicedate"></h3></td>
           <td><h3 class="Text3"><input name="forecast" type="text" size="4" id="forecast"></h3></td>
           <td><h3 class="Text3"><input name="productsales" type="text" size="4" id="productsales"></h3></td>
           <td><h3 class="Text3"><input name="Clientsthismonth" type="text" size="4" id="Clientsthismonth"></h3></td>
           <td><h3 class="Text3"><input name="Personelret" type="text" size="4" id="Personelret"></h3></td>
           <td><h3 class="Text3"><input name="Totalret" type="text" size="4" id="Totalret"></h3></td>
           <td><h3 class="Text3"><input name="colours" type="text" size="4" id="colours"></h3></td>
           <td><h3 class="Text3"><input name="cuts" type="text" size="4" id="cuts"></h3></td>
           <td><h3 class="Text3"><input name="prebooking" type="text" size="4" id="prebooking"></h3></td>
           <td><h3 class="Text3"><input name="timeused" type="text" size="4" id="timeused"></h3></td>

          </tr>

          <?php } ?>
           </form>
        </table>




                <input name="doSubmit" type="submit" id="doSubmit" value="Create">



      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p></td>
    <td width="12%">&nbsp;</td>
  </tr>
</table>
</body>
</html>

Would love some help on this

Presumably you want to use $_POST instead of $post?

Also, you may want to consider adding some constraints on your table, assuming everything being null is not a desired feature.

Once you've got that working, I'd do some research on security issues from SQL injection and check your incoming data, assuming it's not an being run on a secure intranet.

Your problem is with your syntax..

change all instances of $post to $_POST in the SQL insert query. I think you should also create variables for each $_POST because you will run into syntax issues if you do not escape the quotes.

Here's a quick example:

 $field1 = $_POST['field1'];
 $field2 = $_POST['field2'];
 $field3 = $_POST['field3'];

 mysql_query("INSERT INTO table (field1, field2, field3) VALUES ('$field1', '$field2', '$field3')");


mysql_query("INSERT INTO Services (Staffname,ServiceAmount,ServiceDate,ForecastForNextMonth,ProductSales,ClientsThisMonth,personnelRetension, totalRetension, Colours, Cuts, PreBooking, TimeUsed)
             VALUES ('$post[user_name]','$post[Serviceamount]','$post[servicedate]','$post[forecast]','$post[productsales]','$post[Clientsthismonth]','$post[Personelret]','$post[Totalret]','$post[colours]','$post[cuts]','$post[prebooking]','$post[timeused]')
             ") or die(mysql_error());

the $post[user_name]

change to $_POST['user_name'];

same to every $post[]

Passing $_POST directly to sql is not good because someone will do sql injection. Is better assigned them to variable first and pass in the variable in the sql

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9