views:

58

answers:

2

Hi, I am having an issue trying to add the records using 2 drop lists. I have a table called Urls which holds the details of url. I have a table called category populates a drop list, I have another table called publishers which populates another drop list.

      $query = 'INSERT INTO url_associations (url_id, url_category_id, approved, url_publisher_id) VALUES ';
  foreach ($_POST['types'] as $v){
   $query .= "($uid, $v, 'Y', $k), ";
  }
  $query = substr ($query, 0, -2); // Chop off the last comma and space.

  $result = @mysql_query ($query); // Run the query.

  if (mysql_affected_rows() == count($_POST['types'])) { // Query ran OK.

   echo '<p><b>Thank you for your submission!</b></p>';
   $_POST = array(); // Reset values.

  } else { // If second query did not run OK.

The code above allows me to addd data using the categories drop list but when I try to add the url_publisher_id as 'posters' as $k I keep getting errors in my parsing. If anyone can understand what I am trying to achieve your help would be welcomed

+1  A: 

If the value of your $k variable is anything other than an integer or float you'll get an error because it needs quotes around it when you're building the SQL INSERT statement:

$query .= "($uid, $v, 'Y', '$k'), ";

Note: There are some major security problems in your example. If you put user input from $_POST into your SQL without escaping it you're giving the user the ability to run whatever SQL commands they want to run on your database.

dellsala
Thank you but my problem is declaring the variable $kIn the code $_POST['types'] as $v.Decalres the category id 'types' as $vHow do I do the same for the url_publisher_id as a variable 'posters' as $k.I have tried adding to the line to include the url_publisher_id but without any success.My error now is that undefined variable k and that then leads to an incorrect integer value.I am having problems trying to decalare the k variable.Thank you
Ddywalgi
Thank you dellsala for highlighting the security issues I will research this to find a more secure solution.
Ddywalgi
I guess i don't understand your question. Can you explain what you mean by "I keep getting errors in my parsing"?
dellsala
Ddywalgi
Hi delsala, This is what I am trying to achieve but the AND is causing error // Build the query.$query = 'INSERT INTO url_associations (url_id, url_category_id, approved, url_publisher_id) VALUES ';foreach (($_POST['types'] as $v) AND ($_POST['posters'] as $k)){$query .= "($uid, $v, 'Y', '$k'), ";}$query = substr ($query, 0, -2); // Chop off the last comma and space.$result = @mysql_query ($query); // Run the query.if (mysql_affected_rows() == count($_POST['types']) AND ($_POST['posters'])) { // Query ran OK.echo '<p><b>Thank you for your submission!</b></p>';$_POST = array(); // Reset values.
Ddywalgi
A: 

I have added an extra array foreach ($_POST[posters] as $k)

//so it reads

'foreach ($_POST[types] as $v) foreach ($_POST[posters] as $k) {`

and it has executed perfectly.

Thanks for your help.

Sean

Ddywalgi