SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    automatic INSERT of an id value coming through the URL into a related database field

    to make things simpler for you guys I will be more specific in the display comments part. on the SELECT comments script part to display the comment will be better if I put shoename_id instead of id=$id. So it will select the comments of that item ($id) only if shoename_id (a related database field in comments) matches the variable $id (item):

    PHP Code:
    <?php
    $sql 
    "SELECT * FROM comments ";
        
    $sql .= " WHERE shoename_id= '$id '"
        
    $sql .= " ORDER BY created ASC";
        
    ?>
    THat id value come from items.php through the url Now that id=1 value in the url is set in here:
    PHP Code:
    if( isset($_GET['id']))
    {
        
    $id $_GET['id'];
    }
    ?> 
    and it is use to display the items in itemdetails.php only if id in menus matches the $id value in the url

    PHP Code:
    <?php 


    $query 
    'SELECT * FROM menu WHERE id = '.intval($id). '  LIMIT 1 ;'

    // execute query 
    $result mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 

    // see if any rows were returned 
    if (mysql_num_rows($result) > 0) { 
    $row mysql_fetch_row($result); {
    echo 
    '<table width="100%"  border="0" cellspacing="0" cellpadding="0" class="itemdetails">
    <tr><td width="1100" height="417" bgcolor="#FFFFFF" class="tento">
    <table class="cafe"><tr><td width="547">
    <a href="#"><h3 align="justify" style="position:relative;  height:5px;  top: 10px;">'
    ,$row[3] ,'</h3></a>
    </td>
    </tr>
    </table>
    <table width="1215" height="609" class="chencho" >
     <td class="largethumb" rowspan="8" align="center">
    <a href="#"><img src='
    ,$row[0] ,' width="270" height="160" alt="coloe"/></a></td>
    <td width="544" rowspan="8" padding="0"  ><table width="252" style="font-size:12px; position:relative; top:-6px;">
      <td width="1">&nbsp;</td>
      <td width="54" bgcolor="#FFFFFF"><strong>Price:</strong></td>
      <td colspan="7">$<span class="style3">'
    ,$row[4] ,'</span></td>
    <tr>
      <td class="style1">&nbsp;</td>
      <td colspan="7" class="style3">&nbsp;</td>
    </tr>
    <tr><td>&nbsp;</td><td><strong>Raiting:</strong></td>
      <td width="18" class="rating2">*</td>
      <td width="18" class="rating2">*</td>
      <td width="18" class="rating2">*</td>
      <td width="18" class="rating2">*</td>
      <td width="18" class="rating2">*</td>
        <td width="71"></td>
    </tr><tr>
      <td width="12"><span class="style2">coloso</span></td>
      
    </tr>
      <tr>
      <td >&nbsp;</td>
    </tr></table>
     </td>
    <tr>
      <td width="224" height="40" rowspan="3"><strong>Details:</strong></td>
    </tr>
    <tr>
      <td width="106" height="28"><a href="#"><img src="../images/add to Car.gif" alt="df" width="99" height="28" /></a></td>
    </tr><tr>
      <td height="25"><a href="#"><img src="../images/viewcart.gif" alt="rt" width="99" height="28" /></a></td>
    </tr>
    <tr>
      <td width="224" height="29"><ul>
        <li>coloso mentiroso</li>
      </ul></td>
    </tr>
    <tr>
      <td width="224" height="29"><ul>
        <li>coloso mentiroso</li>
      </ul></td>
    </tr>
    <tr>
      <td width="224" height="21"><ul>
        <li>coloso mentiroso</li>
      </ul></td>
    </tr><tr>
      <td height="12" colspan="2"><img src="../images/line..gif" alt="as" width="300" height="7" /></td>
    </tr>

    <tr></tr><td rowspan="2">
    <table width="162" align="center" class="smallthumbs">
    <tr>

    <td width="46" height="65"><a href="#"><img src='
    ,$row[0] ,' alt="df" width="50" height="50"/></a></td>
    <td width="36"><a href="#"><img src="../images/image1.jpg" alt="we" width="50" height="50" /></a></td>
    <td width="57"><a href="#"><img src="../images/launch.jpg" alt="bn" width="50" height="50" /></a></td>
    <td width="36"><a href="#"><img src="../images/image1.jpg" alt="we" width="50" height="50" /></a></td>
    </tr>
    </table></td> 
    <td rowspan="4">&nbsp;</td> 
    <td height="49"><strong>Rating and Review:</strong></td><td align="center"><a href="#">Add Review</a></td>
    <tr>
      <td rowspan="1" height="4" ><table style="font-size:10; position:relative; left:26px;">
      <td width="58">One star</td>
      <td width="40">*****</td>
      <td width="25">[23]</td>
      </table></td>
    </tr><td rowspan="2"></td>
    <tr><td height="4"><table style="font-size:10; position:relative; left:26px; ">
      <td width="58">One star</td>
      <td width="40">*****</td>
      <td width="25">[23]</td>
      </table></td>
    </tr>
    <td width="321" rowspan="7"></td>

    <td width="544" rowspan="7">&nbsp;</td>
      <td width="224" height="4"><table style="font-size:10; position:relative; left:26px;">
      <td width="58">One star</td>
      <td width="40">*****</td>
      <td width="25">[23]</td>
      </table></td>
      <tr><td width="224" height="4"><table style="font-size:10; position:relative; left:26px;">
      <td width="58">One star</td>
      <td width="40">*****</td>
      <td width="25">[23]</td>
      </table></td></tr>




      <td width="224" height="4"><table style="font-size:10; position:relative; left:26px;">
      <td width="58">One star</td>
      <td width="40">*****</td>
      <td width="25">[23]</td>
      </table></td>
      <tr>
        <td height="4" colspan="2"><img src="../images/line..gif" alt="df" width="330" height="7" /></td>
      </tr>



    <tr>
      <td width="224" height="52"><strong>Items Specifications:</strong></td>
    </tr>
        <td width="224" height="4" style="font-size:11;"><ul>
          <li>Lemon</li>
        </ul></td>
    <tr>
      <td width="224" height="4" style="font-size:11;"><ul>
        <li>Marincra</li>
      </ul></td>
    </tr>
      <td width="321" height="29" rowspan="5">&nbsp; </td>
    <td width="544" height="29" rowspan="5">&nbsp;</td>







        <td height="1" colspan="1" style="font-size:11;"><ul>
          <li>Sal</li>
        </ul></td>
        <tr>
          <td height="1" style="font-size:11;"><ul>
            <li>Tomatos</li>
          </ul></td>
        </tr> <tr>
          <td height="1" style="font-size:11;"><ul>
            <li>Plums</li>
          </ul></td>
        </tr> <tr>
          <td height="1" style="font-size:11;"><ul>
            <li>Saludos</li>
          </ul></td>
        </tr> <tr>
          <td height="1" style="font-size:11;"><ul>
            <li>Asucar</li>
          </ul></td>
        </tr>
      
    </table>    
    '
    ;}
    }
    ?>
    My question is if there is possibility to insert the $id variable value in the shoename_id value each time a user insert a comment. Right now the value 0 is inserted in the table field appetizers_id everytime a comment is inserted the script goes like this:
    PHP Code:
    <?php

    if(isset($_POST['submit' ])){ 

    $nickname mysql_real_escape_string($_POST['nickname']);

    $fullname mysql_real_escape_string($_POST['fullname']);

    $pros mysql_real_escape_string($_POST['pros']);

    $cons mysql_real_escape_string ($_POST['cons']);

    $id2 = (int) $_GET['id']; 
     
    $query "INSERT INTO comments VALUES ('','$shoename_id', NOW(), '$nickname', '$fullname' ,'$pros', '$cons')";
    echo 
    $query;
    $result mysql_query($query) or die (mysql_error());

        echo 
    "Thanks for your comment";

    }

    ?>
    would that be possible to auto insert the value in the shoename_id as the variable $id value coming through the URL every time a user make a comment on that item..? so that in the query:

    PHP Code:
    <?php
    $sql 
    "SELECT * FROM comments ";
        
    $sql .= " WHERE shoename_id= '$id '"
        
    $sql .= " ORDER BY created ASC";
        
    ?>
    mysql get able to select only the comments assigned to that item by displaying the comments that only match $id value to the shoename_id field in the comments table?

    I have this foreach loop to display the comments but it is not working ok beside the fact that I have not a related database fields with value to match the $id variable in the URL so it can print the comments or values related to the shoename_id field.

    the foreach loop:
    PHP Code:
    <div id="comments">
      <?php foreach($sql as $comment): ?>
        <div class="comment" style="margin-bottom: 2em;">
            <div class="author">
              <?php echo htmlentities($fullname); ?> wrote:
            </div>
          <div class="body">
                    <?php echo strip_tags($cons '<strong><em><p>'); ?>
                </div>
            <div class="meta-info" style="font-size: 0.8em;">
              <?php echo datetime_to_text($created); ?>
            </div>
        </div>
      <?php endforeach; ?>
      <?php if(empty($sql)) { echo "No Comments."; } ?>
    </div>

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    I think you saying you want to be able to pass an id value between pages, using forms.

    If so you'd use a hidden field like so;
    Code:
    <form method=GET>
    <input type="hidden" name="id" value="<?php echo $id ?>">
    ...
    </form>
    Gradually though, you'd come to realise that is what sessions are for, to deal with information you want to persist between page requests.

    You could also us a cookie for such a simple value, although that of course can be spoofed - so it all depends what you are using it for, if its just the convenience of having the correct info appear, then any of the 3 methods will be fine.

    One word of warning though, you have to filter and try and cleanse any incoming variables.

    Here you could have typecast the id to an integer.
    PHP Code:
    $id = (int)$_GET['id'] ;

    if( 
    $id === 0)
    {
        exit(
    'ID can only be an integer');
    }
    ?> 
    If someone tampered with the data in your form and maybe tried an SQL Injection string, it would get turned to 0 and exit.

    You should not use unfiltered variables inside your sql statements, and you can google for sql injection to read the whole story on that.

  3. #3
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $shoename_id = (int) ($_POST['shoename_id']);


    is this correct?

    <input type="hidden" name="shoename_id" value="<?php echo $id ?>">

  4. #4
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am trying to use the shoename_id instead of the id field. I have the id field autoincrementing and it is not storing the $id variable value inside of the id field in the comments database instead as I said it autoincremtent.

    instead I have thought using this
    sanitize it
    $shoename_id = (int) ($_POST['shoename_id']);

    then in the form use it

    <input type="hidden" name="appetizers_id" value="<?php echo $id ?>">


    is that correct?

  5. #5
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    $shoename_id = (int) ($_POST['shoename_id']);

    then in the form use it

    <input type="hidden" name="appetizers_id" value="<?php echo $shoename_id ?>">

    Hmmm, not sure I am following you. if your variable is called shoename_id then you have to call its value using the same name (the variable name is the address in memory)
    Last edited by Cups; Jul 12, 2009 at 09:39. Reason: maybe I dont get it then?

  6. #6
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I made a typo it's name="shoename_id"

    I want the id in the URL to be inserted in the shoemame_id value's field. I will try the last one you did but I don't see any reference to the $id variable. I will test and give you the output.

  7. #7
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cups is storing into shoename_id now !!

    Before I had it

    <input type="hidden" name="id" value="<?php echo $id ?>">

    Instead of


    <input type="hidden" name="shoename_id" value="<?php echo $id ?>">

    No the shoename_id field is obtaining the value of the $id variable in the url thank you cups

  8. #8
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    I am just happy you are.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •