SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict stu567blue's Avatar
    Join Date
    Aug 2007
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Radio Button - MYSQL

    Hi All,

    I'm trying to get some radio button values to insert into a database... now they are part of the group, and this is represented in the form.. Everything else works fine apart from the MYSQL statement that handles the INSERT command.

    The code for the HTML is shown below:

    HTML Code:
    								<td><input type="radio" name="choice" value="work"/> I want to wacth</td>
    							</tr>
    							<tr>
    								<td></td>
    								<td><input type="radio" name="choice" value="watch"/>I want to work</td>
    Here is the PHP Script:

    PHP Code:
    <?php 

        
    // Start the session 
        
    session_start();
        
        
    // Fetch the configuration file for MYSQL connection
        
    require_once('config.php');
        
        
    // Array to store errors 
        
    $errmsg_arr = array();
        
        
    // Validation error flag
        
    $errflag false;
        
        
    // Connect to mysql server 
        
    $con mysql_connect(DB_HOSTDB_USERDB_PASSWORD);
            if (!
    $con) {
                
                die (
    'Error connecting to server ' mysql_error());
            }
        
        
    // Select database
        
    $db mysql_select_db(DB_DATABASE);
            if(!
    $db) {
                die (
    'Cannot select database');
            }
            
        
        
    // Prevent SQL Injection 
        
    function clean($str) {
            
    $str = @trim($str);
            if(
    get_magic_quotes_gpc()) {
                
    $str stripslashes($str);
            }
            return 
    mysql_real_escape_string($str);
        }
        
        
    // Clean the POST values from the form 
        
    $name clean($_POST['name']);
        
    $email clean($_POST['email']);
        
    $option $_POST['choice'];
        
    $day clean($_POST['day']);
        
    $month clean($_POST['month']);
        
    $year  clean($_POST['year']);
        
        
    // Input validations 
        
    if($name == '') {
            
    $errmsg_arr[] = 'Name is missing';
            
    $errflag true;
        }
        if(
    $email == '') {
            
    $errmsg_arr[] = 'E-mail address is missing';
            
    $errflag true;
        }
        if(
    $option == '') {
            
    $errmsg_arr[] = 'Please select watch or work';
            
    $errflag true;
        }
        if(
    $day == 'DD') {
            
    $errmsg_arr[] = 'Please choose a day from 1-31';
            
    $errflag true;
        }
        if(
    $day == 'MM') {
            
    $errmsg_arr[] = 'Please choose a month from 1-12';
            
    $errflag true;
        }
        if(
    $day == 'YYYY') {
            
    $errmsg_arr[] = 'Please choose a year from 1936-1994';
            
    $errflag true;
        }
        
        
    // Check for duplicate e-mail address 
        
    if($email != '') {
            
    $qry "SELECT * FROM members WHERE email_address='$email'";
            
    $result mysql_query($qry) or die ('error' mysql_error());
            if(
    $result) {
                if(
    mysql_num_rows($result) > 0) {
                    
    $errmsg_arr[] = 'E-mail address already registered';
                    
    $errflag true;
                }
                @
    mysql_free_result($result);
            }
            else {
                die(
    "Query Failed");
            }
        }
        
        
    // If there are input errors send it back to the registration form 
        
    if($errflag) {
            
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            
    session_write_close();
            
    header("location: index.php");
            exit();
        }
        
            
        
    // Create the SQL Query
        
    $insrt_query "INSERT INTO members (name, email_address, option, day, month, year) VALUES ('$name','$email','$_POST[choice]','$day','$month','$year')";
        
    $result_qry mysql_query($insrt_query) or die ('Error' mysql_error());
        
        
    // Create and Send an e-mail address 
        
    ?>
    I've got a feeling I need to perform an IF statement but unsure..

    Any ideas please reply..

    Thanks

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    PHP Code:
             
        
    // Create the SQL Query 

    // typo? insrt?

    $insrt_query "INSERT INTO members 
            (name, email_address, option, day, month, year) 
    VALUES ('
    $name','$email','"$_POST[choice] ."','$day','$month','$year')"
    PHP does not expand arrays inside a double quoted string.

    Use the . character to join up (concatenate) parts of the string.

    Watch your quoting very carefully.

    Also inserting data into your database without filtering or escaping it will permit sql injection attacks.

    If you are missing an if clause it would be to check that the choice being sent was one of the permitted ones.

    PHP Code:
    $allowed = array('work''watch');

    if(isset(
    $_POST['choice']) && in_array($_POST['choice'], $allowed) ) {

    // go ahead and add the operation


    As things stand you also have to handle the case where neither of the radio buttons is checked, unless you have a pressing need, add the html attribute selected=selected to the most likely radio option.

  3. #3
    SitePoint Addict stu567blue's Avatar
    Join Date
    Aug 2007
    Posts
    316
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Cups,

    Thanks for the advice...

    Problem resolved thanks again...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •