0

Hi, I am trying to insert data into 3 tables using mysql.. At first, I was able to insert in the first table (staffinfo), after coding for the second table insert (empinfo), It inserted into second table without inserting in first table AND finally it echoes 1 record added Successfully without inserting in the first, second, third table respectively .. ( staffinfo, empinfo, peninfo). I am a NEWBIE...kindly assist me in faulting my codes for correction..

`<html>
<body> 
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect Jaree: ' . mysql_error());
  }

mysql_select_db("coapen", $con);

$sql1="INSERT INTO staffinfo (title, name, gender, dob)
VALUES
('$_POST[title]','$_POST[fullname]','$_POST[sex]','$_POST[dob]')";
mysql_query($sql1);


$sql2="INSERT INTO empinfo (file_no, rank, gl, step, fad, pad, dept, division)
VALUES
('$_POST[fileno]','$_POST[rank]','$_POST[gl]','$_POST[step]','$_POST[first]','$_POST[pre]','$_POST[dept]','$_POST[div]')";
mysql_query($sql2);

$sql3="INSERT INTO peninfo (pfa, rsa, month, year, ba, hsa, tpa, employee _c, employer _c, total, remarks)
VALUES
('$_POST[pfa]','$_POST[rsa]','$_POST[month]','$_POST[year]','$_POST[basic]','$_POST[house]','$_POST[tp]','$_POST[employee]','$_POST[employee]',,'$_POST[total]',,'$_POST[rem]',)";
mysql_query($sql3);

echo "1 record added Successfully";

mysql_close($con)



?>
3
Contributors
8
Replies
42
Views
3 Years
Discussion Span
Last Post by GliderPilot
0
 <?php
$con = mysql_connect("mysql.nazuka.net","u370164308_try","0230Ga004");
if (!$con)
  {
  die('Could not connect Jaree: ' . mysql_error());
  }
mysql_select_db("u370164308_demo", $con);
$sql1="INSERT INTO main (id, name, email, phone)
VALUES
('$_POST[name]','$_POST[email]','$_POST[phone]')";
mysql_query($sql1) or die(mysql_error());
$sql2="INSERT INTO ors (add, dept, desig)
VALUES
('$_POST[add]','$_POST[dept]','$_POST[desig]')";
mysql_query($sql2) or die(mysql_error());

echo "1 record added Successfully";
mysql_close($con)
?>
0
<html>
<head>
<title>Insert in2 multiple tables in mysql</title>

</head>

<body>
<h4> Main Info</h4>
<form action="insert.php" method="post">
<label> Name: </label> <input type="text" name="name">
<label> Email: </label> <input type="text" name="email">
<label> Phone: </label> <input type="text" name="phone">
<h4> Other Info</h4>
<label> Address: </label> <input type="text" name="add">
<label> Dept: </label> <input type="text" name="dept">
<label> Designation: </label> <input type="text" name="desig">
<input type="submit" value="SUBMIT">
</form>
</body>

</html>
0

You have a buch of extra commas with the last few values of your third query so you're techinicaly trying to add more data than the number of columns specified. You alos have a space before the underscores with employee _c, employer _c not sure if that was intentional:

$sql3="INSERT INTO peninfo (pfa, rsa, month, year, ba, hsa, tpa, employee_c, employer_c, total, remarks)
VALUES
('$_POST[pfa]','$_POST[rsa]','$_POST[month]','$_POST[year]','$_POST[basic]','$_POST[house]','$_POST[tp]','$_POST[employee]','$_POST[employee]','$_POST[total]','$_POST[rem]')";

That should fix the issue, that being said I HIGHLY suggest NEVER using this code in any sort of production site. Not only are you opening yourself for very easy injection attacks, you're also not verifying any of these POST values are set prior to using them making it easy for your code to fail.

0

@GliderPilot, Please how do you think it is safe to write my codes without leaving chances for injection attacks?

Am I to adopt same method for posting and verifying?

0

You need to verify that all your post values have data assigned to them and that they contain what you expect them to. Ideally you should be using prepared mysqli statements.

Ultimately you can't assume that your post variables will have the data you expect. Always assume that someone is going to put malicious code for input and learn to detect and filter it out.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.