Hi In my postgres databse, I have a table named grid_data. I want to insert a new row in that table whn someone enters values in the html form.. But dnt knw why its not working. below is the code.


<form action="test_insert.php" method="POST">

	<td><input type="text" name="employee_id" value="0" size = "2" ></td>
	<td><input type="text" name="task_no" value="0" size = "2" ></td>
	<td><input type="text" name="discription" value="0" size = "2"></td>
	<td><input type="text" name="mon" value="0" size = "2"></td>
	  <td><input type="text" name="tue" value="0" size = "2"></td>
          <td><input type="text" name="wed" value="0" size = "2"></td>
          <td><input type="text" name="thu" value="0" size = "2"></td>
          <td><input type="text" name="fri" value="0" size = "2"></td>
          <td><input type="text" name="sat" value="0" size = "2"></td>
          <td><input type="text" name="sun" value="0" size = "2"></td>
	<td><input type="text" name="total" value="0" size = "2"></td>          
	<td><input type="text" name="week_no" value="0" size = "2"></td>
<input name="submit" value="Submit" type="submit">

$query = "insert_into public.grid_data (employee_id, task_no, discription, mon, tue, wed, thu, fri, sat, sun, total, week_no)
('$_POST[employee_id]','$_POST[task_no]','$_POST[discription]','$_POST[mon]','$_POST[tue]','$_POST[wed]','$_POST[thu]','$_POST[fri]','$_POST[sat]','$_POST[sun]','$_POST[total]','$_POST[week_no]') ";
$result = pg_exec ($dbc, $query);


The connection to the database happeing by postgres connect. which is perfectly fine because I am using it for other forms and its working perfectly fine.

If somone can please tell me whts wrong with my code.
Many thanks in advance

8 Years
Discussion Span
Last Post by edwinhermann

I think $query = "insert_into should be $query = "insert into I dont do Postgres though, although I assume it is simialr to MySQL


HI Xan,
The point made by you was perfecty right. I corrected that. But still the problem remains. still there is no new row inserted in the database.


Nop thats pretty fine.. works with my other php's.

Well that's surprising because there doesn't seem to be any documentation on pg_exec()
See http://ch.php.net/manual-lookup.php?pattern=pg_exec&lang=en for example.

One thing I've noticed is that you're not safely escaping strings. Not only is this dangerous but it can cause statements to fail because of invalid syntax. Maybe that's what's happening.

You need to replace all your $_POST variables in the statement with pg_escape_string($_POST).

Values("'.pg_escape_string($_POST[employee_id])."','".pg_escape_string($_POST[task_no])."', ... etc

For example:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.