0
*********test.php**************
******************************

<form action="/forums/test_records.php" method="post" name="test" id="test">
<table width="385" border="1" align="center">
    <tr>
      <td width="120">Date: </td>
      <td width="249"><?PHP echo date("Y-m-d");?></td>
    </tr>
    <tr>
      <td>Particulars:</td>
      <td><input name="Particulars" type="text" size="40"></td>
    </tr>
    <tr>
      <td>Debit:</td>
      <td><input name="Debit" type="text" size="40"></td>
    </tr>
    <tr>
      <td>Credit:</td>
      <td><input name="Credit" type="text" size="40"></td>
    </tr>
    <tr>
      <td colspan="2"><div align="center">
        <input type="submit" name="Submit" value="Submit">
      </div></td>
    </tr>
  </table>
</form>

***********test_records.php*************
****************************************

<?php

 include 'connect/connection.php';



if (isset($_REQUEST['Submit'])) 
{
$sql = "INSERT INTO test( Date, Particulars, Debit, Credit, sum_of_debit, sum_of_credit, Balance) values ( NOW(),'".($_REQUEST['Particulars'])."', '".($_REQUEST['Debit']))."', '".($_REQUEST['Credit']))."' ,'".($_REQUEST['sum_of_debit'])."' ,'".($_REQUEST['sum_of_credit'])."' ,'".($_REQUEST['Balance'])."')";
$result = mysql_query($sql) or die (mysql_error());
}

Now my query is about that i have only four text fields in test.php through which i insert data into the database, but there in database i have 7 fields,
i just wana to insert record without using the text fiels and as well as find out the sum_debit and sum_credit from debit and credit fields respectively, and i m not sure that the above request is correct or not that i declared in the above test_records.php and the Balance field should be the result of sum_credit - sum_debit.

Plz help in this code....
** Will thankful to u ***

Edited by Reverend Jim: Fixed formatting

4
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by jayreis
0

stow that 'request' rubbish - use post and clean all your variables before placing them in an sql statement.

Keeping track of your field-value pairs may be easier if you use the SET syntax.

INSERT INTO table SET field1 = value1,field2 = value2,field3 = value3
0

To repeat what the prior posted stated you will want to use post not request and also clean your form posts before putting them into your database

you should readup on
mysql_real_escape() function as well as using INT() function to ensure that the values of the form post are what they should be before you put them into your database.
When ever you have a form on your website that will take a users input and put it into a database you would never trust that the user will put in the type of data you are expecting them to put into the form. Which is why you need to clean and test the data before putting it into your database.

Hopw this helps get you on the right path

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.