0

Hello all,
I am building an online Logbook service and have come to a dead end with my script. I am trying to make it so that when members are logged in, they can add records to a database (which I have done), then it automatically assigns that members id to any records they add. The members id is in table 'users' and the new records will be going in table 'realflights'.

Here's the code so far:

<?php
session_start();
include ("configuration.php");
?>
(HTML CODING)

<?php 
	if ($logged_in = is_logged_in())
	{
	if ($logged_in = is_logged_in())
	{
	$user = retrieve_user($logged_in);
	if (empty($_GET['id']))
	{
	$_GET['id'] = $user['id'];
	}
						
	$user = retrieve_user($logged_in);
	if ($_POST['submit-real-flight'])
	{
	{
	$update = mysql_query("INSERT INTO `realflights` SET `date_year` = '" .
	mysql_real_escape_string($_POST['date_year']) . "', `date_month` = '" . 
	mysql_real_escape_string($_POST['date_month']) . "', `date_day` = '" .
	mysql_real_escape_string($_POST['date_day']) . "', `aircraft_type` = '" .
	mysql_real_escape_string($_POST['aircraft_type']) . "', `aircraft_reg` = '" .
	mysql_real_escape_string($_POST['aircraft_reg']) . "', `captain` = '" .
	mysql_real_escape_string($_POST['captain']) . "', `holder_cap_rating` = '" .
	mysql_real_escape_string($_POST['holder_cap_rating']) . "', `from` = '" .
	mysql_real_escape_string($_POST['from']) . "', `to` = '" .
	mysql_real_escape_string($_POST['to']) . "', `time_dep` = '" .
	mysql_real_escape_string($_POST['time_dep']) . "', `time_arr` = '" .
	mysql_real_escape_string($_POST['time_arr']) . "', `day_se_command` = '" .
	mysql_real_escape_string($_POST['day_se_command']) . "', `day_se_dual` = '" .
	mysql_real_escape_string($_POST['day_se_dual']) . "', `day_me_command` = '" .
	mysql_real_escape_string($_POST['day_me_command']) . "', `day_me_dual` = '" .
	mysql_real_escape_string($_POST['day_me_dual']) . "', `night_se_command` = '" .
	mysql_real_escape_string($_POST['night_se_command']) . "', `night_se_dual` = '" .
	mysql_real_escape_string($_POST['night_se_dual']) . "', `night_me_command` = '" .
	mysql_real_escape_string($_POST['night_me_command']) . "', `night_me_dual` = '" .
	mysql_real_escape_string($_POST['night_me_dual']) . "', `instrument_flight` = '" .
	mysql_real_escape_string($_POST['instrument_flight']) . "', `other_flying` = '" .
	mysql_real_escape_string($_POST['other_flying']) . "', `day_to` = '" .
	mysql_real_escape_string($_POST['day_to']) . "', `day_land` = '" .
	mysql_real_escape_string($_POST['day_land']) . "', `night_to` = '" .
	mysql_real_escape_string($_POST['night_to']) . "', `night_land` = '" .
	mysql_real_escape_string($_POST['night_land']) . "', `remarks` = '" .
	mysql_real_escape_string($_POST['remarks']) . "', `flight_id` = '" .
	mysql_real_escape_string($_POST['flight_id']) . "'");
	}
	}
	if ($update)
	{
	$response_message = "You have successfully added a flight.";
		}
		else
		{
		$response_message = "Error, Unable to add flight..";
		}
		}
		$user = retrieve_user($logged_in);
		echo $response_message;
		}
		else
		{
		echo "You are not logged in.<br /><a href=\"login.php\">Login Here</a>";
		}
	?>

(MORE HTML CODE)

Please bear in mind I am moderately new to PHP and mysql so can you please explain the solution in laymans terms? Thankyou.

Edited by ElliottDuke: n/a

1
Contributor
1
Reply
2
Views
6 Years
Discussion Span
Last Post by ElliottDuke
0

Solved
mysql_real_escape_string($_POST) . "', `pilot_id` = '" .
mysql_real_escape_string($user) . "'");

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.