0

Hello, what am I doing wrong?

It just errors out or posts blanks.

'$edate=implode('-', {$_POST['edate']})',

Is the thing not working

<?php
include_once 'resources/init.php';

$sql="INSERT INTO Client (
    firstname,
    lastname,
    email,
    invoice,
    company,
    arenew,
    contact,
    wink,
    wint,
    wind,
    vtype,
    usera,
    yeara,
    sdate,
    edate,
    viprek,
notes)
    VALUES
('$_POST[firstname]',
'$_POST[lastname]',
'$_POST[email]',
'$_POST[invoice]',
'$_POST[company]',
'$_POST[arenew]',
'$_POST[contact]',
'$_POST[wink]',
'$_POST[wint]',
'$_POST[wind]',
'$_POST[vtype]',
'$_POST[usera]',
'$_POST[yeara]',
'$_POST[sdate]',
'$edate=implode('-', {$_POST['edate']})',
'$_POST[viprek]',
'$_POST[notes]')";

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
header("Location: index.php");

mysql_close($con)
?>

Edited by ARKaMAN: n/a

3
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by diafol
0
'$_POST[firstname]'

should be:

'{$_POST['firstname']}'

etc. BUT you should NEVER put unsanitized inputs into this type of sql query

ALSO

'$edate=implode('-', {$_POST['edate']})',

You can't place a function to run within quotes. That doesn't seem to make much sense to me. Why would you try to give a php variable a value inside an sql string?

",...,..," . implode('-', $_POST['edate']) . ",...,...";

would make more sense, but applying this value to a variable ($edate) before creating the sql string and then including the var in the sql would make the sql string more readable:

'$edate','...','...'

BUT again, you should clean the input ($_POST).

Edited by diafol: n/a

0

Can you link to a resource explaining what this cleaning is? Also why is it important?

0

And also check if each element of the $_POST array is actually set with isset(). Maybe $_POST has not been set.

0

With all due respect ARK, I noticed from a previous thread: http://www.daniweb.com/web-development/php/threads/409105/1748409#post1748409 that you actually used braces with your unsanitized post variables. Why do you regress?

My posts here:
http://www.daniweb.com/web-development/php/threads/409068/1745889#post1745889
and
http://www.daniweb.com/web-development/php/threads/409068/1745981#post1745981

cover this.

I suggest you read your past threads carefully. I'm not in the mood to repeat myself. If you have absolutely no idea of what you're doing, get hold of some tutorials - online or in print. Google for sanitizing or cleaning $_POST and $_GET variables in php. It's as simple as that. Alternatively, you can continue to ignore advice, but please don't ask for the same advice again.

Bye.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.