I am trying create a form for my club which takes info from a database to enable a sub selection of trainees from the database. Then additionally select a from a list of events and INSERT both back into a database. It writes to the database OK and loops through the correct number of times but doesnt pass $trainee value to the database I think what is failing is the passing of the info from
print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' />
to the $query in the if(isset($_POST['formSubmit'])) loop.
Anyone tell me where I am going wrong? Code listed below
<?php
//Retrieve trainees of specified grade
$data = mysql_query('SELECT * FROM membership WHERE grade = "Trainee" ')
or die(mysql_error()); // select works
// Writes to database OK, including Trainee if manual value entered into form like done in instrucot
$query = "INSERT INTO testtraining ( trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ( '{$_POST['Trainee']}', '{$_POST['activity']}', '{$_POST['instructor']}', '{$_POST['enteredBy']}', NOW())";
// Feedback and posting
if(isset($_POST['formSubmit']))
{
$aTrainee = $_POST['data'];
$training = $_POST['activity'];
if(empty($aTrainee))
{
echo("<p>You didn't select trainees.</p>\n");
} else {
$N = count($aTrainee);
echo("<p>You selected $N trainee(s): ");
for($i=0; $i < $N; $i++) // loop thru all selected checkbox adding
{
$trainee = $aTrainee[$i];
// Execute the query.
if (@mysql_query ($query)) {
// lists OK on screen but does not pass to form for writing to database
print "<p>The $training added for $trainee.</p>";
}
}
}
}
// end of posting
// Start of form
// Creates list with checkbox, cycles through info from membership database and makes a multi select checkbox list
while($info = mysql_fetch_array( $data )) //repeat while there is still data from SELECT
{
?>
<form action ="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" >
<input id= "<?= $info['no'] ?>" type="checkbox" name="data[]" value="<?= $info['no'] ?>" />
<label for="<?= $info['no'] ?>"><?= $info['_no'] ?></label>
<br />
<?
}
// Training Activities checkbox, Displays training activity to be selected from
print '<p><input type="radio" name="activity" value="Training1" /> Training1</p>'; //works
print '<p><input type="radio" name="activity" value="Training2" /> Training2</p>'; //works
print ' <input type="hidden" name="Trainee" value= ' . $trainee . ' />
<input type="hidden" name="instructor" value= anInstructor />
<input type="hidden" name="enteredBy" value=' . ($_SESSION['username']) . ' />
<input type="submit" name="formSubmit" value="Add Training" />
</form>';
mysql_close(); // Close the database connection;
?>
Your query does not break out from the string to insert the variables.
ReplyDeleteInstead try:
$query = "INSERT INTO testtraining ( trainee_no, activity, instructor, entered_by, entered_by_date) VALUES ( '".$_POST['Trainee']."', '".$_POST['activity']."', '".$_POST['instructor']."','".$_POST['enteredBy']."', NOW())";
Though I would suggest first adding those $_POST variables into $variables and run some validation to ensure it is clean. addslashes() is a good start to ensure no SQL errors pop up. But this isn't a lecture on safely inserting sanitized user input.