Insert data into three tables using php and mysql

Question

adebayo.sas 0 Light Poster

10 Years Ago

Hi, I am trying to insert data into 3 tables using mysql.. At first, I was able to insert in the first table (staffinfo), after coding for the second table insert (empinfo), It inserted into second table without inserting in first table AND finally it echoes 1 record added Successfully without inserting in the first, second, third table respectively .. ( staffinfo, empinfo, peninfo). I am a NEWBIE...kindly assist me in faulting my codes for correction..

`<html>
<body> 
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect Jaree: ' . mysql_error());
  }

mysql_select_db("coapen", $con);

$sql1="INSERT INTO staffinfo (title, name, gender, dob)
VALUES
('$_POST[title]','$_POST[fullname]','$_POST[sex]','$_POST[dob]')";
mysql_query($sql1);


$sql2="INSERT INTO empinfo (file_no, rank, gl, step, fad, pad, dept, division)
VALUES
('$_POST[fileno]','$_POST[rank]','$_POST[gl]','$_POST[step]','$_POST[first]','$_POST[pre]','$_POST[dept]','$_POST[div]')";
mysql_query($sql2);

$sql3="INSERT INTO peninfo (pfa, rsa, month, year, ba, hsa, tpa, employee _c, employer _c, total, remarks)
VALUES
('$_POST[pfa]','$_POST[rsa]','$_POST[month]','$_POST[year]','$_POST[basic]','$_POST[house]','$_POST[tp]','$_POST[employee]','$_POST[employee]',,'$_POST[total]',,'$_POST[rem]',)";
mysql_query($sql3);

echo "1 record added Successfully";

mysql_close($con)



?>

mysql php

3 Contributors
8 Replies
2K Views
1 Week Discussion Span
Latest Post 10 Years Ago Latest Post by GliderPilot

pritaeas 2,194 ¯\_(ツ)_/¯

10 Years Ago

Do:

mysql_query($sql1) or die(mysql_error());

and tell us if you see an error.

GliderPilot 33 Posting Whiz

10 Years Ago

You have a buch of extra commas with the last few values of your third query so you're techinicaly trying to add more data than the number of columns specified. You alos have a space before the underscores with employee _c, employer _c not sure if that was intentional:

$sql3="INSERT INTO peninfo (pfa, rsa, month, year, ba, hsa, tpa, employee_c, employer_c, total, remarks)
VALUES
('$_POST[pfa]','$_POST[rsa]','$_POST[month]','$_POST[year]','$_POST[basic]','$_POST[house]','$_POST[tp]','$_POST[employee]','$_POST[employee]','$_POST[total]','$_POST[rem]')";

That should fix the issue, that being said I HIGHLY suggest NEVER using this code in any sort of production site. Not only are you opening yourself for very easy injection attacks, you're also not verifying any of these POST values are set prior to using them making it easy for your code to fail.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

adebayo.sas 0 Light Poster · Answer 1 · 2014-04-01T13:23:26+00:00

Column count doesn't match value count at row 1

adebayo.sas 0 Light Poster · Answer 2 · 2014-04-01T13:23:44+00:00

 <?php
$con = mysql_connect("mysql.nazuka.net","u370164308_try","0230Ga004");
if (!$con)
  {
  die('Could not connect Jaree: ' . mysql_error());
  }
mysql_select_db("u370164308_demo", $con);
$sql1="INSERT INTO main (id, name, email, phone)
VALUES
('$_POST[name]','$_POST[email]','$_POST[phone]')";
mysql_query($sql1) or die(mysql_error());
$sql2="INSERT INTO ors (add, dept, desig)
VALUES
('$_POST[add]','$_POST[dept]','$_POST[desig]')";
mysql_query($sql2) or die(mysql_error());

echo "1 record added Successfully";
mysql_close($con)
?>

adebayo.sas 0 Light Poster · Answer 3 · 2014-04-01T13:29:51+00:00

adebayo.sas 0 Light Poster

10 Years Ago

http://compware.uk.ht/demo

adebayo.sas 0 Light Poster · Answer 4 · 2014-04-01T13:30:07+00:00

<html>
<head>
<title>Insert in2 multiple tables in mysql</title>

</head>

<body>
<h4> Main Info</h4>
<form action="insert.php" method="post">
<label> Name: </label> <input type="text" name="name">
<label> Email: </label> <input type="text" name="email">
<label> Phone: </label> <input type="text" name="phone">
<h4> Other Info</h4>
<label> Address: </label> <input type="text" name="add">
<label> Dept: </label> <input type="text" name="dept">
<label> Designation: </label> <input type="text" name="desig">
<input type="submit" value="SUBMIT">
</form>
</body>

</html>

adebayo.sas 0 Light Poster · Answer 5 · 2014-04-02T12:59:03+00:00

@GliderPilot, Please how do you think it is safe to write my codes without leaving chances for injection attacks?

Am I to adopt same method for posting and verifying?

GliderPilot 33 Posting Whiz · Answer 6 · 2014-04-02T18:31:57+00:00

You need to verify that all your post values have data assigned to them and that they contain what you expect them to. Ideally you should be using prepared mysqli statements.

Ultimately you can't assume that your post variables will have the data you expect. Always assume that someone is going to put malicious code for input and learn to detect and filter it out.