insert data into database

Question

ismael ahm@d 0 Newbie Poster

14 Years Ago

*********test.php**************
******************************

<form action="/forums/test_records.php" method="post" name="test" id="test">
<table width="385" border="1" align="center">
    <tr>
      <td width="120">Date: </td>
      <td width="249"><?PHP echo date("Y-m-d");?></td>
    </tr>
    <tr>
      <td>Particulars:</td>
      <td><input name="Particulars" type="text" size="40"></td>
    </tr>
    <tr>
      <td>Debit:</td>
      <td><input name="Debit" type="text" size="40"></td>
    </tr>
    <tr>
      <td>Credit:</td>
      <td><input name="Credit" type="text" size="40"></td>
    </tr>
    <tr>
      <td colspan="2"><div align="center">
        <input type="submit" name="Submit" value="Submit">
      </div></td>
    </tr>
  </table>
</form>

***********test_records.php*************
****************************************

<?php

 include 'connect/connection.php';



if (isset($_REQUEST['Submit'])) 
{
$sql = "INSERT INTO test( Date, Particulars, Debit, Credit, sum_of_debit, sum_of_credit, Balance) values ( NOW(),'".($_REQUEST['Particulars'])."', '".($_REQUEST['Debit']))."', '".($_REQUEST['Credit']))."' ,'".($_REQUEST['sum_of_debit'])."' ,'".($_REQUEST['sum_of_credit'])."' ,'".($_REQUEST['Balance'])."')";
$result = mysql_query($sql) or die (mysql_error());
}

Now my query is about that i have only four text fields in test.php through which i insert data into the database, but there in database i have 7 fields,
i just wana to insert record without using the text fiels and as well as find out the sum_debit and sum_credit from debit and credit fields respectively, and i m not sure that the above request is correct or not that i declared in the above test_records.php and the Balance field should be the result of sum_credit - sum_debit.

Plz help in this code....
** Will thankful to u ***

php

Edited 11 Years Ago by Reverend Jim because: Fixed formatting

4 Contributors
3 Replies
269 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by jayreis

is_set 0 Newbie Poster

14 Years Ago

oh accounting
great

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

diafol · Answer 1 · 2010-05-16T05:43:02+00:00

stow that 'request' rubbish - use post and clean all your variables before placing them in an sql statement.

Keeping track of your field-value pairs may be easier if you use the SET syntax.

INSERT INTO table SET field1 = value1,field2 = value2,field3 = value3

jayreis 0 Junior Poster in Training · Answer 2 · 2010-05-16T18:48:05+00:00

To repeat what the prior posted stated you will want to use post not request and also clean your form posts before putting them into your database

you should readup on
mysql_real_escape() function as well as using INT() function to ensure that the values of the form post are what they should be before you put them into your database.
When ever you have a form on your website that will take a users input and put it into a database you would never trust that the user will put in the type of data you are expecting them to put into the form. Which is why you need to clean and test the data before putting it into your database.

Hopw this helps get you on the right path