URGENT: mysql_real_escape in php

Question

mgd00tz 0 Newbie Poster

12 Years Ago

I'm using int type in my database, what I should put in order to catch the input data by users? mysql_real_escape_string is not working because I think he can cater only the string values.

here is my codes.

<?php

/* 
 NEW.PHP
 Allows user to create a new entry in the database
*/
 
 // creates the new record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($receiptNumber, $paymentDate, $ammount, $ammountPaid, $studentId, $errorL)
 {

 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
 <title>New Record</title>
 </head>
 <body>
 <?php 
 // if there are any errors, display them
 if ($errorL != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$errorL.'</div>';
 }
 ?> 
 
 <form action="" method="post">
 <div>

 <strong>Receipt Number: *</strong> <input type="text" name="oicId" value="<?php echo $receiptNumber; ?>" /><br/>
 <strong>Payment Date: *</strong> <input type="text" name="oicName" value="<?php echo $paymentDate; ?>" /><br/>
 <strong>Ammount: *</strong> <input type="text" name="gender" value="<?php echo $ammount; ?>" /><br/>
 <strong>Ammount Paid: *</strong> <input type="text" name="ssgposition" value="<?php echo $ammountPaid; ?>" /><br/>
 <strong>Student ID: *</strong> <input type="text" name="ssgposition" value="<?php echo $studentId; ?>" /><br/>
 <p>* required</p>
 <input type="submit" name="submit" value="Submit">
 
 </div>
 </form> 
 </body>
 </html>
 
 <?php 
 }
 
 
 

 // connect to the database
 include('connect-db.php');
 
 // check if the form has been submitted. If it has, start to process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // get form data, making sure it is valid
 
 $receiptNumber = ($_POST['receiptNumber']);
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['paymentDate']));
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['ammount']));
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ammountPaid']));
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['studentId']));

 
 
   
 // check to make sure both fields are entered
 if ($receiptNumber == '' || $paymentDate== ''  || $ammount == '' || $ammountPaid == '' || $studentId == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';
 
 // if either field is blank, display the form again
 renderForm($receiptNumber, $paymentDate, $ammount, $ammountPaid, $studentId, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("INSERT payments SET receiptNumber='$receiptNumber', paymentDate='$paymentDate', ammount='$ammount', ammountPaid='$ammountPaid', studentId='$studentId'")
 or die(mysql_error()); 
 
 // once saved, redirect back to the view page
 header("Location: view.php"); 
 }
 }
 else
 // if the form hasn't been submitted, display the form
 {
 renderForm('','','','','','');
 }
?>

it appears that Error! Notice: Undefined index: receiptNumber in C:\wamp\www\finals\payments\new.php on line 59 until line 63.
please help me guys.

mysql php

3 Contributors
2 Replies
218 Views
8 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by cyverge

Biiim 182 Junior Poster

12 Years Ago

change:

$receiptNumber = ($_POST['receiptNumber']);
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['paymentDate']));
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['ammount']));
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ammountPaid']));
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['studentId']));

to:

if(isset($_POST['receiptNumber'])){
 $receiptNumber = ($_POST['receiptNumber']);
}else{
 $receiptNumber = '';
}
if(isset($_POST['paymentDate'])){
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['paymentDate']));
}else{
 $paymentDate = '';
}

if(isset($_POST['ammount'])){
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['ammount']));
}else{
 $ammount = '';
}

if(isset($_POST['ammountPaid'])){
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ammountPaid']));
}else{
 $ammountPaid = '';
}
if(isset($_POST['studentId'])){
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['studentId']));
}else{
 $studentId = '';
}

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cyverge 0 Newbie Poster · Answer 1 · 2012-03-17T10:23:46+00:00

'name' attribute is used in $_POST and everywhere else not the 'value' attribute. put all the 'name' attribute in line 58 to 62 in place of 'value' of input html tags. it will resolve the problem. Thanks

// get form data, making sure it is valid

$receiptNumber = ($_POST['oicId']);
 $paymentDate = mysql_real_escape_string(htmlspecialchars($_POST['oicName']));
 $ammount = mysql_real_escape_string(htmlspecialchars($_POST['gender']));
 $ammountPaid = mysql_real_escape_string(htmlspecialchars($_POST['ssgposition']));
 $studentId = mysql_real_escape_string(htmlspecialchars($_POST['ssgposition']));