MySQL Problem

Question

PF2G 0 Junior Poster in Training

11 Years Ago

Hi, i'm doing a website where the user can add his favourite bands in his profile. But not every band is in the DB, so if the band isn't in the DB it adds the name in the column.

this is what i have:

if(mysql_query("INSERT INTO bandas_fav(band_fav_id_user, band_fav_id_banda) VALUES('".$_GET['iduser']."', '".$bands_name['banda_id']."')"))
    {        
        //Record was successfully inserted, respond result back to index page
        $my_id = mysql_insert_id(); //Get ID of last inserted row from MySQL

        $query_band_add=mysql_query("SELECT * FROM bandas WHERE banda_id='".$my_id."'", $con);
        $band_add=mysql_fetch_assoc($query_band_add);

        if(mysql_num_rows($query_band_add)!=0){
            echo '<li id="item_'.$my_id.'" style="float:left; border:1px solid #000; width:20%; margin-right:10px; margin-bottom:10px;">';
            echo '<div class="del_wrapper"><a href="#" class="del_button" id="del-'.$my_id.'">';
            echo '<img src="icon_del.gif" border="0" />';
            echo '</a></div>';
            echo '<div style="float:left; width:110px;"> <img src="../../'.$band_add['banda_logotipo'].'" width="100" style="margin-right:5px;" /></div>';
            echo '<div style="float:left; width:50px;"> <a href="../band_one.php?idbnd='.$band_add['banda_id'].'">'.$band_add["banda_nome"].'</a></div>'.'</li>';
            mysql_close($con); //close db connection
        }
        else{
            if(mysql_query("INSERT INTO bandas_fav(new_band) VALUES('".$contentToSave."') WHERE band_fav_id='".$my_id."'")){
                echo '<li id="item_'.$my_id.'" style="float:left; border:1px solid #000; width:20%; margin-right:10px; margin-bottom:10px;">';
                echo '<div class="del_wrapper"><a href="#" class="del_button" id="del-'.$my_id.'">';
                echo '<img src="icon_del.gif" border="0" />';
                echo '</a></div>';
                echo '<div style="float:left; width:110px;"> <img src="http://cache.gawkerassets.com/assets/images/9/2011/01/rock-band-2-wii.jpg" width="100" height="100" style="margin-right:5px;" /></div>';
                echo '<div style="float:left; width:50px;"> '.$contentToSave.'</div>'.'</li>';
                mysql_close($con); //close db connection
            }
            else{
                echo mysql_error();
            }
        }   
    }

mysql php sql

3 Contributors
7 Replies
152 Views
3 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by minitauros

jkon 636 Posting Whiz in Training

11 Years Ago

You forgot to mention the problem . I can see many problems in this code , but what is the one that is troubling you ?

jkon 636 Posting Whiz in Training

11 Years Ago

Where do you define the $contentToSave ? And more over band_fav_id should be string or int ? And why don’t you take a day or two learning PDO and a day or two more to learn separate logic from view? It is obvious that you are at first steps of programming and in that sense you have my full support, but why not taking a few steps further?

Edited 11 Years Ago by jkon

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

PF2G 0 Junior Poster in Training · Answer 1 · 2013-06-27T13:01:20+00:00

The second Insert gives me error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE band_fav_id='64'' at line 1

minitauros 151 Junior Poster Featured Poster · Answer 2 · 2013-06-27T13:15:34+00:00

My question would be the same as jkon's, what's in $contentToSave? And maybe you could read a bit about MySQL Injection, because your script seems not to be as secure as you might think :).

PF2G 0 Junior Poster in Training · Answer 3 · 2013-06-27T14:20:13+00:00

$contentToSave is the name of the band that you write:

<div class="form_style">
        <textarea name="content_txt" id="contentText" cols="45" rows="5"></textarea>
        <button id="FormSubmit" style="padding:5px;" >Adicionar Banda</button>
</div>

About security, it's not my main problem right now, i will take care of it later...

jkon 636 Posting Whiz in Training Featured Poster · Answer 4 · 2013-06-27T14:44:56+00:00

Again I can’t see where you define $contentToSave , (but without knowing the code and the table I can only see that this code is really a first attempt to programming) again I can’t see where did you provide us with the result of “SHOW CREATE TABLE bandas_fav” . The one thing is solving the problem , the main is understanding what you are doing and give you opinions about it . With no clues at all I am just wandering why there aren’t space in bandas_fav(new_band) new_band isn’t a column , a field of the table ?

minitauros 151 Junior Poster Featured Poster · Answer 5 · 2013-06-27T15:40:16+00:00

minitauros 151 Junior Poster

11 Years Ago

So $contentToSave equals $_POST['contentText']?