[RESOLVED] Help with insert please !

A__de_Sousa

Hi All,
I got a INSERT INTO like this:

function addProduct()
{
$catId = $POST['cboCategory'];
$catId2 = $POST['cboCategory2'];
$catId3 = $POST['cboCategory3'];
$name = $POST['txtName'];
$auteur = $POST['txtAuteur'];
$editeur = $POST['txtEditeur'];
$anne = $POST['txtAnne'];
$lieu = $POST['txtLieu'];
$ilustrateur = $POST['txtIlustrateur'];
$reliure = $POST['txtReliure'];
$format = $POST['txtFormat'];
$key = $POST['txtKey'];
$isbn = $POST['txtIsbn'];
$ref = $POST['txtRef'];
$etat = $POST['txtEtat'];
$description = $POST['mtxDescription'];
$price = str_replace(',', '', (double)$POST['txtPrice']);
$qty = (int)$POST['txtQty'];

$images = uploadProductImage('fleImage', SRV_ROOT . 'images/product/');

$mainImage = $images['image'];
$thumbnail = $images['thumbnail'];

$sql = "INSERT INTO tbl_product (cat_id, pd_titre, pd_auteur, pd_editeur, pd_anne_edition, pd_ilustrateur, pd_lieu, pd_keyword, pd_reliure, pd_format, pd_isbn, pd_ref, pd_etat, pd_descriptif, pd_price, pd_qty, pd_image, pd_thumbnail, pd_date)
VALUES ('$catId', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW()),
('$catId2', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW()),
('$catId3', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW())";

$result = dbQuery($sql);

header("Location: index.php?catId=$catId");
}

And my problem is, catId, catId2 and catId3 r select lists, if i only choose 1 of them they still inserting the 3 in my database. 1 with the information i input and the other 2 empty.
Can someone please tell me how to ignore the other 2 if they r not selected !?
Many thnks in advance.

djjjozsi

use an IF condition to know if that posted index has set with isset, or !empty , then add into the sql query.

But do not add posted values directly from your visitor! use mysql_real_escape_string,
"This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. "

hello, jjozsi

A__de_Sousa

Hi djjjozsi,
Before nothing thnks 4 ur reply, im a bit newby in php can u please make me a example !?
-thnks again

A__de_Sousa

Do u mean something like this !!¿?

<?php
function addProduct()
{
$catId = $POST['cboCategory'];
$catId2 = $POST['cboCategory2'];
$catId3 = $POST['cboCategory3'];
$name = $POST['txtName'];
$auteur = $POST['txtAuteur'];
$editeur = $POST['txtEditeur'];
$anne = $POST['txtAnne'];
$lieu = $POST['txtLieu'];
$ilustrateur = $POST['txtIlustrateur'];
$reliure = $POST['txtReliure'];
$format = $POST['txtFormat'];
$key = $POST['txtKey'];
$isbn = $POST['txtIsbn'];
$ref = $POST['txtRef'];
$etat = $POST['txtEtat'];
$description = $POST['mtxDescription'];
$price = str_replace(',', '', (double)$POST['txtPrice']);
$qty = (int)$POST['txtQty'];

$images = uploadProductImage('fleImage', SRV_ROOT . 'images/product/');

$mainImage = $images['image'];
$thumbnail = $images['thumbnail'];

if($POST['$catId2'] == "")
{
$insert_catId2 = "";
}
else
{
$insert_catid2 = "INSERT INTO tbl_product (cat_id, pd_titre, pd_auteur, pd_editeur, pd_anne_edition, pd_ilustrateur, pd_lieu, pd_keyword, pd_reliure, pd_format, pd_isbn, pd_ref, pd_etat, pd_descriptif, pd_price, pd_qty, pd_image, pd_thumbnail, pd_date)
VALUES ('$catId2', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW())";
}
if($POST['$catId3'] == "")
{
$insert_catId3 = "";
}
else
{
$insert_catid3 = "INSERT INTO tbl_product (cat_id, pd_titre, pd_auteur, pd_editeur, pd_anne_edition, pd_ilustrateur, pd_lieu, pd_keyword, pd_reliure, pd_format, pd_isbn, pd_ref, pd_etat, pd_descriptif, pd_price, pd_qty, pd_image, pd_thumbnail, pd_date)
VALUES ('$catId3', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW())";

$result = dbQuery($sql);

header("Location: index.php?catId=$catId");
}
?>

djjjozsi

edited: ask which part not clear, and i give you a longest explanation.

<?php
		function s($var)
		{
/* $var is the index names of your POST array!  */
			if(!empty($_POST[$var]))
			return mysql_real_escape_string(stripslashes($_POST[$var]));
		}


	function addProduct()
	{
		$test=true;   //set this switch into false if you 're not testing the queries

 //keep safe the posted values from the visitor before you send into the database
			$catId = s("cboCategory"); 
			$catId2 = s("cboCategory2");
			$catId3 = s("cboCategory3");
			$name = s("txtName");
			$auteur = s("txtAuteur");
			$editeur = s("txtEditeur");
			$anne = s("txtAnne");
			$lieu = s("txtLieu");
			$ilustrateur = s("txtIlustrateur");
			$reliure = s("txtReliure");
			$format = s("txtFormat");
			$key = s("txtKey");
			$isbn = s("txtIsbn");
			$ref = s("txtRef");
			$etat = s("txtEtat");
			$description = s("mtxDescription");

		$price = str_replace(',', '', (double)$_POST['txtPrice']);
		$qty = (int)$_POST['txtQty'];

		$images = uploadProductImage('fleImage', SRV_ROOT . 'images/product/');

		$mainImage = mysql_real_escape_string($images['image']);
		$thumbnail = mysql_real_escape_string($images['thumbnail']);

		if(!empty($catId))
		{
// Build an array with the second part of the INSERT, 
				$sql[]="('$catId', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW())";
			}

		if(!empty($catId2))
		{
			$sql[]="('$catId2', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW())";
		}

		if(!empty($catId3))
		{
			$sql[]="('$catId3', '$name', '$auteur', '$editeur', '$anne', '$ilustrateur', '$lieu', '$key', '$reliure', '$format', '$isbn', '$ref', '$etat', '$description', $price, $qty, '$mainImage', '$thumbnail', NOW())";
		}

		if(!empty($sql))
		{

		$insert = "INSERT INTO tbl_product (cat_id, pd_titre, pd_auteur, pd_editeur, pd_anne_edition, pd_ilustrateur, pd_lieu, pd_keyword, pd_reliure, pd_format, pd_isbn, pd_ref, pd_etat, pd_descriptif, pd_price, pd_qty, pd_image, pd_thumbnail, pd_date) ";

/* Use foreach to go throught your SQL array, and build the three sql query...*/
				foreach($sql AS $rows)
				{
					$query=$insert." VALUES ".$rows;

				if($test==true)
				{
/* If you're testing the query print it...*/
						print "TESTING QUERY: $query <br />";  //test the printed values in phpmyadmin!
					}
					else
					{
/* If you don't want to test the query but wun it now, lets query it, and handle the mysql errors*/
							dbQuery($query) or
							die("Error int query". mysql_error(). " in query: ". htmlspecialchars($query)."<br />");

				}
			}
		}

		if($test==false)
		header("Location: index.php?catId=$catId");
	}
?>

A__de_Sousa

!!!! wOw !!!! Realy nice djjjozsi !!
Now that i see things like this, looks so easy !
Yes i understend, maybe not all, how it works !! And it works just fine !! I just want to thank you a million times for ur time.
I ask the some thing in another forum and i want ur autorization to make a link here. Like that people like me can have some help if needed. Sorry for mi english.

!! Thank you again !!

djjjozsi

You're welcome, and you can freely link to this thread/forum.

And don't forget to set this thread as Resolved, if you think this problem has solved.

Hello,
jjozsi.