1

I wrote a query but now I'm having doubts.

The first one I have to insert a CD supplied by a particular supplier and produced by a particular producer. 

$sql="INSERT INTO cd (supplier_name, 
                      supplier_address, 
                      producer_name, 
                      producer_address, 
                      cd_title, 
                      cd_type, 
                      cd_year) 
             VALUES ('$_POST[supp_name]', 
                     '$_POST[supp_addr]', 
                     '$_POST[prod_name]', 
                     '$_POST[prod_addr]', 
                     '$_POST[cd_title]', 
                     '$_POST[cd_year]' , 
                     '$_POST[cd_type]')";

But then I realized, I have a table called CD with ONLY THREE ATTRIBUTES, title, year and type. CD(title, year, type). However, how I just need to insert the CD information by a particular supplier X and particular producer Y. How do I do that?

enter image description here

Also, my form for data entry looks like this: 

<form action="cd.php" method="post">
<h4> Enter CD information </h4> 
CD Title: <input type="text" name="cd_title"><br>
CD Year: <input type="text" name="cd_year"><br>
CD Type: <input type="text" name="cd_type"><br>

<h4>Enter supplier information</h4>
Supplier Name:  <input type="text" name="supp_name"><br>
Supplier Address:<input type="text" name="supp_addr"><br>


<h4> Enter producer information </h4> 
Producer Name:<input type="text" name="prod_name"><br>
roducer Address:<input type="text" name="prod_addr"><br>

<input type="submit" name="submit" value="Submit">

So, I'm wondering if a user enters the above data, where does it get stored? Under what table? (That is, where does the supplier and producer info get stored?

Kala J
  • 2,040
  • 4
  • 45
  • 85
  • 2
    Your script seems to be vulnerable to SQL injection. You should do something to [prevent them](http://stackoverflow.com/q/60174/53114). – Gumbo May 19 '13 at 22:19
  • Thanks. That aside, I'm not too worried about SQL injection right now but thanks :D – Kala J May 19 '13 at 22:26
  • can each cd only have one supplier and one producer? Can a supplier or producer have more than one address? if a cd is only supplied by one supplier and produced by one producer, and each only have one address, you should probably change the cd table adding the extra attributes. And one ID, to make it easier to identify a cd (so you don't need to use the title, year and type). – jvilhena May 19 '13 at 22:27
  • 1
    Can you better explain your question? I am having a real hard time understanding what you are trying to achieve here. – Jake Ball May 19 '13 at 22:27
  • Could you alter your "CD" table to accommodate the other data? – Sumner Evans May 19 '13 at 22:33
  • This is not even 1st Normal form! In supplier and producers tables and then add a foreign key to supplierID and producerid. Please take a basic database tutorial. – Tony Hopkinson May 19 '13 at 22:34
  • Sorry about that. So basically, I'm trying to say is: insert a CD by supplier X and producer Y. So, if I have a CD with supplier X and producer Y, I want to be able to insert that. – Kala J May 19 '13 at 22:34
  • So you have a supplier table, each supplier should have an id, so you need to add supplierid (not null) to the cd table. Now you can only have a cd if it has a supplier in your supplier table. – Tony Hopkinson May 19 '13 at 22:40
  • so, I should have a supplier id and a producer id in the table CD? Also, is there any link or tutorial you can direct me to read up on this? Thank you so much! – Kala J May 19 '13 at 22:47
  • How'd you draw that schema? – Buttle Butkus May 19 '13 at 22:48
  • I drew the schema using Visio. See Edit – Kala J May 20 '13 at 00:12

1 Answers1

1

I'm not sure exactly how you mean, but I'll give it a try:

Try using a select with joins to Supplier and Producer table:

SELECT * FROM CD
JOIN Supplier S ON CD.Supplied = S.Supplied
JOIN Producer P ON CD.Produced = P.Produced
WHERE S.name = X AND P.name = Y

If above query returns true, then do the insert.

UPDATE: Now when looking at your html-form I think I understand what you're looking for...

You want a relationsship between CD-table and Producer-table AND a relationsship between CD-table and Supplier-table.

You do this relation by adding and supplier_id-column in your CD-table and a producer_id**-column in your CD-table

AND

an autoincremental id in both Supplier-table and in the Producer-table.

The last step with the actual db is to to create constraints between supplier_id and id-column of supplier-table and producer_id and id-column of producer-table.

When you've done that, you might do something like this:

//When form is submitted...


//First query  (Insert this only if it doesn't already exist in Supplier-table - IGNORE keyword takes care of this)
$sql1="INSERT IGNORE INTO Supplier (supplier_name, 
                      supplier_address) 
             VALUES ('$_POST[supp_name]', 
                     '$_POST[supp_addr]', 
                     )";

//Execute query $sql1
//Get last inserted id from query $sql1 and store it in $idLastInsertedSupplier


//Second query  (Insert this only if it doesn't already exist in Producer-table - IGNORE keyword takes care of this) 
$sql2="INSERT IGNORE INTO Producer (producer_name, 
                      producer_address) 
             VALUES ('$_POST[prod_name]', 
                     '$_POST[prod_addr]')";

//Execute query $sql2
//Get last inserted id from query $sql2 and store it in $idLastInsertedProducer

//Insert CD-table query: 
    $sql="INSERT INTO CD (
                          cd_title, 
                          cd_type, 
                          cd_year,
                          supplier_id,
                          producer_id
                          ) 
   VALUES ('$_POST[cd_title]', 
                         '$_POST[cd_year]' , 
                         '$_POST[cd_type]',
$idLastInsertedSupplier,$idLastInsertedProducer)";

Of course you should use prepared statements (with placeholders) with PDO or Mysqli. I have not taken security of SQL into account (not using placeholder, not sanitizing data etc).

Why id's? You could insert into all values into all three tables without having references (ids) between the tables, but then there would be no point of having a relational database. It would also be much harder to do all SQL-operations afterward. Let's say you would want a list of all cd's with their producers and suppliers.

With relational storage (with their id's) you could execute an sql-statement like this:

SELECT * FROM CD
JOIN Supplier S ON CD.id = S.id
JOIN Producer P ON CD.id = P.id

and just fetch the rows.

There is no good way of doing the same thing without having these references. (It's impossible for the db to know which row in producer-table that belongs to which row in the CD-table without having any reference). You COULD of course add name of producers and suppliers in the CD-table also, but then there would be duplicates and for the most of the time you don't want that (in some extreme cases for speed it would be the only option to have these duplicates though).

I hope I made it clearer now.

bestprogrammerintheworld
  • 5,417
  • 7
  • 43
  • 72
  • So, an if-else statement for the insert. How do I combine a select and an insert query? – Kala J May 20 '13 at 00:14
  • Yes, this exactly what I meant. Thank you so much! I was wondering before I saw your edit. I just used insert into statements for each table without making ids. Would that be wrong and why would that be wrong? I understand that makes the tables not connected but I'm wondering since the user inputs the data on one submission, doesn't the data get inputted into each of the tables regardless? (since I have three insert into statements for each table?) – Kala J May 23 '13 at 12:11
  • @KalaJ - Glad to help! I made an edit in my answer which I hope will help you further. – bestprogrammerintheworld May 23 '13 at 13:25