Why is that My PHP records not being INSERTED

Question

Good Day!

Guys can you help me to check why my is it that i cannot insert records using chekbox option on table..

Please Help..

Here's My Code...

--ADDING Subject Load for Teacher HTML Form-- (studsub.php)

<form action="setsubject.php" method="post">
 <?php
include('../connect.php');
$id=$_GET['id'];
$result = mysql_query("SELECT * FROM student WHERE id='$id'");
        while($row = mysql_fetch_array($result))
            {
                //$course=$row['course'];
                //$year=$row['yearlevel'];
                //$section=$row['section'];
                $idnumber=$row['idnumber'];
                echo '<br/>';
                echo $row['lname'].", ".$row['fname'];

?> 
<input type="hidden" name="studidnum" value="<?php echo $rows['idnumber']?>">
<?php }
?>
<br/><br/>
<label for="filter">Filter</label> <input type="text" name="filter" value="" id="filter" />


  <table cellpadding="1" cellspacing="1" id="resultTable">
            <thead>
                <tr>
                  <th  style="border-left: 1px solid #C1DAD7"><label>Assign</label></th>
                    <th  style="border-left: 1px solid #C1DAD7"> Subject ID </th>
                    <th>Title</th>
                    <th>Units</th>
              </tr>
            </thead>
            <tbody>


            <?php
                include('../connect.php');
                $result = mysql_query("SELECT * FROM tbl_cur_sub where status='1' ");
                while($row = mysql_fetch_array($result))
                    {
                        echo '<tr class="record">';
                    echo '  <td>' . '<input type="checkbox" name="subject[]" value="'.$rows['code'].'" />' . '</td> ' ;
                        echo '<td  style="border-left: 1px solid #C1DAD7">'.$row['code'].'</td>';
                        echo '<td><div align="left">'.$row['subject'].'</div></td>';
                        echo '<td><div align="left">'.$row['units'].'</div></td>';

                        echo '</tr>';
                    }
                ?> 
            </tbody>
  </table>
  <br/>
  Course<br>
  <select name="course" class="ed">
    <?php
        include('../connect.php');
        $results = mysql_query("SELECT * FROM course");
        while($rows = mysql_fetch_array($results))
            {
            echo '<option>'.$rows['coursecode'].'</option>';
            }
        ?>
  </select>
  <select name="yearlevel" class="ed">
    <?php
        include('../connect.php');
        $results = mysql_query("SELECT * FROM tbl_yrlevel");
        while($rows = mysql_fetch_array($results))
            {
            echo '<option>'.$rows['yearlevel'].'</option>';
            }
        ?>
  </select>
  <select name="section" class="ed">
    <option>A</option>
    <option>B</option>
    <option>C</option>
    <option>D</option>
  </select>
  <br>
  <br>
  <input type="submit" value="Assign" id="button1">
</form>

--The Submission Page -- (setsubject.php)

<?php
include('../connect.php');

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str)
    {
        $str = @trim($str);
        if(get_magic_quotes_gpc())
            {
            $str = stripslashes($str);
            }
        return mysql_real_escape_string($str);
    }
//Sanitize the POST values
$course = clean($_POST['course']);
$section = clean($_POST['section']);
$yearlevel = clean($_POST['yearlevel']);
$studidnum=$_POST['studidnum'];
$subject=$_POST['subject'];
$N = count($subject);
for($i=0; $i < $N; $i++)
{
    mysql_query("INSERT INTO studentsubject (student, subject, section, course, level) VALUES ('$studidnum', '$subject[$i]','$section','$course', '$level')");
    }

header("location: student.php");
mysql_close($con);
?>

--My Database--

TABLE: studentsubject FIELDS: student, subject, section, course, level

Thanks IN advance for the Help..

possible duplicate of [Checking if Record Exist (Teacher Loads) Then Update it if Possible](http://stackoverflow.com/questions/18777895/checking-if-record-exist-teacher-loads-then-update-it-if-possible) — peterm, Sep 13 '13 at 04:01
**By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. — Andy Lester, Sep 13 '13 at 04:05
*sidenote:* stop using deprecated `mysql_*` functions. use MySQLi or PDO instead. — Raptor, Sep 13 '13 at 04:14
Try adding curly brackets around `$subject` -> `'{$subject[$i]}'`. You could also use `mysql_error()` after your insert query to find out why it is failing -> `mysql_query("INSERT INTO studentsubject ...") or die(mysql_error());` — Sean, Sep 13 '13 at 04:15

Nambi · Answer 1 · 2013-09-13T04:09:15.613

0

change the mysql statement...you need to differ the variable and string in the query

$result = mysql_query("SELECT * FROM student WHERE id='".$id."'");

edited Sep 13 '13 at 04:09

answered Sep 13 '13 at 04:03

Nambi

11,944
3
37
49

score 0 · Answer 2 · answered Sep 13 '13 at 04:05

0

TRY
mysql_query("SELECT * FROM tbl_cur_sub where status=1 ");

answered Sep 13 '13 at 04:05

internals-in

4,798
2
21
38

welcome to stackoverflow. is this answer helpful ? then dont forget to aceept the answer :) – internals-in Sep 13 '13 at 05:41

Why is that My PHP records not being INSERTED

2 Answers2