0

This won't work for me, I have been using inserts and every other sql statment there on this work, but for some reason this is not working.

The table below is structured as follows.

**passenger_journey**
j_id  user_id
142    1
142    14

Below all I'm trying to do is insert the logged in users id which is the $user_id and the journey id which is $id. Thee are working are the variables are set.

I think a possible problem may be the $id as I'm getting this from the url using the GET method.

<?php

    $insert_passenger = "INSERT INTO `passenger_journey` VALUES ('" . mysql_real_escape_string($id) ."','" . mysql_real_escape_string($user_id) . "')";



        if (isset($_POST['submit'])){

        mysql_query($insert_passenger);

        }
    ?>


<form method="POST">
<br/>Add yourself to this journey!<br/> 
<input type ="submit" value="Sign up for this Journey"/>
</form>

This has been driving me mad for hours any help would be great.

Getek99
  • 479
  • 2
  • 5
  • 18
  • Where do the values come from? Are you sure db connection is established properly? – kero Dec 08 '13 at 21:42
  • 2
    `echo $insert_passenger;` is it what you expect? does it work in the likes of phpmyadmin or the mysql consol? –  Dec 08 '13 at 21:43
  • Which are the data types of the columns? If they are numeric, you have to remove the ' – kiks73 Dec 08 '13 at 21:44
  • So what's not working? – Tony Hopkinson Dec 08 '13 at 21:44
  • Hey guys thanks, The insert is just not working, the data types are both INT. Both the variables are set. The value $id comes for the url by using the GET, I echo both and they are working. The database connect is working and is required. – Getek99 Dec 08 '13 at 21:46
  • @kiks73 quotes for integers are allowed, just not required unlike for strings –  Dec 08 '13 at 21:48
  • @TrevorKeating: Please, for the love of all that is holy (and all that is not, too) [***don't use the `mysql_*` extension](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php)*** It's been **deprecated** for some time now – Elias Van Ootegem Feb 20 '14 at 14:07

1 Answers1

1

This doesn't match up:

<form method="POST">
    <br/>Add yourself to this journey!<br/> 
    <input type ="submit" value="Sign up for this Journey"/>
</form>

And:

if (isset($_POST['submit'])){
    mysql_query($insert_passenger);
}

You need to assign a name to your submit button for that if statement to be true:

<input type="submit" name="submit" value="Sign up for this Journey"/>

...and you'll need to pass those variables into the action of your form to be able to use them in the $_GET superglobal.

<?php
$your_id = // define your id here, I assume in your insert query this should just be null.
$user_id = // define your user id here however you're getting it... sessions...?
?>
<form method="POST" action="?id=<?=$your_id?>&user_id=<?=$user_id?>">

NOTE: if your id and user_id variables are coming from sessions, cookies etc or anything that can be retrieved in the script doing the insert, definitely do it there instead of passing it through an HTML form when you don't need to.

Usually when inserting data with MySQL, the relevant id column will be set to auto_increment, and you either wouldn't pass in a value for it or you'd pass in null so you let it assign its own value. You should probably be doing that here (although I don't know your situation at all):

$insert_passenger = "INSERT INTO `passenger_journey` VALUES (null,'" . mysql_real_escape_string($_GET['user_id']) . "')";

Side note: Not only is the fact that mysql* is deprecated going to cause you trouble, but this script is vulnerable to SQL injection and XSS.

Docs/more info:

scrowler
  • 24,273
  • 9
  • 60
  • 92