Var not affected on mysql

Question

Good morning all !

I have a problem with a var in my code :

    <?Php
error_reporting(E_ALL);
  //Si IP correspond pas au PC autorisé, on retourne au debut.
  include "./_protection.php";
  $data='';
  $rep='';
  $requete='';
  $val = '';
  $Reference= '';

echo '<h2><u>Commander des pièces</u></h2><br>';

/*****************************************************************************************************
 *                                  AJOUT DE PIECE DANS LA BASE DE DONNEES
 *****************************************************************************************************/

  if(@$_POST['action'] == "ajouter")
  {
    if(!empty($_POST['choix'])){    
        foreach($_POST['choix'] as $val){
            $Reference.="$val,"; 
        }

    //Injection dans la base SQL
    include "./../connexion.inc";
    mysql_query("INSERT INTO `tbl_commandes` ( `id`, `Eleve`, `Reference`, `Quantite`, `Date`, `Statut` )
VALUES ( '', '".$_POST['Eleve']."', '".$_POST['Reference']."', '".$_POST['Quantite']."', '".$_POST['Date']."', '".$_POST['Statut']."' )");
    mysql_close();
    }
  } 


/*****************************************************************************************************
 *                                  FORMULAIRE POUR L'AJOUT DE PIECE
 *****************************************************************************************************/
echo '
<fieldset>
    <legend>Commander des Pièces</legend>
    <FORM action="./?page=commande_piece_full_php" method="POST">
        <p align="left">
        <H2>Pièces :</h2>
        <br>';
        echo $Reference;
        include "./../connexion.inc";
        $rep = mysql_query("SELECT id_categorie_piece, categorie_piece FROM tbl_categorie_piece ORDER BY categorie_piece");
        mysql_close();
        include "./../connexion.inc";
        while($data = mysql_fetch_array($rep))
            {
            echo $data['categorie_piece'];
            echo '<br>';
            $requete = $data['id_categorie_piece'];
            $reponse = mysql_query("SELECT id_piece, piece FROM tbl_piece WHERE idr_categorie_piece='$requete' ORDER BY piece");
            while($donnees = mysql_fetch_array($reponse)){
                ?> <input type="checkbox" name="choix[]" value="<? echo $donnees['id_piece'] ?>"><? echo $donnees['piece'] ?><br> <?
                }
            echo '<br>';
            }
        mysql_close();
echo '
    Elève : 
    <select name="Eleve">';
        include "./../connexion.inc";
        $reponse2 = mysql_query("SELECT id_client, client FROM tbl_client ORDER BY client");
        while($donnees2 = mysql_fetch_array($reponse2))
        {
            ?> <option value="<? echo $donnees2['client'] ?>"><? echo $donnees2['client'] ?></option> <?
        }
        mysql_close();
    echo '
    </select>
    <br>
    Date souhaitée : <input type="textbox" name="Date">
    <br>
    Quantité : <input type="textbox" name="Quantite">
    <br>
    <input type="submit" value="ajouter">
    <input type="hidden" name="action" value="ajouter">
    </form>
</fieldset>';

?>

my var $reference is Ok, i can echo $reference; and get the content rightly BUT when i wanna send $reference to my mysql table .. that doesn't send it When i submit, i get this notice from the parser : Notice:

Undefined index: Reference in /home/bddstock/www/admin/commande_piece_full_php.php on line 27

but when it is submited i get the right content in my echo line under PIECES so i really don't understand .. can someone help me ?

Answer 1

Change your insert statement to

mysql_query("INSERT INTO `tbl_commandes` ( `id`, `Eleve`, `Reference`,    
`Quantite`, `Date`, `Statut` )
VALUES ( '', '".$_POST['Eleve']."', '".$Reference."', '".$_POST['Quantite']."', '".$_POST['Date']."', '".$_POST['Statut']."' )");

i.e change $_POST['Reference'] to $Reference as you have not posted this field and it seems you derive it from looping $_POST['choix'].

Note : use mysqli instead of mysql and refer How can I prevent SQL injection in PHP?