Combining multiple rows from table 1 with 2 inputs and a session ID in table 2 on If(Isset)

Question

Okay i have looked through most of the web for the past 2 days, and i can't find anything that brings me closer to a solution. So now i'm asking you guys.

I am creating a ''Library'' system with login, reservations and what not.

I am stuck on the part where i have to attach data on an item to a unique user ID. The idea i had was to take data from table 1, add in 2 input fields and the $_Session[''] and store it together as one row in a seperate table. This is the code i've got so far:

(Sensitive information is changed to something with bunny.)

<?
$MA = $_SESSION['MA_NR'];
$Bunny_Nr = $_POST['Skriv_Bunny'];
$Ordre_Nr = $_POST['Skriv_VO'];
$Ordre_Nr_sub = $_POST['Submit_VO'];

if(isset($Ordre_Nr_sub));
{

    $Bunny ="SELECT Bunny_No, 
                        Serie_No, 
                            Model, 
                                Kal_Frekvens, 
                                    Sidste_Kal,
                                        Næste_Kal 
                                            FROM Cluster
                                                WHERE Bunny_No = '$bunny_Nr'";
    $Result2= mysqli_query($conn, $Bunny);
    $Row2 = mysqli_fetch_assoc($Result2);
    $SQLinto ="INSERT INTO Udlaan (Bunny_No, 
                                        Serie_No, 
                                            Model, 
                                                Kal_Frekvens, 
                                                    Sidste_Kal, 
                                                        Næste_Kal, 
                                                            Laaner, 
                                                                Ordre_No) 
                                VALUES(" . $Row2['0'] .", 
                                            ".$Row2['1'].", 
                                                ".$Row2['2'].", 
                                                    ".$Row2['3'].", 
                                                        ".$Row2['4'].", 
                                                            ".$Row2['5'].", 
                                                                ".$MA.", 
                                                                    ".$Ordre_Nr.")";}
    $Result_into = mysqli_query($conn, $SQLinto);
?>

Your code is vulnerable to SQL injection, please have a look to http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — rap-2-h, Dec 22 '16 at 09:10
I know it is, but it doesn't matter, the system is being set up behind locked doors on a closed network :-) But i will take a look at it, since i still need to learn about SQL injection :-) — D3nj1, Dec 22 '16 at 09:12
I'm not too sure what the question is here. Apart from the SQL injection issues, you are using $Row2['0'], etc. when you should be using $Row2['Bunny_No'], etc. (enclosed in single quotes where applicable) — JustBaron, Dec 22 '16 at 09:21
The question is that i don't get an error message and no data is getting into table 2 (Udlaan) not even the $_Session["] nor the $Ordre_Nr. I will try changing the $row['0'] and return with a result — D3nj1, Dec 22 '16 at 09:25
@D3nj1 also, your $Result_into is outside your if statement. Try turning on error_reporting — JustBaron, Dec 22 '16 at 09:27
Chaning $row2['0'] to $row2['Bunny_No'] didn't change anything :( — D3nj1, Dec 22 '16 at 09:28
I have moved the ''}'' to after $Result_into. still no change :( — D3nj1, Dec 22 '16 at 09:31
@D3nj1 before you attempt the insert, check to see if all variables are valid. Make sure that you also have INSERT GRANT for mysql user/table — JustBaron, Dec 22 '16 at 09:35
@D3nj1 also try changing $bunny_Nr to $Bunny_Nr in your SELECT query — JustBaron, Dec 22 '16 at 09:38
echo out the variables before the INSERT. Check to see if the values are all present. Without seeing the database schema, it's tricky to know if any of the columns are required/data type/etc. — JustBaron, Dec 22 '16 at 09:46
I tried echoing it out by commenting out the insert statement and adding echo $Result2; (Nothing showing) Then echo $Row2; (Nothing showing). So i suspect that it is higher up in the code that it disconnect from the rest. I do have a query higher up that is supposed to echo out the info i collect from the script in a table. Could that disconnect the rest of the script? — D3nj1, Dec 22 '16 at 10:31
@justbaron I found a small error the start php tag was wrong, now i'm getting Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in 'the line with $Row2= mysqli_fetch_assoc($Result2); What could cause this? — D3nj1, Dec 22 '16 at 11:00
@D3nj1 That's what error reporting/debugging is for. Read up about mysqli functions and correct your code. — JustBaron, Dec 22 '16 at 11:03
@justbaron The thing is that i have a seperate document with somewhat the same code for the query and it works, and i really can't seem to figure out what is wrong with this code. I couldn't be that what i'm trying to do is impossible right? — D3nj1, Dec 22 '16 at 11:35
@D3nj1 No, not impossible. But if you have a similar scrip that works, troubleshoot the problem, step by step. — JustBaron, Dec 22 '16 at 11:38
@justbaron I've added in $Checker = mysqli_num_rows($Result2); under the $Result2= mysqli_query. and echoing it out, it gives me 1 , so the script picks up 1 piece of data (probably the $_SESSION['']. So i'm getting there. Now i just have to figure out why the hell it won't return with all of the rows even if i give the input an exact value from table 1 -.-'' — D3nj1, Dec 22 '16 at 12:08
@justbaron I love you man. Apparently it returns all of the collums. But it still doesn't insert anything into table 2. So the problem is not what i thought it was... — D3nj1, Dec 22 '16 at 12:17
@D3nj1 so your SELECT query is working. Now you need to test/fix your INSERT query into Udlaan. Echo out the $SQLinto query before executing it, you may need to escape the values with single quotes. — JustBaron, Dec 22 '16 at 12:21
The first thing i think of when i echo out the $SQLinto is: 2022, 12, 4/25/2013, 4/25/2014, $MA, $Ordre_Nr . Those values are exact but it echoes out the variables of $MA and $Ordre_Nr. Shouldn't those 2 have the values of them aswell? — D3nj1, Dec 22 '16 at 12:28
@justbaron Hey could you look at this post? it's with the same problem but i tried something else. http://stackoverflow.com/questions/41427789/inserting-into-database-doesnt-work-tried-multiple-ways?noredirect=1#comment70060941_41427789 — D3nj1, Jan 02 '17 at 13:41
@D3nj1 I still suggest you post your full code. My hunch is that you still need to do some troubleshooting. Echo all of your variables to see if you are inserting the expected values. As a test, I would create a simple PHP file with JUST the insert script with actual values (not the PHP variables). Make sure you escape all the values. Check to see if the insert works. If it doesn't then it has nothing to do with your code and it's either the insert permissions or the values themselves. If it does, then your original PHP code has an error. Full code and DB schema would be helpful. — JustBaron, Jan 02 '17 at 14:23
@justbaron I managed to find a solution, you actually helped a lot believe it or not ^^ It was the values that didn't match with the variables, but it was hidden very well that it was wrong, i had to rewrite my script to make it work, since when i escaped my arrays got converted into strings and combined as one big array inside a string. That's why it choked. But i got it all figured out now ^^ — D3nj1, Jan 03 '17 at 09:20
`'$Array_Merge[Bunny_No]', '$Array_Merge[Serie_No]', '$Array_Merge[Model]', '$Array_Merge[Kal_Frekvens]', '$Array_Merge[Sidste_Kal]', '$Array_Merge[Next_Kal]', '$Array_Merge[0]','$Array_Merge[1]')";}}` This is what the values had to look like to make this work ^^ — D3nj1, Jan 03 '17 at 09:25

Combining multiple rows from table 1 with 2 inputs and a session ID in table 2 on If(Isset)

0 Answers0