Inserting Value in SQL

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Inserting Value in SQL

    My head is spinning again coz im thinking why i cant insert in mySQL the input value in text box. Can anyone help me with this. If I change
    Code:
    <form method="get" action="index.php">
    to
    Code:
    <form method="post" action="index.php">
    the input will save in sql but it will not return any search result.
    Heres the code:
    Code:
    <form method="get" action="index.php">
        <div>
        <input type="text" name="search"/>
        <input type="submit" value="<?=$lang[Search]?>"/>
        <input type="hidden" name="source" value="some_value"/>
        </div>
        </form>
        <div>
        <b>Some Project</b><br/>
        <?php
        $search=$_POST["search"];
        $spaces = str_replace(" ","",$search);
        if($spaces != "" && $search != "") {
        $spacez = str_replace(" ","",$search);
        $kill = str_replace("'","",$search);
        if(strlen($search) < 26) {
        if($spacez != "" && $search != "") 
          {
            $check = mysql_num_rows(mysql_query("SELECT * FROM search WHERE query = '$kill'"));
            if($check < 1) 
          {
            mysql_query("INSERT INTO search VALUES('','$search','0')");
            } else {
            mysql_query("UPDATE search SET searches = searches+1 WHERE query = '$search'");
            }
        }
      }
    }
    Last edited by modfiles; 08.04.09, 16:58.

    #2
    try this

    shouldnt the insert query look like "INSERT INTO SEARCH (FIELDNAME1,FIELDNAME2,FIELDNAME3) VALUES(VALUE1,VALUE2,VAKLUE3)"

    iam just guessing !hope it works

    Comment


      #3
      am getin this wreong
      http://myfacepals.com
      MYFACEPALS SOCIAL NETWORKsigpic

      Comment


        #4
        ^
        your post yesterday was deleted by mods cause it was no help/nonsense/spam and you posted another one again. lol.

        nahsorhseda, that code is working fine. im just having problem with GET and POST.

        Comment


          #5
          replace
          $search=$_POST["search"];
          with
          $search=$_REQUEST["search"];

          Comment


            #6
            Originally posted by modfiles View Post
            Code:
            <form method="post" action="index.php">
            Code:
            <form method="post" action="index.php">
                <div>
                <input type="text" name="search"/>
                <input type="submit" value="<?=$lang[Search]?>"/>
                <input type="hidden" name="source" value="some_value"/>
                </div>
                </form>
                <div>
                <b>Some Project</b><br/>
                <?php
                $search=$_POST["search"];
                $spaces = str_replace(" ","",$search);
                if($spaces != "" && $search != "") {
                $spacez = str_replace(" ","",$search);
                $kill = str_replace("'","",$search);
                if(strlen($search) < 26) {
                if($spacez != "" && $search != "") 
                  {
                    $check = mysql_num_rows(mysql_query("SELECT * FROM search WHERE query = '$kill'"));
                    if($check < 1) 
                  {
                    mysql_query("INSERT INTO search VALUES('','$search','0')");
                    } else {
                    mysql_query("UPDATE search SET searches = searches+1 WHERE query = '$search'");
                    }
                }
              }
            }
            i edited your post in the quote try that
            try not to use get or request its not as secure
            Last edited by Loony; 23.04.09, 07:38. Reason: added info
            Creator of
            Epix.Mobi

            Keep an Eye on us Big things coming soon!!!!
            Need something for your site hit me up here

            http://coding-talk.com/forum/main-fo...r-your-wapsite

            Comment


              #7
              Code:
               
              
                      $check = mysql_query("SELECT * FROM search WHERE query LIKE '%$kill%'"); 
              while($sresults = mysql_fetch_array($check))
              { echo "$sresults[0] <br />"; }

              Comment


                #8
                are you insane id suggest
                Code:
                  mysql_query("INSERT INTO search VALUES('','".mysql_real_escape_string($search)."','0')");
                before someone drops ur tables

                Comment

                Working...
                X