0

I am on point where I have to usk on forum.

So, I have an array that is my return from join table sql query. i am displaying it correctly without the problem.

but some of those values I want to put in different table of mysql database. $array = joint_table(); $array_value = array['key'];

I can echo array_value and it's displaying correctly, also checked variable type and it returns STRING.

however when I am inserting it into the table, it's empty cell. I am inserting other stuff like date() and such and that is inserted correctly. So my sql query works fine, besides I am using same query in other places without problem.

Only values I have from that array are not inserting, but still can echo them. 

    <?php
  $page_title = 'Complete Task';
  require_once('includes/load.php');
  // Checkin What level user has permission to view this page
  page_require_level(2);
  $task = join_task_table((int)$_GET['id']);

?>

<?php
 if(isset($_POST['complete_task'])){
   $area = $task['area'] ;
   $jig = $task['jig'];   
   $desc = $task['description'];
   $freq = $task['freq']; 
   $date = make_date();
   $user = current_user();
   $user_done = remove_junk(ucfirst($user['name'])); 
   $comment   = remove_junk($db->escape($_POST['comment']));
   if(empty($errors)){
      $sql  = "INSERT INTO tpm_history (area_name,jig_name,description,frequency,date_done,done_by_user,comment)";
      $sql .= " VALUES ('{$area}','{$jig}','{$desc}','{$freq}','{$date}','{$user_done}','{$comment}')";
       $result = $db->query($sql);
               if($result && $db->affected_rows() === 1){
                 $session->msg('s',"Job Completed");
                 redirect('home.php', false);
               } else {
                 $session->msg('d',' Sorry failed to complete the task!');
                 redirect('task_complete.php?id='.$task['id'], false);
               }

   } else{
     $session->msg("d", $errors);
     redirect('task_complete.php?id='.$task['id'],false);
   }

 }

?>

I am lost. Help.

uneasy
  • 343
  • 1
  • 10
  • Do you think it would be a good idea to show us your code? I would! As an explanation, no matter how clear will not allow us to understand exactly what you are doing – RiggsFolly Apr 20 '18 at 15:28
  • 1
    Without your code, we're lost too. – aynber Apr 20 '18 at 15:28
  • I added it to main post. sorry – uneasy Apr 20 '18 at 15:32
  • 1
    Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Apr 20 '18 at 15:34
  • You are using some sort of framework, which one – RiggsFolly Apr 20 '18 at 15:35
  • he aint using a framework, i'll bet he's using a CMS like wordpress – delboy1978uk Apr 20 '18 at 15:36
  • it's not framework. most of it is written by me. whole thing is not in public network. I am beginning in php as well, so whole thing porobably can be done better. but this is what I have for now. It's doing most of the stuff I want. – uneasy Apr 20 '18 at 15:37
  • echo $sql ; exit; how does it look? – delboy1978uk Apr 20 '18 at 15:41
  • good point. I did that and it looks like it should with all proper strings. so it means it's something not right with my table I guess. However, when I change one of the variables to "TEST" e.g. it inserts it properly. – uneasy Apr 20 '18 at 15:47
  • I ahve noticed, that array "task" it's not passed to my if post part. but why ? – uneasy Apr 20 '18 at 16:32
  • I fixed it. in my form, I had action = and name of the page I was on. I don't really understand why, but leaving it empty fixed the problem. – uneasy Apr 20 '18 at 16:42

0 Answers0