0

I want the user choose a table name in mysql database and then I can add a data by textbox of a form inside the field. I used PHP $_POST[ ] to send table name to the adding form. but in the adding form; when I submit the add button; the table name has been lost. I have searched a lot and tested session and constant to hold the table name value; but didn't get the desired result.

Any help will be greatly appreciated.

here is the code of the page which selecting the table name:

<form action="change_products.php" method="post" name="select_table">
<select name="edit_products" >
<option <?php if($_POST['edit_products'] == "cabin") echo "selected='selected'"; ?> value="cabin">Cabin case</option>
<option <?php if($_POST['edit_products'] == "cabin_door") echo "selected='selected'"; ?>   value="cabin_door">Cabin door</option>
</select>
<input type="submit" value="OK">
</form>

and this is the code of the adding form in "change_products.php" page.

<?
include('functions.php');  //the database info
define('selected_table', $_POST['edit_products']);
?>

<form method="post">

<table>

    <tr>
    <td>Mark:</td>
    <td><input type="text" name="mark" /></td>
    </tr>


    <tr>    
    <td><input type="submit" name="add" value="New" /></td>
    </tr>
</table>




<?
if (isset($_POST['add']))
{
$mark=$_POST['mark'];
mysql_query("INSERT INTO ".selected_table." (mark) VALUES ('$mark')"); 
}
?>

</form>
Truth
  • 1
  • 1
    *sidenote:* stop using deprecated `mysql_*` functions. use MySQLi or PDO instead. – Raptor Oct 29 '13 at 03:06
  • *sidenote:* your code is subjected to SQL Injection attack, as you directly allow POST values to be inserted in your query. – Raptor Oct 29 '13 at 03:06
  • This is dangerously bad code. Never, **ever** put unescaped `$_GET` or `$_POST` data directly in a query. – tadman Oct 29 '13 at 04:17
  • @ShivanRaptor; I tried out of `if(isset($_POST['add']))` to run the query; but the main issue is regard to losing the table name by clicking the add button. is MySQLi or PDO applicable to solve the issue? may you guide me more? Thanks in advance... – Truth Oct 29 '13 at 08:28
  • MySQL , MySQLi , PDO are PHP libraries for MySQL database. They work similar. The latter two provides more features than the deprecated first one. Therefore, They are NOT applicable to solve the issue. – Raptor Oct 29 '13 at 08:30
  • try to `var_dump($_POST);` in change_products.php, after the `define` line. – Raptor Oct 29 '13 at 08:31
  • @tadman; So; Please give an applicable solution. – Truth Oct 29 '13 at 08:32
  • @ShivanRaptor; I try `var_dump($POST);` too. but nothing happened. I can remove `if(isset($_POST['add']))` and refresh the page to add the record; but it will be empty regard to wouldn't submit the add button. – Truth Oct 29 '13 at 08:58
  • should be `var_dump($_POST)` instead of `var_dump($POST)`. They are different. – Raptor Oct 29 '13 at 10:41
  • yes; I tried `var_dump($_POST)` . sorry about the mistake in typing here. – Truth Oct 29 '13 at 11:38
  • @ShivanRaptor; any other solution?! – Truth Oct 29 '13 at 18:41
  • if you can't `var_dump`, that means your POST request has problem. review your codes. – Raptor Oct 30 '13 at 00:21

1 Answers1

0

You didn't set $_POST['add'], thus, the last part of PHP code in change_products.php does not run.

Raptor
  • 53,206
  • 45
  • 230
  • 366