Adding fields to a table for Dreamweaver-generated code

I have an input form with data that is loaded into a MySQL database named "fixmedicare." I want to also include the IP address and time and date, which of course does not come from the form.  I have tried vaious ways of inserting "$REMOTE_ADDR" and "now()" into the code.

Here is the code that Dreamweaver generated:

==============================================================
  $insertSQL = sprintf("INSERT INTO fixmedicare (firstName, lastName, pswd, emailadd, catagory, userGroup)        VALUES (%s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['firstName'], "text"),
                       GetSQLValueString($_POST['lastName'], "text"),
                       GetSQLValueString($_POST['pwd'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['catagory'], "text"),
                       GetSQLValueString($_POST['userGroup'], "text"));

  mysql_select_db($database_conn_fixmedicare, $conn_fixmedicare);
  $Result1 = mysql_query($insertSQL, $conn_fixmedicare) or die(mysql_error());
===============================================================

Sure would like to learn how to do this.
--John
JeikoAsked:
Who is Participating?
 
ZylochConnect With a Mentor Commented:
Have you tried

addslashes("12345.67890.12")

Also, what is GetSQLValueString? Have you tried putting that around your IP? Because if GetSQLValueString checks for get_magic_quotes_gpc(), it may be better...
0
 
ZylochCommented:
Hi Jeiko,

Assuming you have the fields IP and JOINED, you would have something like this:

$insertSQL = sprintf("INSERT INTO fixmedicare (firstName, lastName, pswd, emailadd, catagory, userGroup, IP, Joined) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['firstName'], "text"),
                       GetSQLValueString($_POST['lastName'], "text"),
                       GetSQLValueString($_POST['pwd'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['catagory'], "text"),
                       GetSQLValueString($_POST['userGroup'], "text"),
                       $_SERVER['REMOTE_ADDR'],
                       date("l dS of F Y h:i:s A"));

I'm not sure if you use addslashes or something like that in GetSQLValueString(). If so, then you might consider using it for $_SERVER['REMOTE_ADDR'] and the date().


Regards,
Zyloch
0
 
JeikoAuthor Commented:
Zyloch,

You've helpd me a lot, but I have one problem.  The IP field does not like the multiple decimal points.  It's as though when it sees the first decimal point, it treats it as a floating point number and then doesn't know what to do with the next decimal point.  Here's the code I'm using that works:

========================================================
$insertSQL = sprintf("INSERT INTO fixmedicare (firstName, lastName, pswd, emailadd, catagory, userGroup, IP, dttm) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['firstName'], "text"),
                       GetSQLValueString($_POST['lastName'], "text"),
                       GetSQLValueString($_POST['pwd'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['catagory'], "text"),
                       GetSQLValueString($_POST['userGroup'], "text"),
                       "123456789012",
                       date(ymdHis));
                       

  mysql_select_db($database_conn_fixmedicare, $conn_fixmedicare);
  $Result1 = mysql_query($insertSQL, $conn_fixmedicare) or die(mysql_error());
=============================================================

If I put more than one decimal point in the string "123456789012", it fails.  It seems that the "%s" format would take care of this.

Any suggestions?

--John
0
 
JeikoAuthor Commented:
Hi Zyloch,

I finally had success with the REMOTE_ADDR.  I used the GetSQLValueString function as you suggested.  Here is the complete code for your info:

===========================================================
<?php require_once('Connections/conn_medicare.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "reg_form")) {
  $insertSQL = sprintf("INSERT INTO fixmedicare (firstName, lastName, pswd, emailadd, `state`, catagory, userGroup, IP, dttm) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['firstName'], "text"),
                       GetSQLValueString($_POST['lastName'], "text"),
                       GetSQLValueString($_POST['pwd'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['state'], "text"),
                       GetSQLValueString($_POST['catagory'], "text"),
                       GetSQLValueString($_POST['userGroup'], "text"),
                                 GetSQLValueString($_SERVER['REMOTE_ADDR'], "text"),
                                 date("ymdHis"));

  mysql_select_db($database_conn_medicare, $conn_medicare);
  $Result1 = mysql_query($insertSQL, $conn_medicare) or die(mysql_error());


  $insertGoTo = "site_map_visitor.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  //header(sprintf("Location: %s", "site_map_visitor.php"));
      header("Location: " . "new_visitor_thank_you.php");
}
?>
================================================================

Thanks for your help.
-John
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.