Hi Guys.
Writing a custom addon for my project.
I need a form that will post its data to the DB.
Ive created the form:
<FORM action="input.php" method="post">
INPUT:
<input type="hidden" name="ID" value="' . $listingID . '"><input type="text" name="bid" />
<input type="submit" />
</form>

This works perfectly and grabs the Listing ID.

Is it possible now to post the results to input.php and use the $listingID within the SQl statement on input.php?
<?php
$con = mysql_connect("localhost","USERNAME","PASSWORD");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("DATABASE", $con);

$sql='INSERT INTO default_en_listingsdbelements (listingsdbelements_field_name, listingsdbelements_field_value)
VALUES
('bid','$_POST[bid]') WHERE (listingsdb_id = '$_POST[ID]')';

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "SUCCESS!!";

mysql_close($con)
?>

But this doesnt work :( I need WHERE (listingsdb_id = '$_POST[ID]')'; to find the current listing ID, and post [bid] into the listingsdbelements_field_value and bid as the listingsdbelements_field_name.

Any help?

One possible problem might be the use of quotes. I've changed the sql quotes. Another problem might be the carriage returns in the sql string. sql can be quite fussy about these things. See below.

<?php
$con = mysql_connect("localhost","USERNAME","PASSWORD");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("DATABASE", $con);

$sql= "INSERT INTO default_en_listingsdbelements (listingsdbelements_field_name, listingsdbelements_field_value) VALUES ('bid','$_POST[bid]') WHERE (listingsdb_id = '$_POST[ID]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "SUCCESS!!";

mysql_close($con)
?>

You want to use string concatenation at the very least:
http://actionscript.org/forums/showpost.php3?p=713385&postcount=6

But ideally you want to avoid using the mysql functions directly, and instead use an in-between layer like PearDB or PHP ADOdb with variable binding. It's easier to use and has a way lower risk of sql injection security exploits (which attackers can use to steal all your data or destroy your entire database).

Hi jsebrech,

Could you provide some links to documentation, tutorials and information about this? It'd be really helpful.

Thanks.

I'd suggest going with pear db, since it's the most standard of the database abstraction layers:

http://codepoets.co.uk/doc/php_pear_quickstart_database_web_applications
http://www.evolt.org/article/Abstract_PHP_s_database_code_with_PEAR_DB/17/21927/index.html

The first link explains how to use prepared statements to avoid sql injection.

If you haven't used any PEAR code, this should get you up and running quickly:
http://pear.php.net/manual/en/installation.php