Storing variables in variables(PHP related)

UGN Security

Okay check it out. I am stuck and ready to pop. Here is what I am doing.

I created a database in mySQL for all types of elements. Then a database for all data to go with these elements. And finaly a database to store user feedback. 3 databases.

Code

$query1 = mysql_query(SELECT * FROM ELEMENTS TABLE Where this = '$that');
     While($query12 = mysql_fetch_array($query1)){
          $var_for_next_query = $query12[colum_name];
     }

$query2 = mysql_query(SELECT * FROM DATA_TABLE Where this = '$var_for_next_query');
     While($query22 = mysql_fetch_array($query2)){
          $var_for_next_query2 = "'".$query22[colum_name].",'";

$query3 = mysql_query(SELECT * FROM $var_for_next_query2 Where this = 'true');
     While($query32 = mysql_fetch_array($query3)){
          $var_for_next_query3 .= "'".$query32[colum_name]."',";
     }

Now... This puts all data into an array in the final while statement. If the SQL is dorked up forget about it. The sql in my script is fine and this is not an exact copy. I put this here so you get a general idea. Here is the bulk of my issue.

$var_for_next_query3 now holds 92 values. That is to say it is an array with 92 values to it. I want to just slap all values into a sql insert statement but can seem to do it. Instead it give me the variable names.

Code

$dg = mysql_query(insert into Table set($var_for_next_query2)VALUES($var_for_next_query3));

Here is what I get.

http://www.tradebikes.com/forms/bike_forms/input.php?biketype=3

If you submit you should see something like this

Code

$dg = mysql_query("INSERT INTO 
Bikes(Manufa_brand, fram_size, frame_mat, 
frame_brk_boss, frame_dropout_type, 
frame_headtube_diameter, frame_mod, fork_brand,
fork_siz, fork_material, fork_travel, 
fork_head_dia, frk_brk_boss_typ, fork_dropout_typ,
 fork_mod, headset_brand, head_tub_diam, 
headset_mod, shift_mod, sifter_brd, drivetrain,
 brk_sys_mod, brk_sys_man, Brake_lever_brd, 
Brake_lever_mod, brake_calpr_brnd, brake_cal_mod,
 brake_Disk_size, brake_disk_model, 
brake_disk_manufac, brake_sys_cnfg, stem_mod, 
stem_brd, stem_mat, handle_mod, handle_bar_brnd, 
handle_mat, handlebar_type, f_derail_mod, 
f_derail_brd, f_drail_typ, f_derail_materi, 
r_derail_mod, r_derail_brd, r_derail_typ, 
r_derail_materi, casset_mod, casset, cassette_typ,
 cassette_materi, pdl_mod, pdl_brd, pdl_typ, 
pdl_materi, bottom_mod, bottom_brd, bottom_typ, 
botom_material, crank_mod, crank_brd, crank_siz, 
crank_typ, chainten_mod, chainten_man, 
chainten_siz, wheelset_model, wheel_brand_name, 
wheel_config, rim_hole_count, hub_model, 
hub_brand, hub_typ, rim_model, rim_brand, 
rear_wheel_mod, rear_wheel_manu, rear_wheel_cnfg,
 rear_wheel_hol_cnt, rear_hub_mod, rear_hub_manu, 
rear_hub_typ, rear_rim_mod, rear_rim_manu, 
axle_model, axle_brand, axle_size, grip_model, 
grip_manu, grip_typ, sadle_mod, sadle, seat_post, 
Valid_use, time_made, ip_addy, type) 
VALUES('$manufac', '$siz', '$frame_mat', 
'$fram_brk_boss', '$fram_dropout_type', 
'$headtub_diam', '$fram_model', '$fork_manufac', 
'$fork_size', '$fork_materi', '$fork_trav', 
'$frk_head_dia', '$frk_brk_boss', '$drop_typ', 
'$fork_model', '$head_man', '$head_tube_diam', 
'$headset_model', '$shift_model', 
'$shift_manufact', '$drivetrain_shift', 
'$brake_sys_model', '$brake_sys_manufac', 
'$brake_lever_manufac', '$brake_lever_model', 
'$brake_calip_manufac', '$brake_calip_model', 
'$brake_disk_size', '$brake_disk_model', 
'$brake_disk_manufac', '$brake_sys_cnfg', 
'$stem_model', '$stem_manufac', '$stem_mater', 
'$handlebar_model', '$handlebar_model', 
'$handlebar_mater', '$handlebar_type', 
'$front_derail_model', '$front_derail_manufac',
 '$front_derail_type', '$front_derail_mater', 
'$rear_derail_model', '$rear_derail_manufac', 
'$rear_derail_type', '$rear_derail_mater', 
'$cassette_model', '$cassette_manufac', 
'$cassette_type', '$cassette_mater', 
'$pedal_model', '$mtn_pedals', '$pedal_type', 
'$pedal_material', '$bbracket_model', 
'$bbrack_manufac', '$bbracket_typ', 
'$bb_material', '$crankset_model', 
'$crankset_manufac', '$crankset_size', 
'$crankset_type', '$chainten_model', 
'$chainten_manufac', '$chainten_size', 
'$front_wheelset_model', 
'$front_wheelset_manufac', 
'$front_wheelset_config', 
'$frt_wheelset_hole_cnt', '$frnt_hub_model', 
'$front_hub_manufac', '$frnt_hub_type', 
'$frnt_rim_model', '$frnt_rim_manufac', 
'$rear_wheelset_model', '$rear_wheelset_manufac', 
'$rear_wheelset_config', 
'$rear_wheelset_hole_cnt', '$rear_hub_model', 
'$rear_hub_manufac', '$rear_hub_type', 
'$rear_rim_model', '$rear_rim_manufac', 
'$axle_model', '$axel_manufac', '$axle_sixe', 
'$grip_model', '$grip_manufac', '$grip_type', 
'$saddle_model', '$saddle_manufac', 
'$saddle_materi', 
'59','1112110178','159.67.20.48', 
'3')")

This is exactly how it inserts into the database. with the '$saddle_model'. So for the $1,000,000 question. How can I get all the variables to dissplay thier values encased in 1 variable?

See all form elements on

http://www.tradebikes.com/forms/bike_forms/input.php?biketype=3

are dynamically made using PHP and MySQL. So...

Code

<input type="from database" name="from database">

same with select tags(drop down menus).

So on the submit page I thought I might beable to just hit the database and get the variable names, slap a "$" in front of them. But for some reason it is not working... Here is my actual code minus login info

Code

 
}else if($cmd == "submit"){
$my_count = 0;


		$password = "psswd";
		$username = "login";
		$db = "db_name";
		$dbh=mysql_connect ("localhost", $username, $password);
		mysql_select_db($db); 
		
	$dg = mysql_query("SELECT * from table WHERE id = '$biketype'");
		While($dg2 = mysql_fetch_array($dg)){
		   	$bike_name_short = $dg2['name'];
		}
		
	$set_up = mysql_query("SELECT * FROM table2 WHERE $bike_name_short = 'true' order by id");
		While($set_up2 = mysql_fetch_array($set_up)){
			$part_group = $set_up2['name'];
			$section_title = $set_up2['user_view'];

			$part_list = mysql_query ("SELECT * FROM $part_group WHERE $bike_name_short = 'true'");
				While($part_list2 = mysql_fetch_array($part_list)){
					$first_variable_name = "\$".$part_list2['form_name']."";
					$ad_db_field .= "".$part_list2['the_ads_table'].", \n";
					$variable_name .= "'$first_variable_name',  \n";
				}
		}

$test_var = "$variable_name";
echo "
<hr>$test_var<hr>


";



$date_epoch = date("U");
echo "<hr color=\"red\"><hr color=\"red\">\$dg = mysql_query(\"INSERT INTO Table3($ad_db_field Valid_use, time_made, ip_addy, type) VALUES
($variable_name '$my_sess[5]','$date_epoch','$REMOTE_ADDR', '$biketype')\")<hr color=\"red\"><hr color=\"red\">";

mysql_close();
		$password = "psswd";
		$username = "login";
		$db = "wethe_ads";
		$dbh=mysql_connect ("localhost", $username, $password);
		mysql_select_db($db);

$dg = mysql_query("INSERT INTO table3($ad_db_field Valid_use, time_made, ip_addy, type) VALUES($variable_name '$my_sess[5]','$date_epoch','$REMOTE_ADDR', '$biketype')");
if($dg){
echo "good";
}else{
echo "fail";
echo "

".mysql_error();
}
}

Any help and I will love you forever.

No takers hu? Thats cool. I never did figure this out. If anyone runs into this post here and maybe we can disscuss it then.

Ummm, couple of things...

I'm pretty sure you can't insert multiple rows at one time, and certainly the SET command isn't to be used for an INSERT.

Your code should spit out a tremendous amount of parse errors...
What you pasted had like no quotes...

Umm,
$query12[colum_name];
What is colum_name? PHP will default it as an empty constant or NULL... which in turn would cause some kind of no-matching-key-for-this-array-error.

Code

$query1 = mysql_query("SELECT * FROM ELEMENTS TABLE Where this = '$that'");
     While($query12 = mysql_fetch_array($query1)){
          $var_for_next_query = $query12[colum_name];
     }

Right here.... You've looped through all the resulting rows of your query... And set it to some undefined value, I assume you wanted to add them to the existing variable not just reset the variable? or, you probablly want to ditch that last } and put it somewhere below the following.

Code

$query2 = mysql_query("SELECT * FROM DATA_TABLE Where this = '$var_for_next_query'");
     While($query22 = mysql_fetch_array($query2)){
          $var_for_next_query2 = "'".$query22[colum_name].",'";

$query3 = mysql_query("SELECT * FROM $var_for_next_query2 Where this = 'true'");

umm... That last query, you've got a (VAR)CHAR column that is equal to true? A boolean (TINYINT(1)) is probablly better, then you could just drop the 's.

Code

     While($query32 = mysql_fetch_array($query3)){
          $var_for_next_query3 .= "'".$query32[colum_name]."',";
     }

um.. Again the colum_name thing.... and you don't do anything with your newly constructed list? This is also where you probablly want the }. If you come on IRC sometime, hopefully my connection won't suck [censored] and I can offer some better help.. Still not quiet clear what you're trying to do, and there is surely a more efficient way.

uh what the [censored]. I think I broke the forum

Quote:

Originally posted by Neo:
Ummm, couple of things...

I'm pretty sure you can't insert multiple rows at one time, and certainly the SET command isn't to be used for an INSERT.

Your code should spit out a tremendous amount of parse errors...
What you pasted had like no quotes...

It dosen't because I never used the SET command... Where did you get that?

Quote:

Originally posted by Neo:
Ummm, couple of things...
Umm,
$query12[colum_name];
What is colum_name? PHP will default it as an empty constant or NULL... which in turn would cause some kind of no-matching-key-for-this-array-error.

In my script I do use the colum name

Quote:

Originally posted by Neo:

Code

$query1 = mysql_query("SELECT * FROM ELEMENTS TABLE Where this = '$that'");
     While($query12 = mysql_fetch_array($query1)){
          $var_for_next_query = $query12[colum_name];
     }

I am grabbing 1 row here. I actually only need 1 colum in 1 row. This is just to start the ball rolling. It depends on what the user choses when going to this page.

Here is the deal. It is for a bike ad. Every type of bike you can imagine. Now a motian bike dose not have the same parts as a BMX right? So this first query is to determin wich type of bike we are talking about. The next will grab a parts list for that bike. The PHP then in 5 lines of code generates a form for every part on said bike broken up into sections.

Let me back up....

before we get to the storing of user data portion of this script I create a form. Link below, but you will need to login first to get it to work right.

http://www.tradebikes.com/forms/bike_forms/input.php?biketype=3

Now this whole form is made with 5 lines of PHP. Eat your heart out. Now lets look at a form element

Quote:

Originally posted by Neo:

Code

$query2 = mysql_query("SELECT * FROM DATA_TABLE Where this = '$var_for_next_query'");
     While($query22 = mysql_fetch_array($query2)){
          $var_for_next_query2 = "'".$query22[colum_name].",'";

$query3 = mysql_query("SELECT * FROM $var_for_next_query2 Where this = 'true'");

umm... That last query, you've got a (VAR)CHAR column that is equal to true? A boolean (TINYINT(1)) is probablly better, then you could just drop the 's.

Code

     While($query32 = mysql_fetch_array($query3)){
          $var_for_next_query3 .= "'".$query32[colum_name]."',";
     }

Wrong...

um.. Again the colum_name thing.... and you don't do anything with your newly constructed list? This is also where you probablly want the }. If you come on IRC sometime, hopefully my connection won't suck [censored] and I can offer some better help.. Still not quiet clear what you're trying to do, and there is surely a more efficient way. [/QB][/QUOTE]

Code

$dg = mysql_query(insert into Table set($var_for_next_query2)VALUES($var_for_next_query3));

yep... That is where I got the SET command, and I can't very well help you if you don't post the actual code being used, other wise I might falsly assume something.

check your PM's