PHP coding help

[Admin]

Any PHP wizards out there?

I am a newbie to this but building my first input form in PHP to a MySQL database.

The fields I have in my form are:

$sql = "INSERT INTO item (id,domain,ccy,Sale_Price,UK_Price,Source,Month,Category,Keyword) VALUES ('$id','$domain','$ccy','$Sale_Price','$UK_Price','$Source','$Month','$Category','$Keyword')";

3 things I need help with.

"Id" is a unique key with gets created and incremented automatically, so do I need to include this in the form? and just leave it blank?

Secondly, "domain" is set to unique also, how do I handle it in the form to tell me if the domain already exists in the DB?

I want to have drops down lists for a couple of fields (currency for example) how do I do this?

Many thanks

 

[Jeewhizz]

OK,

several things...

1) No need to include the id at all in the query, it'll be inserted automatically for you if you have the field set to autoincrement.

2) if domain is truely going to be unique, then if you enter a duplicate, the row will not be entered, and you will get an error. A way to circumvent this is to use:

INSERT IGNORE INTO table(field1,field2) VALUES ('...','...')

3) For drop down lists, I tend to make an array with the data:

$ccy = array(1=>"GBP","EUR","USD");
foreach($ccy as $num=>$value) {
echo "<option value='$num'>$value</option>";
}

Then you store the number of the currency in teh DB. In the above example, you will have 1 for GBP, 2 for EUR etc. Storing as numbers is more efficient.

By and large, the worst thing you are doing wrong isn ot excaping the data (so it seems).

Every variable you sent to a query needs to be escaped:

$domain = mysql_real_escape_string($domain);

Jee

 

[Admin]

OK thanks for the quick reply, I will scratch my head for a while over this and see what I can do!

:t