I was wondering if i can have someone look over my statements to see where i might be screwing up. I've tested what information is being posted by echoing it and everything seems to be going through correctly, but I can't get it to physically create the appropriate records. I also do not get any errors and it goes back to the header location like the form did post.
//First we make sure there are enough licenses left to add the user
$limit = "select * from organization_seats WHERE orgid=$orgid";
$orglimit = mysql_query($limit);
$licenses = $orglimit['limit'];
$count = "select count(*) from organization_users WHERE organizationid=$orgid";
if ((!$licenses < $count)) {
echo 'You have reached the number of maximum licenses for your Organization.';
} else {
//If we have licenses left, proceed to add new user
//Populate the user table
$sql = "insert into user (firstname, lastname, title, address1, address2, country, city, state, zip, phone, mobile, birthday, username, email, password) values ('$fname','$lname','$title','$address1','$address2','$country', '$city', '$state', '$zip', '$phone', '$mobile', '$bday', '$username', '$email', '$password')";
$exec = mysql_query($sql);
//Add the user to the organization
$userid = mysql_insert_id(); //call the last ID entered into the user table first
$sql2 = "insert into organization_users(organizationid, userid, active) values ('$orgid', '$userid', $)";
$exec = mysql_query($sql2);
//recall the userid
$sql3 = "select * from user where username = $username";
$exec = mysql_query($sql3);
$newuserid = $newuserselect['id'];
//Add the user to the department
$sql4 = "insert into organization_dep_users(orgid, depid, userid) values ('$orgid', '$department', '$newuserid')";
$exec = mysql_query($sql4);
if ($exec === TRUE) {
header( 'Location: index.php' ) ;
} else {
echo mysql_error();
}
}
btw, i do have mysql_real_escape_string attached to all my variables.
1) $sql2 has an error - you are passing $ instead of an actual variable.
2) After $sql3 you are assigning $newuserid from a non-existent resource. I assume you are missing $newuserselect = mysql_fetch_assoc($exec); just before it.
3) You really need to add error checking on your queries. If the first query fails the second query will be run with an erroneous $userid, or maybe FALSE if no previous query created an id. Other problems can arise later in your code without error checking too.
4) As suggested above it is advisable to transition to pdo or mysqli.
5) Just noticed - your first select query is also trying to misuse the resource - you should be doing
$orglimit = mysql_query($limit);
$orgrow = mysql_fetch_assoc($orglimit);
$licenses = $orgrow['limit'];
6) And.... your $count won't work, you assign the query string to $count but never actually execute the query to get the number. So when you do if ((!$licenses < $count)) you are actually comparing a number to a string, not a number to a number.
Not sure what problem are you exactly facing .. but if you have copied the code correctly then I found one faulty statement
insert into organization_users(organizationid, userid, active) values ('$orgid', '$userid', $)
what is $...?
second..
$limit = "select * from organization_seats WHERE orgid=$orgid";
$orglimit = mysql_query($limit);
$licenses = $orglimit['limit'];
should be
$limit = "select * from organization_seats WHERE orgid=$orgid";
$resource = mysql_query($limit);
$orglimit = mysql_fetch_assoc($resource);
$licenses = $orglimit['limit'];
mysql_query always returns a resorce not array..
same with $sql3
Try changing these and you should be fine
SUGGESTION : please start using mysqli_* or PDO