Solution 1 :

There is a property of the mysqli object called $insert_id that will return you the id of the newly inserted row if the id column is an AutoIncrement column.

<?php
    session_start();

    //database configuratie file
    require('dbconfig.php');

    // process first query
    $sql = "INSERT INTO `tickets` 
                    (`naam`, `onderwerp`, `maker`) VALUES (?,?,?)";

    $stmt = $mysqli->prepare($sql);
    $stmt->bind_param('sss', $_POST['ticket_naam'],
                            $_POST['ticket_onderwerp'],
                            $_SESSION['username']);
    $stmt->execute();

    // retrieves the generated new id from the query above
    $new_id = $mysqli->insert_id;

    // inserts the id into another query
    $sql = "INSERT INTO `berichten` 
                        (`id`, `text`, `voornaam`,`achternaam`,`firma`) 
                VALUES (?,?,?,?,?)";
    $stmt = $mysqli->prepare($sql);
    $stmt->bind_param('isss', $new_id,
                                $_POST['bericht'],
                                $_SESSION['voornaam'],
                                $_SESSION['achternaam'],
                                $_SESSION['firma']);
    $res = $stmt->execute();
    if ($res) {
        require('email_na_ticketaanmaak.php')
        require('../procces_files/email_na_ticketaanmaak.php');
        header('Location: ../home/index.php');
    }else{
        echo "Error: " . $sql . "<br>" . $mysqli->error;
    }
?>

If you are going to redirect to another page using

header('Location: ../home/index.php');

there is no point sending this back to the page you were on, as you will never see it.

<script>alert('nieuw ticket is gemaakt');</script>

Also Your script was open to SQL Injection Attack.
Even if you are escaping inputs, its not safe!
You should consider using prepared parameterized statements in either the MYSQLI_ or PDO API’s instead of concatenated values

So I changed the code a little to use parameterised, prepared and bound queries.

Problem :

I’m struggeling with a problem and maybe someone could help me 🙂

in the first query I want to sent data to the first table which generates a id for me, at the second quary I want to retrieve that id made by the first quary, on the 3th quary I want to use that id to insert other data in a second table with the same id as the first table.

My question is this: everything is getting inserted fine except the $id, am I missing something?

<?php
    session_start();
    //declaratie sessie variabelen
    $username = $_SESSION['username'];
    $voornaam = $_SESSION['voornaam'];
    $achternaam = $_SESSION['achternaam'];
    $firma = $_SESSION['firma'];

    //database configuratie file
    require('dbconfig.php');

    //Declaratie post variabelen
    $ticnaam = $_POST['ticket_naam'];
    $ticonderwerp = $_POST['ticket_onderwerp'];
    $ticassign = $_POST['ticket_voor'];
    $bericht = $_POST['bericht'];

    //proccesing


    //procces first quary
    $sql = "INSERT INTO `tickets` 
                        (`naam`, `onderwerp`, `maker`) 
                VALUES ('$ticnaam', '$ticonderwerp', '$username')";

    //retrieves the generated new id from the quary above
    $sql2 = "SELECT id FROM tickets where onderwerp='$ticonderwerp' AND naam = '$ticnaam';";
    $result2 = mysqli_query($mysqli,$sql2);
    $id = mysqli_fetch_array($result2,MYSQLI_ASSOC);


    //insertes the id into another quary
    $sql3 = "INSERT INTO `berichten` 
                        (`id`, `text`, `voornaam`,`achternaam`,`firma`) 
                VALUES ('$id', '$bericht', '$voornaam',
                        '$achternaam','$firma')";

    //sql3 ok? user can continu
    if($mysqli->query($sql3) == TRUE) {
        require('email_na_ticketaanmaak.php')
?>
<script>alert('nieuw ticket is gemaakt');</script>
<?php
        require('../procces_files/email_na_ticketaanmaak.php');
        header('Location: ../home/index.php');
    }else{
        echo "Error: " . $sql . "<br>" . $mysqli->error;
    }
    $mysqli->close();
?>

Comments

Comment posted by See manual page here

You need

Comment posted by Funk Forty Niner

For one, you never executed the INSERT query for

Comment posted by Markus Zeller

Use prepared statements for preventing SQL injections.

Comment posted by RiggsFolly

@FunkFortyNiner Oh yea missed that, I need to stop for High Tea

Comment posted by Funk Forty Niner

@RiggsFolly Heh, it’s normal to be preoccupied in these trying times.

By

Leave a Reply

Your email address will not be published. Required fields are marked *