 |  |  |  |  |  |  |  |
http form -> php -> mysql snafu
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
having an issue--*cough*newbie*cough*--the html and php code here supposedly creates a new record into my database. problem is, the successfully connects to sql and creates the record, but the contents of the $_POST variables do not make it into their respective fields. I have an id field (AUTO_INCREMENT) that is created successfully, but no text in the mailto, firstname, and lastname fields.
any comments would be most appreciated....
[html]
<html>
<head>
<title>Bee In The Buzz</title>
</head>
<body>
<p>Are you a:
<form method="post" action="form2sql.php">
<LABEL for="firstname">First name: </LABEL>
<INPUT type="text" name="firstname"><BR>
<LABEL for="lastname">Last name: </LABEL>
<INPUT type="text" name="lastname"><BR>
<LABEL for="mailto">email: </LABEL>
<INPUT type="text" name="mailto"><BR>
<input type="submit" name="Submit"/>
</form>
</body>
</html>
[/html]
form2sql.php:
[php]
<?php
$hostname="***";
$username="***";
$password="***";
$dbname="testdog";
$usertable="emails";
$con = mysql_connect($hostname,$username, $password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("testdog", $con);
$sql="use emails";
$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$_POST[mailto]','$_POST[firstname]','$_POST[lastname]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
[/php]
any comments would be most appreciated....
[html]
<html>
<head>
<title>Bee In The Buzz</title>
</head>
<body>
<p>Are you a:
<form method="post" action="form2sql.php">
<LABEL for="firstname">First name: </LABEL>
<INPUT type="text" name="firstname"><BR>
<LABEL for="lastname">Last name: </LABEL>
<INPUT type="text" name="lastname"><BR>
<LABEL for="mailto">email: </LABEL>
<INPUT type="text" name="mailto"><BR>
<input type="submit" name="Submit"/>
</form>
</body>
</html>
[/html]
form2sql.php:
[php]
<?php
$hostname="***";
$username="***";
$password="***";
$dbname="testdog";
$usertable="emails";
$con = mysql_connect($hostname,$username, $password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("testdog", $con);
$sql="use emails";
$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$_POST[mailto]','$_POST[firstname]','$_POST[lastname]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
[/php]
•
•
Join Date: Jul 2004
Posts: 494
Reputation: 
Solved Threads: 21
Posting Pro in Training
You're using $_POST wrong.
This:
Should be:
I haven't tried this, but I think it works. I don't normally do INSERT queries like this, as I need to escape the data. Doing it all on one line of code makes for a mess.
You need to escape the data too, unless you want to allow for SQL injection attacks... (With some educated guesses a hacker could figure out what to do to end your SQL statement and add some of his own.)
This:
•
•
•
•
PHP Syntax (Toggle Plain Text)
PHP Syntax (Toggle Plain Text)
I haven't tried this, but I think it works. I don't normally do INSERT queries like this, as I need to escape the data. Doing it all on one line of code makes for a mess.
You need to escape the data too, unless you want to allow for SQL injection attacks... (With some educated guesses a hacker could figure out what to do to end your SQL statement and add some of his own.)
PHP Syntax (Toggle Plain Text)
www.uncreativelabs.net
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
thanks now i'm learning about escape strings.
p.s. should be new thread but while i'm at being a noob may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...
p.s. should be new thread but while i'm at being a noob may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...
•
•
Join Date: Jul 2004
Posts: 494
Reputation:
Solved Threads: 21
Posting Pro in Training
You hit upon one of my PHP rules: Assume the user can see your code.
Rather than mysql_real_escape_string you can use addslashes. When you use it, you'll need to use strip slashes to edit the data, though.
For unrelated (or barely related) questions, go ahead and start a new thread. You can also mark the thread solved if you get the right answer. This will help people later on when searching.
Rather than mysql_real_escape_string you can use addslashes. When you use it, you'll need to use strip slashes to edit the data, though.
PHP Syntax (Toggle Plain Text)
For unrelated (or barely related) questions, go ahead and start a new thread. You can also mark the thread solved if you get the right answer. This will help people later on when searching.
www.uncreativelabs.net
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
Old computers are getting to be a lost art. Here at Uncreative Labs, we still enjoy using the old computers. Sometimes we want to see how far a particular system can go, other times we use a stock system to remind ourselves of what we once had.
|
Similar Threads
- WANTED : PHP/Mysql programmer (US time zone) (Web Development Job Offers)
- php/mysql full text search help (PHP)
- Flash Poll System using php/mysql for free (Graphics and Multimedia)
- PHP/MySQL programmer available (Post your Resume)
Other Threads in the PHP Forum
- Previous Thread: shopping cart help
- Next Thread: How to get state selected country using php
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
apache api array beginner binary broken cache cakephp checkbox class cms code confirm cron curl customizableitems database date display dynamic echo email error external file files folder form forms forum freelancing function functions google header headmethod howtowriteathesis href htaccess html iframe image include incode insert ip javascript joomla limit link login mail malfunction menu method mlm mod_rewrite multiple mysql neutrality oop pageing paypal pdf php phpmysql play problem query question radio random recursion recursiveloop remote root script search select server sessions sms soap source space sql support! syntax system table template tutorial update upload url validator variable video web youtube
