Ad:

PHP Discussion Thread
Unsolved
Views: 2115

Sep 4th, 2006

http form -> php -> mysql snafu

Expand Post »

having an issue--*cough*newbie*cough*--the html and php code here supposedly creates a new record into my database. problem is, the successfully connects to sql and creates the record, but the contents of the $_POST variables do not make it into their respective fields. I have an id field (AUTO_INCREMENT) that is created successfully, but no text in the mailto, firstname, and lastname fields.

any comments would be most appreciated....

[html]
<html>
<head>
<title>Bee In The Buzz</title>
</head>

<body>

<p>Are you a:

<form method="post" action="form2sql.php">
<LABEL for="firstname">First name: </LABEL>
<INPUT type="text" name="firstname"><BR>
<LABEL for="lastname">Last name: </LABEL>
<INPUT type="text" name="lastname"><BR>
<LABEL for="mailto">email: </LABEL>
<INPUT type="text" name="mailto"><BR>

<input type="submit" name="Submit"/>
</form>

</body>
</html>
[/html]

form2sql.php:

[php]
<?php

$hostname="***";
$username="***";
$password="***";
$dbname="testdog";
$usertable="emails";

$con = mysql_connect($hostname,$username, $password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("testdog", $con);

$sql="use emails";
$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$_POST[mailto]','$_POST[firstname]','$_POST[lastname]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>
[/php]

Similar Threads

php/mysql full text search help in PHP
Flash Poll System using php/mysql for free in Graphics and Multimedia

went1180

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

9 posts
since Sep 2006

Permalink

Sep 4th, 2006

Re: http form -> php -> mysql snafu

You're using $_POST wrong.

This:

Quote ...

PHP Syntax (Toggle Plain Text)
$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$_POST[mailto]','$_POST[firstname]','$_POST[lastname]')";
$sql="INSERT INTO emails (mailto, firstname, lastname) VALUES ('$_POST[mailto]','$_POST[firstname]','$_POST[lastname]')";

Should be:

PHP Syntax (Toggle Plain Text)
$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$_POST['mailto']','$_POST['firstname']','$_POST['lastname']')";
$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$_POST['mailto']','$_POST['firstname']','$_POST['lastname']')";

I haven't tried this, but I think it works. I don't normally do INSERT queries like this, as I need to escape the data. Doing it all on one line of code makes for a mess.

You need to escape the data too, unless you want to allow for SQL injection attacks... (With some educated guesses a hacker could figure out what to do to end your SQL statement and add some of his own.)

PHP Syntax (Toggle Plain Text)
$mailto = $_POST['mailto'];
$mailto = mysql_real_escape_string($mailto)
 
* repeat for each variable *
 
$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$mailto', '$firstname', '$lastname')";
$mailto = $_POST['mailto'];
$mailto = mysql_real_escape_string($mailto)

* repeat for each variable *

$sql="INSERT INTO emails (mailto, firstname, lastname)
VALUES
('$mailto', '$firstname', '$lastname')";

Puckdropper

Reputation Points: 23

Solved Threads: 23

Posting Pro in Training

Offline

494 posts
since Jul 2004

Permalink

Sep 5th, 2006

Re: http form -> php -> mysql snafu

thanks now i'm learning about escape strings.

p.s. should be new thread but while i'm at being a noob may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...

went1180

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

9 posts
since Sep 2006

Permalink

Sep 7th, 2006

Re: http form -> php -> mysql snafu

You hit upon one of my PHP rules: Assume the user can see your code.

Rather than mysql_real_escape_string you can use addslashes. When you use it, you'll need to use strip slashes to edit the data, though.

PHP Syntax (Toggle Plain Text)
Here's a string.
 
Here\'s a string after add slashes.
 
Here\\\'s a string after add slashes again.
 
Here's a string.

Here\'s a string after add slashes.

Here\\\'s a string after add slashes again.

For unrelated (or barely related) questions, go ahead and start a new thread. You can also mark the thread solved if you get the right answer. This will help people later on when searching.

Puckdropper

Reputation Points: 23

Solved Threads: 23

Posting Pro in Training

Offline

494 posts
since Jul 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: shopping cart help

Next Thread in PHP Forum Timeline: How to get state selected country using php

DaniWeb Message

Cancel Changes

User Name
Password