I have a form named:"RegistrationForm.php". when i click the "submit button", there's a data inserted in the database (the prove is, there a new row in the database),
but there's no value from user textfield(ic_no,name,email...) that have been inserted.
It means like there's a row of data inserted but without value..

p/s- however, when i click the submit button, it successfully directed me to the "BookingForm.php" with all the session value...it's just that there's no data inserted into the database.

can someone straighten this up for me? am i doing wrong with the coding with the submit button?
here's the code

<?php
session_start();
$_SESSION['ic_no']=$ic_no;
$_SESSION['name']=$name;
$_SESSION['address']=$address;
$_SESSION['tel_no']=$tel_no;
$_SESSION['email']=$email;
?>


<html>
<body>

<form action="BookingForm.php" method="post">
  <p><strong>REGISTRATION FORM</strong></p>
  <table width="285" border="1">
    <tr>
      <th width="120" scope="row">Ic No :</th>
      <td width="149"><label>
        <input type="text" name="ic_no" id="ic_no" value="<?php $ic_no; ?>">
      </label></td>
    </tr>
    <tr>
      <th scope="row">Name :</th>
      <td><label>
        <input type="text" name="name" id="name" value="<?php $name; ?>">
      </label></td>
    </tr>
    <tr>
      <th scope="row">Address :</th>
      <td><label>
        <input type="text" name="address" id="address" value="<?php $address; ?>" >
      </label></td>
    </tr>
    <tr>
      <th scope="row">Contact No :</th>
      <td><label>
        <input type="text" name="tel_no" id="tel_no" value="<?php $tel_no; ?>">
      </label></td>
    </tr>
    <tr>
      <th scope="row">Email :</th>
      <td><label>
        <input type="text" name="email" id="email"  value="<?php $email; ?>">
      </label></td>
    </tr>
  </table>
  <input type="submit" name="submit" id="submit" value="Submit">
  <?php
$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("ambos", $con);

mysql_query("INSERT INTO customer (ic_no, name, address, tel_no, email)
VALUES ('$_POST[ic_no]', '$_POST[name]', '$_POST[address]','$_POST[tel_no]','$_POST[email]')");
mysql_close($con);

</form>
 </body>
</html>

any ideas is really appreciated

You need to write following code in "BookingForm.php" page. Remove this code from your registration page. Becuase when registration page is opened nothting is posted to it, so blank row is inserted.

<?php
$con = mysql_connect("localhost","root","password");
if (!$con) 
 { 
 die('Could not connect: ' . mysql_error());  }
 mysql_select_db("ambos", $con); mysql_query("INSERT INTO customer (ic_no, name, address, tel_no, email)VALUES ('$_POST[ic_no]', '$_POST[name]', '$_POST[address]','$_POST[tel_no]','$_POST[email]')");
mysql_close($con);
?>
Member Avatar
diafol

As a side issue - you really are a wrongdoer if you intend on placing unsanitized form data straight into your DB.

As a side issue - you really are a wrongdoer if you intend on placing unsanitized form data straight into your DB.

i'm sorry. but do you mean by " placing unsanitized form". i just started learn thus many things that i still learn right now.

do you means that my coding is messy or not logic?

Member Avatar
diafol

i'm sorry. but do you mean by " placing unsanitized form". i just started learn thus many things that i still learn right now.

do you means that my coding is messy or not logic?

If you pass raw data from a form into a DB - you could get trouble. Use this:

$ic_no = mysql_real_escape_string($_POST['ic_no']);
$name = mysql_real_escape_string($_POST['name']);
$address = mysql_real_escape_string($_POST['address']);
$tel_no = mysql_real_escape_string($_POST['tel_no']);
$email = mysql_real_escape_string($_POST['email']);

mysql_select_db("ambos", $con); mysql_query("INSERT INTO customer (ic_no, name, address, tel_no, email)VALUES ('$ic_no', '$name', '$address','$tel_no','$email')");
mysql_close($con);

If your ic_no field is an autoincrement, there is no need to include it, it will be assigned automatically.
Also $_POST[address] is wrong - use $_POST - with the quotes.

thanks ardav for the explanation and the little bits of the tips.
finally i did solve the problems...

Member Avatar
diafol

Great! Mark it solved please.