0

I have a form named:"RegistrationForm.php". when i click the "submit button", there's a data inserted in the database (the prove is, there a new row in the database),
but there's no value from user textfield(ic_no,name,email...) that have been inserted.
It means like there's a row of data inserted but without value..

p/s- however, when i click the submit button, it successfully directed me to the "BookingForm.php" with all the session value...it's just that there's no data inserted into the database.

can someone straighten this up for me? am i doing wrong with the coding with the submit button?
here's the code

<?php
session_start();
$_SESSION['ic_no']=$ic_no;
$_SESSION['name']=$name;
$_SESSION['address']=$address;
$_SESSION['tel_no']=$tel_no;
$_SESSION['email']=$email;
?>


<html>
<body>

<form action="BookingForm.php" method="post">
  <p><strong>REGISTRATION FORM</strong></p>
  <table width="285" border="1">
    <tr>
      <th width="120" scope="row">Ic No :</th>
      <td width="149"><label>
        <input type="text" name="ic_no" id="ic_no" value="<?php $ic_no; ?>">
      </label></td>
    </tr>
    <tr>
      <th scope="row">Name :</th>
      <td><label>
        <input type="text" name="name" id="name" value="<?php $name; ?>">
      </label></td>
    </tr>
    <tr>
      <th scope="row">Address :</th>
      <td><label>
        <input type="text" name="address" id="address" value="<?php $address; ?>" >
      </label></td>
    </tr>
    <tr>
      <th scope="row">Contact No :</th>
      <td><label>
        <input type="text" name="tel_no" id="tel_no" value="<?php $tel_no; ?>">
      </label></td>
    </tr>
    <tr>
      <th scope="row">Email :</th>
      <td><label>
        <input type="text" name="email" id="email"  value="<?php $email; ?>">
      </label></td>
    </tr>
  </table>
  <input type="submit" name="submit" id="submit" value="Submit">
  <?php
$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("ambos", $con);

mysql_query("INSERT INTO customer (ic_no, name, address, tel_no, email)
VALUES ('$_POST[ic_no]', '$_POST[name]', '$_POST[address]','$_POST[tel_no]','$_POST[email]')");
mysql_close($con);

</form>
 </body>
</html>

any ideas is really appreciated

3
Contributors
6
Replies
7
Views
7 Years
Discussion Span
Last Post by diafol
0

You need to write following code in "BookingForm.php" page. Remove this code from your registration page. Becuase when registration page is opened nothting is posted to it, so blank row is inserted.

<?php
$con = mysql_connect("localhost","root","password");
if (!$con) 
 { 
 die('Could not connect: ' . mysql_error());  }
 mysql_select_db("ambos", $con); mysql_query("INSERT INTO customer (ic_no, name, address, tel_no, email)VALUES ('$_POST[ic_no]', '$_POST[name]', '$_POST[address]','$_POST[tel_no]','$_POST[email]')");
mysql_close($con);
?>

Edited by urtrivedi: n/a

0

As a side issue - you really are a wrongdoer if you intend on placing unsanitized form data straight into your DB.

0

As a side issue - you really are a wrongdoer if you intend on placing unsanitized form data straight into your DB.

i'm sorry. but do you mean by " placing unsanitized form". i just started learn thus many things that i still learn right now.

do you means that my coding is messy or not logic?

0

i'm sorry. but do you mean by " placing unsanitized form". i just started learn thus many things that i still learn right now.

do you means that my coding is messy or not logic?

If you pass raw data from a form into a DB - you could get trouble. Use this:

$ic_no = mysql_real_escape_string($_POST['ic_no']);
$name = mysql_real_escape_string($_POST['name']);
$address = mysql_real_escape_string($_POST['address']);
$tel_no = mysql_real_escape_string($_POST['tel_no']);
$email = mysql_real_escape_string($_POST['email']);

mysql_select_db("ambos", $con); mysql_query("INSERT INTO customer (ic_no, name, address, tel_no, email)VALUES ('$ic_no', '$name', '$address','$tel_no','$email')");
mysql_close($con);

If your ic_no field is an autoincrement, there is no need to include it, it will be assigned automatically.
Also $_POST[address] is wrong - use $_POST - with the quotes.

Edited by diafol: n/a

0

thanks ardav for the explanation and the little bits of the tips.
finally i did solve the problems...

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.