My very first time ever working with PHP and MySQL, so probably a stupid mistake, but I have a db essentially looking like:


mysql> use blog
Database changed
mysql> select * from updates
-> ;
+---------------+------------------+------------+---------------+-----------+---
-+
| name | email | time | title | body | ID
|
+---------------+------------------+------------+---------------+-----------+---
-+
| Jason Davis | davisj@mssm.org | 2002-12-04 | test | blabla | 1
|
| John Doe | someone@www.com | 2002-12-05 | another title | blablabla | 3
|
+---------------+------------------+------------+---------------+-----------+---
-+
2 rows in set (0.00 sec)

mysql>


I have a blog.php page that looks like:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Beginning of a blog</title>
</head>
<body>
<?php
$db = mysql_connect("localhost", "root", "");
mysql_select_db("blog", $db);
$sql = "SELECT * FROM updates ORDER BY time DESC LIMIT 0, 10";
$result = mysql_query($sql);

while ($row = mysql_fetch_row($result)) {
echo "$row[3] - <a href=\"mailto:$row[1]\">$row[0]</a>, $row[2]<p>$row[4]</p><br/><br/>";
}
?>
<hr/>
<form action="blog-update.php" method="post">
name: <input type="text" name="name"/><br/>
email: <input type="text" name="email"/><br/>
title: <input type="text" name="title"/><br/>
message: <textarea name="body"></textarea><br/><br/>
<input type="submit"/>
</form>
</body>
</html>


And finally blog-update.php:

<?php
import_request_variables("P");

$db = mysql_connect("localhost", "root", "");
mysql_select_db("blog", $db);
$sql="INSERT INTO updates (name, email, time, body) VALUES ('$name', '$email', '$name', date('Y\-m\-d'), '$body')";
mysql_query($sql);

echo "Query used: $sql";
?>


Submitting the form on the first page however does not result in a new row being added, and I'm stumped as to why. The same query from the MySQL frontend works fine.

//YOUR CODE-----------------------------the last part

$sql="INSERT INTO updates (name, email, time, body) VALUES ('$name', '$email', '$name', date('Y-m-d'), '$body')";



should look like this(you have name twice in the values!!!:

$sql="INSERT INTO updates (name, email, time, body) VALUES ('$name', '$email', date('Y-m-d'), '$body')" or die (mysql_error());

bla! I knew it had to be something simple!

Thanks so much for pointing out my typo. :D

Argh, it still isn't working actually. blog-update.php now looks like:

<?php
import_request_variables("P");

$db = mysql_connect("localhost", "root", "");
mysql_select_db("blog", $db);
$sql="INSERT INTO updates (name, email, time, body) VALUES ('$name', '$email', date('Y\-m\-d'), '$body')";
mysql_query($sql);

echo "Query used: $sql";
?>


It just isn't updating the db... :confused:

Hi Jason:
What version is your PHP? Starting 4.1 (I believe), you'll need to access form submitted data using the appropriate super global arrays. In your case, variables like:

$name
$email

etc should be accessed instead using:

$_POST["name"]
$_POST["email"]

Merely using the form element's name no longer works. For more info, see: http://www.php.net/manual/en/printwn/reserved.variables.php

Originally posted by WA
What version is your PHP? Starting 4.1 (I believe), you'll need to access form submitted data using the appropriate super global arrays. In your case, variables like:


Hence my use of import_request-variables.

Anyway, I was just being stupid:


$sql="INSERT INTO updates (name, email, time, body) VALUES ('$name', '$email', '" . date('Y\-m\-d') . "', '$body')";


An "or die(mysql_error())" let me quickly find the problem. :)

Glad it's working Jason. BTW, I learned something new today- import_request_variables.

Quick question for you guys as i am reading this thread. I have sites where i use variables without and $_GET[] or $HTTP_GET_VARS[] (same for POST). If my servers are upgraded in their version of php, the variables won't work anymore? That would mean i'd have to go through tons of pages and change variables that i thought were made global automatically. Am I getting the right of this?

Thanks

Originally posted by druffus
Quick question for you guys as i am reading this thread. I have sites where i use variables without and $_GET[] or $HTTP_GET_VARS[] (same for POST). If my servers are upgraded in their version of php, the variables won't work anymore? That would mean i'd have to go through tons of pages and change variables that i thought were made global automatically. Am I getting the right of this?

Thanks

Yup. You would just need to copy an import_request_variables() into each one however to put them back into the global namespace.

thats not good, thanks though. where do you keep up to date on the news, i have a tendency to be oblivious, maybe i should change that.

Originally posted by druffus
Quick question for you guys as i am reading this thread. I have sites where i use variables without and $_GET[] or $HTTP_GET_VARS[] (same for POST). If my servers are upgraded in their version of php, the variables won't work anymore? That would mean i'd have to go through tons of pages and change variables that i thought were made global automatically. Am I getting the right of this?

Thanks

In the newest versions of PHP the globals setting is set to off by default where as before it was set to on by default. WIth globals set to on you could just automatically access any post or get data by using a variable with the same name as what was being passed which is I imagine what you were doing.

That is actually a bad idea. Even with globals on the proper way to access them would have been:

$var1 = $HTTP_POST_VARS["var1"];

with that declared at the top of the page then just use your variable wherever you like after that in the page. If that had been done initially then when globals are set to off in which you would access the variable like $var1 = $_POST["var1"]; all you would have had to change was the way that they are accessed.

There is IMO a really great advantage for accessing requested variables by their long form ($_POST or $HTTP_POST_VARS) over the register_globals way of handling those by putting them into the global scope: Readability!

It's far easier if you are debugging/maintenance programming/extending a script that's quite long, and you actually see where a variable is supposed to come from, then from just guessing it's source. Think of a 500 line long script with 10 include files at the top. Somewhere in the middle at line 243 you have


if ( $login == "bonzo" ) {
doSomething($foo);
}


and how much you use the search feature of your editor, you can't find any other reference to $login and $foo, but you know/suspect that your current trouble comes from these lines. After some hours of weeding through all included functions, classes, and config files you suddenly realize that you could have been saved from this headache if your coworker had written


if ( $_SESSION['login'] == "bonzo" ) {
doSomething($_GET['foo']);
}


instead.

Just a quick rant by me, but based on repeated experience. Save yourself some troubles and dismiss registering globals and using them in your scripts for the same reasons you don't name your functions xdfwowze2323dsow(). ;)

Makes sense. I have more than a few of those 500 line scripts and more, thats why finding out its not the best way makes me a little nervouse to have to go back and do some fixing. Just the way I figured it out in the beginning and I never thought that I shouldn't be doing. better late than never. Thanks guys.