...

View Full Version : PHP Form



AlCapwn
03-15-2010, 01:02 AM
I copied this php form off of w3 schools because it seemed perfect for what I need. I edited the form a bit to fit my liking but it doesn't seem to insert into the database or even say anything after you submit it.



<html>
<body>

<form action="insert.php" method="post">
First Name: <input type="text" name="name" />
Age: <input type="text" name="age" />
Email: <input type="text" name="email" />
<input type="submit" />
</form>

</body>
</html>




<?php
$con = mysql_connect("localhost","blank","blank");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("database", $con);

$sql="INSERT INTO table (FirstName, Age, Email)
VALUES
('$_POST[name]','$_POST[age]','$_POST[email]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>


The database name, table name, and password are all correct.

bdl
03-15-2010, 01:18 AM
Please edit your code and remove your username (root) and password. I suggest you never allow any connections as root from anything but the mysql command line running on localhost. Always create a 'php only' or 'web only' database user with limited privileges. Always create an admin user with somewhat limited privileges to oversee day to day DDL and DML functions.

Ok, now to the actual problem. You're saying the script doesn't output anything; is it simply giving you a blank page? No error? What does the HTML source of the parsed PHP script look like? Is the form target attribute correct?

At the top of your script, add this:


<?php
error_reporting(E_ALL);
ini_set('display_errors',1);

var_dump($_POST);

...
$con= ...

AlCapwn
03-15-2010, 01:30 AM
Please edit your code and remove your username (root) and password. I suggest you never allow any connections as root from anything but the mysql command line running on localhost. Always create a 'php only' or 'web only' database user with limited privileges. Always create an admin user with somewhat limited privileges to oversee day to day DDL and DML functions.

Ok, now to the actual problem. You're saying the script doesn't output anything; is it simply giving you a blank page? No error? What does the HTML source of the parsed PHP script look like? Is the form target attribute correct?

At the top of your script, add this:


<?php
error_reporting(E_ALL);
ini_set('display_errors',1);

var_dump($_POST);

...
$con= ...


Yea it doesn't put anything in the database nor does it put anything on the page after you submit it's just blank white. Even after I put that code at the top of it.

masterofollies
03-15-2010, 02:07 AM
You need to add this


if (isset($_POST['submit'])) {
//Database insert
}

Also your submit button doesn't have a name. That should help

tomws
03-15-2010, 03:21 AM
Follow bdl's advice and turn on error reporting. Blank pages usually mean you have some kind of syntax error or parse error and your error reporting is off.

Once you turn it on, I suspect it might complain about an "unexpected $end". You're missing a semi-colon on the mysql_close line.

When that's fixed, it may break because you're handling your POST variables incorrectly in the query string. Array notation needs to be handled a little differently. Try changing that to:

$sql="INSERT INTO table (FirstName, Age, Email)
VALUES
('{$_POST['name']}','{$_POST['age']}','{$_POST['email']}')";
Note the curly braces and quoted array keys.

Furthermore, your code is vulnerable to SQL injection. In the vernacular, that means you'll get hacked. So this code should not be used in a live project. If it's your intention to use this online somewhere, read up on php sql injection and mysql_real_escape_string().

There may be other problems. These are just the obvious ones on first glance.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum