I have this php news system with MYSQL and I am finding the simple task annoyingly hard. I have a form where you fill in detail and pess submit and the details go into the database. I have done this before using two seperate pages one with the form in it and the other with the action but now i am wanting to expand my knowledge and wanting the action on the same page so far I have made this and it does not add the data to the databse but it is able to output a bit


<? if($HTTP_POST_VARS['submit']) {
$auther=$HTTP_POST_VARS['auther'];
$snews=$HTTP_POST_VARS['snews'];
$fnews=$HTTP_POST_VARS['fnews'];


echo "$fnews";
echo "$snews";
include("dbinfo.inc.php");

$connection=mysql_connect("localhost",$username, $password) or die("Unable to connect!");

print " it does not out put it here";
print " $auther<br>";
print " $fnews<br>";
print " $snews<br>";


mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query="INSERT INTO webnews (
auther,
snews,
fnews)
VALUES(
'".$auther."',
'".$snews."',
'".$fnews."')";

$result2=mysql_query($query) or die("Error in query:".mysql_error());

}

if ($result2) {
echo mysql_affected_rows()." row inserted into the database effectively.";
mysql_close($connection);
}


print " here is where it out puts the data";
print " $auther<br>";
print " $fnews<br>";
print " $snews<br>";
?>



if anyone can see what is wrong please tell me

I don't think there is anything wrong with the query.
What i would recommend is print out the executed query by adding echo $query; right after it. Then look in your browser what the problem could be.

You should in any case use addslashes() for the three variables. Like
$auther=addslashes($HTTP_POST_VARS['auther']);

(I suppose you have an old php version, because of the $HTTP_POST_VARS)


But there are some strange things in your code. For instance the second mysql_connect() --> drop it

I also don't understand why you want to print between the connectionstrings ...

In fact, the connectionscrings should better be in your includefile as well (unless you access more then one db, but even then, it would be better to have an include for each db, instead of including the connectionstrings in every page)
You should also set the $username an $password to '' right after the connectionstring.

ok i tried to tidy it up a bit here


<? if($HTTP_POST_VARS['submit']) {

$auther=addslashes($HTTP_POST_VARS['auther']);
$fnews=addslashes($HTTP_POST_VARS['fnews']);
$snews=addslashes($HTTP_POST_VARS['snews']);
$connection=mysql_connect("localhost",$username, $password) or die("Unable to connect!");

include("dbinfo.inc.php");

mysql_connect($conection);
@mysql_select_db($database) or die( "Unable to select database");

$query="INSERT INTO webnews (
auther,
snews,
fnews)
VALUES(
'".$auther."',
'".$snews."',
'".$fnews."')";

$result2=mysql_query($query) or die("Error in query:".mysql_error());

}

if ($result2) {
echo mysql_affected_rows()." row inserted into the database effectively.";
mysql_close($connection);
}


print " here is what you have inputed go to edit if it is wrong <br>";
print " $auther<br>";
print " $fnews<br>";
print " $snews<br>";
?>



and here is the form

<form name="insert" method="post" action="<?=$PHP_SELF?>">
<p>auther</p>
<p> <input name="auther" type="text" >
</p>
<p>Short News </p>
<p>
<textarea name="snews" cols="50" rows="2" wrap="VIRTUAL"></textarea>
</p>
<p>Full news</p>
<p>
<textarea name="fnews" cols="50" rows="10"></textarea>
</p>

<p>
<input type="submit" name="Submit" value="submit">
</p>
</form>

It still doesnt input the data into the database but it is able to desplay what I have put in
It is late at night and I dont understand when u say "You should also set the $username an $password to '' right after the connectionstring."
thank you so far please dont give up on me just yet :)

$connection=mysql_connect("localhost",$username, $password) or die("Unable to connect!");

include("dbinfo.inc.php");

mysql_connect($conection);
i think you want to change that to this, you still had 2 mysql_connect 's


include("dbinfo.inc.php");
// the following 3 lines should also be in dbinfo.inc.php
$connection=mysql_connect("localhost",$username, $password) or die("Unable to connect!");
$username = ""; // Raf's suggestion
$password = "";


if that doesnt work i would try a simple
<?php echo $PHP_SELF; ?> to make sure your actually posting it somewhere

if you do have a newer version of php you would want to use $_POST['variable'] rather than $HTTP_POST_VARS['variable']

Thank you and after following you advice I have done this


<?PHP if($HTTP_POST_VARS['submit']) {

$auther=addslashes($_POST['auther']);
$fnews=addslashes($_POST['fnews']);
$snews=addslashes($_POST['snews']);

include("dbinfo.inc.php");

@mysql_select_db($database) or die( "Unable to select database");

$query="INSERT INTO webnews (
auther,
snews,
fnews)
VALUES(
'".$auther."',
'".$snews."',
'".$fnews."')";

$result2=mysql_query($query) or die("Error in query:".mysql_error());

}

if ($result2) {
echo mysql_affected_rows()." row inserted into the database effectively.";
print " here is what you have inputed go to edit if it is wrong <br>";
print " $auther<br>";
print " $fnews<br>";
print " $snews<br>";
mysql_close($connection);
}



?>

and the dbinfo.inc.php has this in it


<?
//which are correct
$username="";
$password="";
$database="";
$connection=mysql_connect("localhost",$username, $password) or die("Unable to connect!");
?>



It still does not input it into the database and <?php echo $PHP_SELF; ?> just comes up with the webpage it is on /webnews.php here (http://www.tsclan.co.uk/webnews.php) you can download the full file if its any use and I do have the latest version of php VERSION: 4.3.3
Thank you, so far you have been gr8 :thumbsup:

change
<form name="insert" method="post" action="<?=$PHP_SELF?>">
into
<form name="insert" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
or
<form name="insert" method="post" action="<?php echo $HTTP_SERVER_VAR['PHP_SELF']; ?>">
(depending on your PHP version)
if you look at your source in the browser, then you will see that the action now containt the url of your file. This way, the form will always post to itself, even if you rename it.


This
<?PHP if($HTTP_POST_VARS['submit']) {
is probably wrong, no ? (i've never used it like that) If it never evaluates as true, then the parser will jump immedeately to
if ($result2) {
and there will neve be a record inserted

try
<?PHP if(isset($HTTP_POST_VARS['submit'])) {


The first closing bracket --> it should be placed after the mysql_close

the

$username="";
$password="";
$database="";
$connection=mysql_connect("localhost",$username, $password) or die("Unable to connect!");

Just to avoid misunderstanding,
The variables should contain the usernames etc before you open the connection. But right after that line, should be unset or set to empty

Like

$username="foo";
$password="bar";
$database="test";
$connection=mysql_connect("localhost",$username, $password) or die("Unable to connect!");
$username="";
$password="";
$database="";