adding records to the database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jimkirkpat
Forum Newbie
Posts: 2
Joined: Sat Jun 13, 2009 10:37 am

adding records to the database

Post by jimkirkpat »

Hello All,
I'm a total newbie and am trying to learn MySQL and PHP. I'm following the book MySQL/PHP Database Appplications by Bulger, Greenspan, & Wall.
I'm using MAMP and created the db and wrote the code as the book says. Everything works ok except(Always an exception :wink: ), I can't seem to add any records to the db. I know that I can view the records but I can't find what I'm doing wrong trying add a record.
Below is my code. I'm adding all the pages, but I think the problem is in the create_entry.php page. I feel that I can move onto other things as soon as I can get this solved.
Any help is greatly appreciated. Also If this post is not in the right place I apologize and let me know where to go.

dbconnect.php:
<?php
mysql_connect('localhost','joeuser','resueoj')
or die("<h3>could not connect to MySQL</h3>\n");
mysql_select_db('guestbook')
or die("<h3>could not select database 'guestbook'</h3>\n");
?>
----
sign.php:
<h2>Sign my Guestbook!!!</h2>
<form method="post" action="create_entry.php">
<b> Name:</b>
<input type="text" size="40" name="name">
<br>
<b> Email:</b>
<input type="text" size="40" name="email">
<br>
<b> URL:</b>
<input type="text" size="40" name="url">
<br>
<b> Comments:</b>
<textarea name="comments" cols="40" rows="4" wrap="virtualv"></textarea>
<br>

<input type="submit" name="submit" value="Sign!">
<input type="reset" name="reset" value="Start Over">
</form>

----
Crete_entry.php:
<?php
include ("dbconnect.php");

if($_REQUEST["submit"] == "Sign!")
{
$query = "insert into guestbook
(name, email, url, comments) values('"
.$_REQUEST["name"]
."', '"
.$_REQUEST["email"]
."','"
.$_REQUEST["url"]
."','"
.$_REQUEST["comments"]
."')"
;
msql_query($query);
?>
<h2>Thanks!!</h2>
<h2><a href="view.php">View my Guest Book!!!</a></h2>
<?php
}
else
{
include ("sign.php");
}
?>

----
view.php:
<?php include('dbconnect.php'); ?>

<h2>View My Guest Book!!</h2>

<?php

$result = mysql_query('select * from guestbook')
or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
echo '<b>Name:</b>'
, $row['name']
, "<br>\n"
, '<b>Email:</b>'
, $row['email']
, "<br>\n"
, '<b>URL:</b>'
, $row['url']
, "<br>\n"
, '<b>Comments:</b>'
, $row['comments']
, "<br>\n"
, "<br>\n"
, "<br>\n";
}
mysql_free_result($result);
?>

<h2><a href="sign.php">Sign My Guest Book!!</a></h2>
jimkirkpat
Forum Newbie
Posts: 2
Joined: Sat Jun 13, 2009 10:37 am

adding records to the database

Post by jimkirkpat »

I pasted the wrong dbconnect.php. Here is the correct one.

dbconnect.php:
<?php
mysql_connect('localhost','root','root')
or die("<h3>could not connect to MySQL</h3>\n");
mysql_select_db('guestbook')
or die("<h3>could not select database 'guestbook'</h3>\n");
?>
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Re: adding records to the database

Post by miro_igov »

msql_query($query); ? Is it not mysql_query($query) ?
pauldr
Forum Newbie
Posts: 18
Joined: Fri Apr 10, 2009 6:40 am

Re: adding records to the database

Post by pauldr »

Jim,

If I may suggest, you may want to use "htmlspecialchars" to filter out possible injections into your code. For instance, if someone was to place <h1> tags around the data it would be interpreted as a <h1> tag and enlarge the text. Using "htmlspecialchars" filters out that tag for you. Below is an example of an insert page that I use.

Code: Select all

if (! is_numeric($_POST[category])){
    die('Error: category, Number is not numeric.');    // Whatever you want to catch errors here.
}
 
if (! is_numeric($_POST[unit_price])){
    die('Error: unit_price, Number is not numeric.');    // Whatever you want to catch errors here.
}
 
if (! is_numeric($_POST[max_qty])){
    die('Error: max_qty, Number is not numeric.');    // Whatever you want to catch errors here.
}
 
if (! is_numeric($_POST[qty])){
    die('Error: qty, Number is not numeric.');    // Whatever you want to catch errors here.
}
 
$category = $_POST[category];
$short_desc = htmlspecialchars($_POST[short_desc]);
$part_no = htmlspecialchars($_POST[part_no]);
$vendor = htmlspecialchars($_POST[vendor]);
$unit_price = $_POST[unit_price];
$long_desc = htmlspecialchars($_POST[long_desc]);
$max_qty = $_POST[max_qty];
$qty = $_POST[qty];
 
$sql="INSERT INTO `item` 
            (`date_insert`,
             `category_id`,
             `short_desc`,
             `part_no`,
             `vendor`,
             `unit_price`,
             `long_desc`,
             `max_qty`,
             `qty`) 
        VALUES 
            (NOW(),
             '$category',
             '$short_desc',
             '$part_no',
             '$vendor',
             '$unit_price',
             '$long_desc',
             '$max_qty',
             '$qty')";
Post Reply