php insertion not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mianmajidali
Forum Commoner
Posts: 30
Joined: Tue Dec 01, 2009 8:05 pm

php insertion not working

Post by mianmajidali »

hi to all
i have made a form to insert values in mysql using php, but it does not working and also not generating any error, please guide me.

--------------------------

This is HTML form :
<form action="query.php" method="post">
<table cellpadding="3" cellspacing="3">
<tr>
<td colspan="3">&nbsp;</td>
</tr>
<tr>
<td colspan="3">
<strong>Query Form</strong>
</td>
</tr>
<tr>
<td colspan="3">&nbsp;</td>
</tr>
<tr>
<td>Name:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="Name" id="Name" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Email:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="email" id="email" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Company:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="company" id="company" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Country:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="country" id="country" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Telephone:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="tel" id="tel" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Fax:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="fax" id="fax" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Mobile:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="mob" id="mob" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>

<tr valign="top">
<td>Query Detail:</td><td>&nbsp;</td>
<td>
<TEXTAREA NAME="query" id="query" COLS=40 ROWS=10></TEXTAREA>
</td>
</tr>
<tr valign="top" align="center">
<td colspan="3">
<input type="submit" name="" value="Submit Query"/>
</td>

</tr>
<tr valign="top">
<td colspan="3">&nbsp;</td>

</tr>
</table>
</form>
-----------------
This is the php file named as query.php using with form

<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("oscobizz_test", $con);
$sql="INSERT INTO query(name, email, company, country, tel, fax, mob, query)
VALUES
('$_POST[name]','$_POST[email]','$_POST[company]','$_POST[country]','$_POST[tel]','$_POST[fax]','$_POST[mob]','$_POST[query]')";


echo "Thanks for submit Query: we will contact you soon.";

mysql_close($con);


?>
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: php insertion not working

Post by califdon »

1. Please do not post long code listings like that without using

Code: Select all

 and [/php ] tags surrounding them (don't include spaces) so they will look like this:[syntax=php]$sql="INSERT INTO query(name, email, company, country, tel, fax, mob, query)
VALUES
('$_POST[name]','$_POST[email]','$_POST[company]','$_POST[country]','$_POST[tel]','$_POST[fax]','$_POST[mob]','$_POST[query]')";[/syntax]

2. Your problem is that you cannot use array notation like $_POST[name] within a double-quoted string. You can use this:[syntax=php]VALUES ('" . $_POST['name'] . "','" . $_POST['email'] ... etc.
 
 [/syntax]but that is very dangerous, because of what is called SQL injection, which can destroy your database and do other damage to your web site. You should always do like this:
[syntax=php]...
$name = isset($_POST['name']) ? mysql_real_escape_string($_POST['name']) : "";
$email = isset($_POST['email']) ? mysql_real_escape_string($_POST['email']) : "";
$company = isset($_POST['company']) ? mysql_real_escape_string($_POST['company']) : "";
$country = isset($_POST['country']) ? mysql_real_escape_string($_POST['country']} : "";
$tel = isset($_POST['tel']) ? mysql_real_escape_string($_POST['tel']) : "";
$fax = isset($_POST['fax']) ? mysql_real_escape_string($_POST['fax']) : "";
$mob = isset($_POST['mob']) ? mysql_real_escape_string($_POST['mob'] : "";
$query = isset($_POST['query']) ? mysql_real_escape_string($_POST['query'] : "";
...
$sql="INSERT INTO query(name, email, company, country, tel, fax, mob, query)
VALUES
('$name','$email','$company','$country','$tel','$fax','$mob','$query')";[/syntax]
The mysql_real_escape_string() function is essential, to protect your site! Look up that function in the PHP manual to see how it works.
mianmajidali
Forum Commoner
Posts: 30
Joined: Tue Dec 01, 2009 8:05 pm

Re: php insertion not working

Post by mianmajidali »

thanks to all guys for helping me,
i have solved this problem, there was one thing missing that was
" mysql_query(); "
Post Reply