Page 1 of 1

php insertion not working

Posted: Tue Dec 01, 2009 8:13 pm
by mianmajidali
hi to all
i have made a form to insert values in mysql using php, but it does not working and also not generating any error, please guide me.

--------------------------

This is HTML form :
<form action="query.php" method="post">
<table cellpadding="3" cellspacing="3">
<tr>
<td colspan="3">&nbsp;</td>
</tr>
<tr>
<td colspan="3">
<strong>Query Form</strong>
</td>
</tr>
<tr>
<td colspan="3">&nbsp;</td>
</tr>
<tr>
<td>Name:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="Name" id="Name" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Email:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="email" id="email" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Company:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="company" id="company" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Country:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="country" id="country" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Telephone:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="tel" id="tel" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Fax:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="fax" id="fax" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>
<tr>
<td>Mobile:</td><td>&nbsp;</td>
<td>
<INPUT TYPE="text" NAME="mob" id="mob" SIZE="30" MAXLENGTH="40"/>
</td>
</tr>

<tr valign="top">
<td>Query Detail:</td><td>&nbsp;</td>
<td>
<TEXTAREA NAME="query" id="query" COLS=40 ROWS=10></TEXTAREA>
</td>
</tr>
<tr valign="top" align="center">
<td colspan="3">
<input type="submit" name="" value="Submit Query"/>
</td>

</tr>
<tr valign="top">
<td colspan="3">&nbsp;</td>

</tr>
</table>
</form>
-----------------
This is the php file named as query.php using with form

<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("oscobizz_test", $con);
$sql="INSERT INTO query(name, email, company, country, tel, fax, mob, query)
VALUES
('$_POST[name]','$_POST[email]','$_POST[company]','$_POST[country]','$_POST[tel]','$_POST[fax]','$_POST[mob]','$_POST[query]')";


echo "Thanks for submit Query: we will contact you soon.";

mysql_close($con);


?>

Re: php insertion not working

Posted: Tue Dec 01, 2009 10:00 pm
by califdon
1. Please do not post long code listings like that without using

Code: Select all

 and [/php ] tags surrounding them (don't include spaces) so they will look like this:[syntax=php]$sql="INSERT INTO query(name, email, company, country, tel, fax, mob, query)
VALUES
('$_POST[name]','$_POST[email]','$_POST[company]','$_POST[country]','$_POST[tel]','$_POST[fax]','$_POST[mob]','$_POST[query]')";[/syntax]

2. Your problem is that you cannot use array notation like $_POST[name] within a double-quoted string. You can use this:[syntax=php]VALUES ('" . $_POST['name'] . "','" . $_POST['email'] ... etc.
 
 [/syntax]but that is very dangerous, because of what is called SQL injection, which can destroy your database and do other damage to your web site. You should always do like this:
[syntax=php]...
$name = isset($_POST['name']) ? mysql_real_escape_string($_POST['name']) : "";
$email = isset($_POST['email']) ? mysql_real_escape_string($_POST['email']) : "";
$company = isset($_POST['company']) ? mysql_real_escape_string($_POST['company']) : "";
$country = isset($_POST['country']) ? mysql_real_escape_string($_POST['country']} : "";
$tel = isset($_POST['tel']) ? mysql_real_escape_string($_POST['tel']) : "";
$fax = isset($_POST['fax']) ? mysql_real_escape_string($_POST['fax']) : "";
$mob = isset($_POST['mob']) ? mysql_real_escape_string($_POST['mob'] : "";
$query = isset($_POST['query']) ? mysql_real_escape_string($_POST['query'] : "";
...
$sql="INSERT INTO query(name, email, company, country, tel, fax, mob, query)
VALUES
('$name','$email','$company','$country','$tel','$fax','$mob','$query')";[/syntax]
The mysql_real_escape_string() function is essential, to protect your site! Look up that function in the PHP manual to see how it works.

Re: php insertion not working

Posted: Wed Dec 02, 2009 5:28 am
by mianmajidali
thanks to all guys for helping me,
i have solved this problem, there was one thing missing that was
" mysql_query(); "