Page 1 of 1

PHP help

Posted: Thu Jan 13, 2011 11:18 pm
by brassfid
I have tried and tried with this one. I have looked everywhere, and i keep coming up with the same thing. I am a newbie. I am only trying to get one field filled, "Beer Name" though there are quite a few input areas in the HTML. I keep getting either "beername" or ""(blanks) showing up. Thank you so much!

This is what I have in insert.php

Code: Select all

<?php
$con = mysql_connect("localhost","name","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db_table", $con);

$sql="INSERT INTO table (beername)
VALUES
('beername')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>

On website I have: 

<html>
<body>

<form action="/wp-content/insert.php" method="post">
<P>
    <LABEL for="beername">Beer Name: </LABEL>
              <INPUT type="text" id="beername"><BR>
    <LABEL for="brewery">Brewery: </LABEL>
              <INPUT type="text" id="brewery"><BR>
    <LABEL for="style">Style: </LABEL>
              <INPUT type="text" id="style"><BR>
    <P>Aroma<BR>
<TEXTAREA Name="aroma" rows="4" cols="20"></TEXTAREA> 
    <P>Appearance<BR>
<TEXTAREA Name="appearance" rows="4" cols="20"></TEXTAREA> 
    <P>Flavor<BR>
<TEXTAREA Name="Flavor" rows="4" cols="20"></TEXTAREA> 
    <P>Mouth Feel<BR>
<TEXTAREA Name="mouthfeel" rows="4" cols="20"></TEXTAREA> 
    <P>Overall Impression<BR>
<TEXTAREA Name="overallimpression" rows="4" cols="20"></TEXTAREA> 
    </P>
<INPUT TYPE=SUBMIT NAME="submitbeer" VALUE="SUBMIT">
</form>

</body>
</html>

Re: PHP help

Posted: Thu Jan 13, 2011 11:49 pm
by d3ad1ysp0rk
Are you learning from a book, or online tutorials? There are a lot of basic problems with your code, so I would suggest picking up a well rated book on html/php to learn.

Your biggest problem is that only some of your inputs have the required name field. When your browser sends POST data to a PHP page, it sends an array where the keys are the input names, and the value is the input value. ID is used for Javascript/CSS work.

Code: Select all

<form action="/wp-content/insert.php" method="post">
<P>
<LABEL for="beername">Beer Name: </LABEL>
<INPUT type="text" id="beername" name="beername"><BR>
<LABEL for="brewery">Brewery: </LABEL>
<INPUT type="text" id="brewery" name="brewery"><BR>
<LABEL for="style">Style: </LABEL>
<INPUT type="text" id="style" name="style"><BR>
<P>Aroma<BR>
<TEXTAREA Name="aroma" rows="4" cols="20"></TEXTAREA>
<P>Appearance<BR>
<TEXTAREA Name="appearance" rows="4" cols="20"></TEXTAREA>
<P>Flavor<BR>
<TEXTAREA Name="Flavor" rows="4" cols="20"></TEXTAREA>
<P>Mouth Feel<BR>
<TEXTAREA Name="mouthfeel" rows="4" cols="20"></TEXTAREA>
<P>Overall Impression<BR>
<TEXTAREA Name="overallimpression" rows="4" cols="20"></TEXTAREA>
</P>
<INPUT TYPE="SUBMIT" NAME="submitbeer" VALUE="SUBMIT">
</form>
And for the value in the SQL query...

Code: Select all

$sql="INSERT INTO table (beername)
VALUES
(".mysql_real_escape_string($_POST['beername']).")";
Good luck!

Re: PHP help

Posted: Thu Jan 13, 2011 11:52 pm
by Jonah Bron
That's because you're inserting the literal string "beername", not the value of $_POST['beername'], which is what you want. Instead of this:

Code: Select all

$sql="INSERT INTO table (beername)
VALUES
('beername')";
Try this:

Code: Select all

if (!isset($_POST['beername'])) {
    die('Please submit from the form');
}
$beername = mysql_real_escape_string($_POST['beername']);

$sql="INSERT INTO table (beername)
VALUES
('$beername')";
Do you see how that works? First, we have to check to make sure that the field 'beername' is present. Then, we clean the value with mysql_real_escape_string(). This prevents problems with apostrophes in the input, and SQL Injection. And finally we insert $beername into the query.

Re: PHP help

Posted: Fri Jan 14, 2011 12:42 am
by brassfid
Thanks for all your help! It is working. It's always easy to understand code once it's layed out in front of me. :)