Page 1 of 1
Please HELP! PHP not taking FORM variables.
Posted: Mon Mar 08, 2004 7:45 pm
by jdietrick99
I'm a high school student trying to create a MySQL database controlled with PHP. I've got my database and table all set up, but am having a (probably simple but) serious problem.
When i submit my FORM, I've read that the variables (like name, email, etc.) should automatically be passed to PHP (to create $name, $email, etc.). Instead, I get PHP errors saying the variables are undefined, and it then passes blank values into my table (so at least I know that part's working!)
So, what is it with PHP that won't let it accept incoming variables?
I'm running with Xitami on WinXP Home with PHP 4.3.4 and MySQL 4.0.18, but again i stress that MySQL, Xitami and everything is working just great, but PHP just won't take its variables. I am actually running an example script until I get the concept down, so someone's proven this to work.... anyways here it is:
in
add.html:
Code: Select all
<form action="insert.php" method="post">
First Name: <input type="text" name="first"><br>
Last Name: <input type="text" name="last"><br>
Phone: <input type="text" name="phone"><br>
Mobile: <input type="text" name="mobile"><br>
Fax: <input type="text" name="fax"><br>
E-mail: <input type="text" name="email"><br>
Web: <input type="text" name="web"><br>
<input type="Submit">
</form>
and in
insert.php:
Code: Select all
<?
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
mysql_query($query);
mysql_close();
?>
note that the dbinfo.inc.php contains only the variables needed to login to MySQL, and nothing more.
so, it's
supposed to pass the values, correct? Is there some parameter in my php.ini that I need to change? PHP will accept no variables, even in my most simple scripts.... even if i hand write them into the URL.... nothing....
Please someone help the newbie

Posted: Mon Mar 08, 2004 7:59 pm
by Deemo
what u havent done (and dont sweat it, i did this too), is u dont have $_POST variables
when u have a form on another page, and is redirected to a new page, the names of the text fields and such are saved in the $_POST array. u can then extract the values with the extract() function and then ur code would work
so u would have to edit ur code to be
Code: Select all
<?php
extract($_POST);
$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
mysql_query($query);
?>
or u could replace the $first, $last, etc, with $_POST['first'], $_POST['last'], etc
that should fix the problem, good luck

Posted: Mon Mar 08, 2004 8:48 pm
by jdietrick99
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in c:\inetpub\wwwroot\insert.php on line 7
is what i get when i individually replace each variable like you said in your second suggestion. the first one gives me the same result as my original problem....

Posted: Mon Mar 08, 2004 8:50 pm
by Illusionist
lets see your updated code
Posted: Mon Mar 08, 2004 8:58 pm
by jdietrick99
Code: Select all
<?php
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO contacts VALUES ('','$_POSTї'first']','$_POSTї'last']','$_POSTї'phone']','$_POSTї'mobile']','$_POSTї'fax']','$_POSTї'email']','$_POSTї'web']')";
mysql_query($query);
mysql_close();
?>
and i get the same even with:
Code: Select all
<?php
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO contacts VALUES ('',$_POSTї'first'],$_POSTї'last'],$_POSTї'phone'],$_POSTї'mobile'],$_POSTї'fax'],$_POSTї'email'],$_POSTї'web'])";
mysql_query($query);
mysql_close();
?>
note i've changed the line spacing... it now says error on line 5.... so its definetly on the INSERT INTO... line
Posted: Mon Mar 08, 2004 9:03 pm
by Illusionist
its because you have '$_POST['first']', if your gogint o do it that way then you need to escape the second set of ''
'$_POST[''first'']'
Posted: Mon Mar 08, 2004 9:05 pm
by jdietrick99
ok now:
Parse error: parse error, unexpected T_BAD_CHARACTER, expecting T_STRING or T_VARIABLE or T_NUM_STRING in c:\inetpub\wwwroot\insert.php on line 5
Posted: Mon Mar 08, 2004 9:06 pm
by Illusionist
ya my post was wrong... hehe you don't need to excape '
Posted: Mon Mar 08, 2004 9:07 pm
by jdietrick99
no prob... anything else??
Posted: Mon Mar 08, 2004 9:24 pm
by Illusionist
mdid u try teh extract($_POST) way? seems to work the best for me!
Posted: Mon Mar 08, 2004 9:25 pm
by jdietrick99
yeah... no dice... i still get undefined variable errors
is there some parameter in PHP that is interfering with this?? i mean i dont know what im talking about... but i dont know if its necessarily my code thats the problem
Posted: Mon Mar 08, 2004 9:28 pm
by Illusionist
show code. Look at this: it works for me:
file.html:
Code: Select all
<form action="extract.php" method="post">
<input type="text" name="first">
<input type="text" name="last">
<input type="text" name="phone">
<input type="submit" name="submit">
extract.php:
Code: Select all
<?php
if (isset($_POST['submit'])){
extract($_POST);
echo $first . " || " .$last . " || " . $phone;
}
?>
Posted: Mon Mar 08, 2004 10:11 pm
by jdietrick99
after my last response i was unable to reach this site until now... so i didnt get your most recent one until now... but in the meantime i found on a different site under "tips for newbies" that the register_globals parameter in php.ini needs to be on.... so i did and now everything works
the php.ini comments mention having this parameter on as creating a possible security issue:
; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
anyone have an example, just so i can get an idea?
and thanks very much to Illusionist and Deemo for your help!
Posted: Tue Mar 09, 2004 3:13 am
by twigletmac
If you're just learning PHP turn register_globals off and learn to code that way. register_globals is deprecated (won't always be in PHP) and can cause security problems when important variables are overwritten by stuff that users put in the query string of the URL. Mainly though, it is much better practise to use $_POST, $_GET et. al. as they make it very clear where variables are coming from in your script.
The main problem that you had when trying to use $_POST was that you cannot do:
Code: Select all
$my_string = "blah blah $array['foo'] blah";
it doesn't like the single quotes around the array element name, instead (and within a double quoted string is the only time you should do this) you remove the quotes:
Code: Select all
$my_string = "blah blah $array[foo] blah";
or use curly quotes around the variable:
Code: Select all
$my_string = "blah blah {$array['foo']} blah";
or concenate the string:
Code: Select all
$my_string = "blah blah ".$array['foo']." blah";
So in your case:
Code: Select all
$query = "INSERT INTO contacts VALUES ('', '$_POST['first']', '$_POST['last']', '$_POST['phone']', '$_POST['mobile']', '$_POST['fax']', '$_POST['email']', '$_POST['web']')";
could be:
Code: Select all
$query = "INSERT INTO contacts VALUES ('', '{$_POST['first']}', '{$_POST['last']}', '{$_POST['phone']}', '{$_POST['mobile']}', '{$_POST['fax']}', '{$_POST['email']}', '{$_POST['web']}')";
Mac