Page 1 of 1

PHP - adding records into MySQL from an HTML form

Posted: Wed Aug 04, 2004 8:00 am
by KrazyKoder
Hey all, I have a big problem. This page just went live yesterday and I'm loosing valuable information on every entry.

I have a survey form, with radio button answers as well as comment fields. When the user clicks submit, they get a confirmation page (which is the same page reloaded) and they see all their answers. If they are sure they are satisfied, they submit again. At this point the info gets added to the database. For some reason I am loosing something at the confirmation page, because everything works if I bypass it.

The problem is everything happens smoothly but in the database, the comment fields get cut off when there is a quotation mark (" ").

Is there a reason why I am loosing this (only when I use the confirmation page)? I use POST to send the info to the next page, ans it all shows up fine in the confirmation page, but not in the next page (database entry).

help!
KrazyKoder.

Posted: Wed Aug 04, 2004 8:02 am
by feyd
post your code

Posted: Wed Aug 04, 2004 8:06 am
by KrazyKoder

Code: Select all

<html>
<head>
<title>ORBIS Survey</title>
<link REL="stylesheet" HREF="http://www.uottawa.ca/library/styles/bibnetstyle.css">
</head>
<body>

<h2><font color="green"><div align="center">Library Catalogue (ORBIS) Survey</div></font></h2>
<br>

<?php

if($stage == 1)
{
	//stage 1, display the survey form for the user to full in.
	?>
	<table width = "90%" cellpadding ="10" cellspacing ="0" border="0" align="center">
	<tr><td>
	The purpose of this survey is to update the look of the library catalogue, add functionality and enhance accessibility.
	</td></tr><tr><td>
	Please take a few minutes to tell us what improvements you would like to see in a revamped library catalogue.
	</td></tr></table>
	
	<form method="POST" action="survey-e.php?stage=2">
	<table width = "90%" cellpadding ="10" cellspacing ="0" border="0" align="center">
	<tr><td colspan="3"><b>What should we do to make searching the catalogue easier for you?</b></td></tr>
	</table><table width = "80%" cellpadding ="10" cellspacing ="0" border="0" align="center">
	<tr><td colspan="3"><b>1. Include full descriptions in place of acronyms?</b> E.g. Morisset vs MRT in location limits.</td></tr>
	
	<tr><td width="25%"><input TYPE="radio" NAME="q1a" VALUE="Y" ID="q1a1"><label for="q1a1">Yes</label></td>
	<td width="25%"><input TYPE="radio" NAME="q1a" VALUE="N" ID="q1a2"><label for="q1a2">No</label></td>
	<td width="50%"><input TYPE="radio" NAME="q1a" VALUE="U" ID="q1a3" CHECKED><label for="q1a3">Undecided</label></td></tr>
	<tr><td colspan="3"><TEXTAREA name="q1com" cols="60" rows="4">Comments:</TEXTAREA></td></tr>

.
.
.
and so on (form)
.
.
.


	</table>
	</form>
	<?php
}

if ($stage == 2)
{		
	//stage 2, user confirmation.  All the field information has to be passed on to the next stage using hidden inputs.
	echo "<form method="POST" action="survey-e.php?stage=3">";
	echo "<input type="hidden" name="q1a" value="$_POST[q1a]">";
	echo "<input type="hidden" name="q2a" value="$_POST[q2a]">";
	echo "<input type="hidden" name="q3a" value="$_POST[q3a]">";
	echo "<input type="hidden" name="q4a" value="$_POST[q4a]">";
	echo "<input type="hidden" name="q5a" value="$_POST[q5a]">";
	echo "<input type="hidden" name="q6a" value="$_POST[q6a]">";
	echo "<input type="hidden" name="q7a" value="$_POST[q7a]">";
	echo "<input type="hidden" name="q8a" value="$_POST[q8a]">";
	echo "<input type="hidden" name="q9a" value="$_POST[q9a]">";
	echo "<input type="hidden" name="q10a" value="$_POST[q10a]">";
	echo "<input type="hidden" name="q11a" value="$_POST[q11a]">";
	echo "<input type="hidden" name="q12a" value="$_POST[q12a]">";
	echo "<input type="hidden" name="q1com" value="$_POST[q1com]">";
	echo "<input type="hidden" name="q2com" value="$_POST[q2com]">";
	echo "<input type="hidden" name="q3com" value="$_POST[q3com]">";
	echo "<input type="hidden" name="q4com" value="$_POST[q4com]">";
	echo "<input type="hidden" name="q5com" value="$_POST[q5com]">";
	echo "<input type="hidden" name="q6com" value="$_POST[q6com]">";
	echo "<input type="hidden" name="q7com" value="$_POST[q7com]">";
	echo "<input type="hidden" name="q8com" value="$_POST[q8com]">";
	echo "<input type="hidden" name="q9com" value="$_POST[q9com]">";
	echo "<input type="hidden" name="q10com" value="$_POST[q10com]">";
	echo "<input type="hidden" name="q11com" value="$_POST[q11com]">";
	echo "<input type="hidden" name="q12com" value="$_POST[q12com]">";
	echo "<input type="hidden" name="url1" value="$_POST[url1]">";
	echo "<input type="hidden" name="url2" value="$_POST[url2]">";
	echo "<input type="hidden" name="url3" value="$_POST[url3]">";
	echo "<input type="hidden" name="url1desc" value="$_POST[url1desc]">";
	echo "<input type="hidden" name="url2desc" value="$_POST[url2desc]">";
	echo "<input type="hidden" name="url3desc" value="$_POST[url3desc]">";	
	
	//display the user's survey answers in a table.
	$display .="<table width = "90%" cellpadding ="10" cellspacing ="0" border="3" align="center">";
	$display .="<tr><td colspan=3 bgcolor="#CCCCCC"><b>Please confirm survey information</b></td>";
			
	$display .="<tr><td width="15%" align="right" bgcolor="#EEE8EA">Q1:</td>";
	$display .="<td width="10%" bgcolor="#EEE8EA">$q1a</td>";
	$display .="<td bgcolor="#EEE8EA">$q1com</td></tr>";
	$display .="<tr><td align="right" bgcolor="#EEE8EA">Q2:</td>";
	$display .="<td bgcolor="#EEE8EA">$q2a</td>";
	$display .="<td bgcolor="#EEE8EA">$q2com</td></tr>";

.
.
.
and so on
.
.
.

$display .="</table>";
	
	echo "$display";
	
	//if the user is satisfied, the information is sent to stage 3.
	echo "<br><table width = "90%" cellpadding ="10" cellspacing ="0" border="0" align="center">";
	echo "<tr><td><input type="submit" value="YES, I am satisfied with this information!"></td></tr>";
	
	
	echo "</form>";	
}

if ($stage == 3)
{
	//stage 3, the data is inserted into the database.

	//connect to the database
	$connect = mysql_connect("localhost", "username", "password");
	$select = mysql_select_db("xbx", $connect);
	
	//check to avoid duplicate entry when a user presses the refresh button on this page.
    $check = mysql_query("SELECT * FROM survey WHERE IP = '$_SERVER[REMOTE_ADDR]' AND q1a = '$q1a' AND q2a = '$q2a' AND q3a = '$q3a' AND q4a = '$q4a' AND q5a = '$q5a' AND q6a = '$q6a' AND q7a = '$q7a' AND q8a = '$q8a' AND q9a = '$q9a' AND q10a = '$q10a' AND q11a = '$q11a' AND q12a = '$q12a'");
    if(mysql_num_rows($check) == 0)
    {	
		//SQL INSERT statement
		$sql = "INSERT INTO survey (q1a, q2a, q3a, q4a, q5a, q6a, q7a, q8a, q9a, q10a, q11a, q12a,
				q1com, q2com, q3com, q4com, q5com, q6com, q7com, q8com, q9com, q10com, q11com, q12com,
				language, IP, url1, url2, url3, url1desc, url2desc, url3desc) VALUES
				('$q1a', '$q2a', '$q3a', '$q4a', '$q5a', '$q6a', '$q7a', '$q8a', '$q9a', '$q10a', '$q11a',
				'$q12a', '$q1com', '$q2com', '$q3com', '$q4com', '$q5com', '$q6com', '$q7com', '$q8com',
				'$q9com', '$q10com', '$q11com', '$q12com', 'E', '$_SERVER[REMOTE_ADDR]', '$url1', '$url2', '$url3',
				'$url1desc', '$url2desc', '$url3desc')";
		
		//DEBUG info
		//echo "$sql<br>";

		$result = mysql_query($sql, $connect) or die($sql.mysql_error());
		//echo "$result<br>";  //DEBUG
           
		//thank you message and link to library website
        echo "</table><table width = "90%" cellpadding ="10" cellspacing ="0" border="0" align="center">
				<tr><td colspan=3>Thank you for taking the time to complete this survey.
				<br><br>
				<a href="http://www.biblio.uottawa.ca/index-e.php"><b>Return to Library website</b></a></td></tr></table>";
	}
    else
    {
		//accidental refresh
      	echo("<strong>You have accidentally reloaded this page.
			 <br>
             Go back to <a href="http://www.biblio.uottawa.ca/index-e.php"><b>Library Web site</b></a>.");
    }
}
?>

</body>
</html>

Posted: Wed Aug 04, 2004 8:13 am
by hawleyjr
Wow, you kind of went the long way at programming this. Take a look at [php_man]session[/php_man] variables, it will help you tremendously.


This isn't your real username and password is it?

Code: Select all

<?php
$connect = mysql_connect("localhost", "********", "**********"); 
?>


feyd | stripped username/password

Posted: Wed Aug 04, 2004 8:21 am
by KrazyKoder
Thank you....and yes, oops.

Im working a co-op term (4 months) and am new at PHP....I havent had time to read a book ;)

KrazyKoder.

Posted: Wed Aug 04, 2004 8:23 am
by feyd
you might want to think about switching usernames and passwords now.. :oops:

Posted: Wed Aug 04, 2004 2:38 pm
by xjake88x
KrazyKoder wrote:Thank you....and yes, oops.

Im working a co-op term (4 months) and am new at PHP....I havent had time to read a book ;)

KrazyKoder.
:-D.. I'm like the same.. I usually don't read books, I read mass tutorials and php.net.. And when I get stuck, I post here :). And of course I try to help people here..

Posted: Wed Aug 04, 2004 2:49 pm
by nigma
heh, I made the same mistake when I first came to the forum. Posted not only my entire php.ini file with the mysql user/pass/host settings, but some other sensitive stuff.