Page 1 of 1

[SOLVED] DB not receiveing form values

Posted: Tue Feb 22, 2005 12:04 pm
by kutatishh
I'm trying to create a script that will allow a person to enter only 2 fields into a database. I've gotten quite far with writing the PHP script and it is actually working! but the problem is, whenever I run everything (HTML Form which posts to PHP script which sends info to DB), the auto_increment field in my DB is incremented; however, the 2 fields are empty (except 1 whitespace. Below is the script I'm using. If anyone can help, that would be very great. thanks

KK

Code: Select all

<html>
<head>
<title>Insert Info</title>
</head>
<body>

<h1>Insert song and its information</h1>

<form action="insert.php" method="post">
<table border="0">
<tr>
<td>Songname</td>
<td><input type=text name=songname maxlength=50" size="13"><br></td>
</tr>
<tr>
<td>filename (case sensative!)</td>
<td><input type=text name=songurl maxlength="60" size="30"><br></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Add to Database"></td>
</tr>
</table>
</form>

</body>
</html>
insert.php

Code: Select all

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>

<?
$DBhost = "localhost";
$DBuser = "root";
$DBpass = "mypassword";
$DBName = "music";
$table = "songs";
mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");

@mysql_select_db("$DBName") or die("Unable to select
database $DBName");

$sqlquery = "INSERT INTO $table
VALUES('".$id."','".$songname."','".$songurl."')";

$results = mysql_query($sqlquery);

mysql_close();

print "<HTML><TITLE> PHP and MySQL </TITLE><BODY
BGCOLOR="#FFFFFF"><center><table border="0"
width="500"><tr><td>";
print "<p><font face="verdana" size="+0"> <center>You
Just Entered This Information Into the
Database<p><blockquote>";
print "Song : $songname<p>FileName : $songurl</blockquote></td></tr></table>
</center></BODY></HTML>";
?>

</body>
</html>
I also tried this for the insert.php (same error though)

Code: Select all

<html>
<head>
<title>Insert</title>
</head>

<body>
<h1>Entry Results</h1>
<?
$songname = addslashes($songname);
$songurl = addslashes($songurl);

@ $db = mysql_pconnect("localhost", "root", "mypassword");

if (!$db)
&#123;
echo "Error: Could not connect to database. Please try again later.";
exit;
&#125;

mysql_select_db("$music");
$query = "INSERT INTO songs VALUES ('','$songname','$songurl')";
$result = mysql_query($query);
if ($result)
echo mysql_affected_rows()."success!";
?>

</body>
</html>

feyd | please read how to post code here.

Posted: Tue Feb 22, 2005 12:11 pm
by feyd
your code assumes register_globals are on, when they probably aren't..

Thanks

Posted: Tue Feb 22, 2005 4:32 pm
by kutatishh
Hi,

Thanks for you reply. Can you let me know how to turn the registy_globals on, or what I should do if that's not the way to go. Thanks a lot.

Actually

Posted: Tue Feb 22, 2005 4:46 pm
by kutatishh
I figured it's the php.ini file where I would turn the register_globals to On, so I did, but the same thing still happens. And I restarted the server before I retested the form. Any other ideas would be greatly appreciated. Thanks

Posted: Tue Feb 22, 2005 5:59 pm
by feyd
Try displaying the insertion query before you run it. You will probably see that the fields are all blank. This is due to the aforementioned register_globals and initialization.

register_globals should not be on.

You should initialize the variables you need from the posted data.. $id isn't passed. $songname should be initialized with $_POST['songname'] .. and so forth. The variables may need additional processing to "fix" potential insertion problems and injection risks.

Posted: Tue Feb 22, 2005 11:01 pm
by Burrito
if id is an autoincrement field you shouldn't need to put that in your list of fields to be inserted:

Code: Select all

mysql_query("insert into myTable (songname,songwhatever) values ('".$_POST&#1111;'songname']."','"$_POST&#1111;'songwhatever']."')");
Burr

Wohooooo!

Posted: Wed Feb 23, 2005 7:50 am
by kutatishh
Yay, It worked. I did what you said and it worked!!!!! Meaning I initialized the variables just a you indicated, so now I have:

$songname = $_POST['songname'];
$songurl = $_POST['songurl'];

$sqlquery = "INSERT INTO $table
VALUES('".$id."','".$songname."','".$songurl."')";

instead of just having: $sqlquery = "INSERT INTO $table
VALUES('".$id."','".$songname."','".$songurl."')";

Everything is coming in just smoothly, so hopefully I won't have anymore trouble with this. My next step is to have the download page read those values to make the hyperlink (with the $songname) and to list the songs. I'm pretty sure I'll be ok from here. Thanks everyone.

God Bless,
KK