Inserting info from a form.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PHPlearner
Forum Newbie
Posts: 2
Joined: Sun May 22, 2005 9:47 pm

Inserting info from a form.

Post by PHPlearner »

This form sometimes functions and sometimes doesn't. It seems to depend on what sort of characters I enter in the 'comments' field; special characters, even punctuation like ',' cause it to fail. However, if I refresh the form and then add a special character to the comments field it will, more often than not, submit successfully. Why does it work sometimes and not others? I guess this is a bit long to expect anyone to read. But nothing is coming to me...

Code: Select all

<FORM method=&quote;post&quote; action=&quote;log_entry.php&quote;>
   Date:<INPUT type=text name='date' maxlength=10 size=10>  
   Day:<INPUT type=text name='day_name' maxlength=9 size=10>  
   Time:<INPUT type=text name='time' maxlength=5 size=10>  
   Class ID:<INPUT type=text name='class_id' maxlenth=2 size=10><BR>
   Attendence:<INPUT type=text name='attendance' maxlength=100 size=30><BR>
   Comments:<BR><TEXTAREA name='comments' rows=10 cols=40></TEXTAREA>
   <INPUT type=hidden name='os' value='ds'>
   <INPUT type=submit value='log it'>
</FORM>

Code: Select all

<?php

   mysql_connect("localhost", "user", "*******") or die("Couldn't connect to server");
   mysql_select_db("blueberries") or die("Couldn't connect to database "blueberries".");

   $os = $_GET[os];
   if(!(isset($os))){
      $os = $_POST[os];
   }

   if($os==ds){
 
      $query = "INSERT INTO log (date, day_name, time, class_id, attendance, comments) VALUES ".
               "('$_POST[date]', '$_POST[day_name]', '$_POST[time]', '$_POST[class_id]', '$_POST[attendance]', '$_POST[comments]')";

      $result = mysql_query($query);
      if($result){
         echo mysql_affected_rows()." rows affected.<BR>";
      } else{
         echo "Something went wrong.<BR>";
      }
   }

   $query2 = "SELECT * FROM log ORDER BY date, time";
   $result2 = mysql_query($query2);
   $num = mysql_numrows($result2);

   $i=0;
   if($num<1){
      echo "There are no entries in the database.";
   } else{
      while($i<$num){
        $date = mysql_result($result2, $i, "date");
	$day_name = mysql_result($result2, $i, "day_name");
	$time = mysql_result($result2, $i, "time");
   	$class_id = mysql_result($result2, $i, "class_id");
      	$attendance = mysql_result($result2, $i, "attendance");
	$comments = mysql_result($result2, $i, "comments");

  	echo "<P>$date, $day_name, $time</P>".
    	     "<P>$class_id Attendance: "$attendance"</P>".
	     "<P>$comments</P>";

	$i++;
      }
   }
   mysql_close();
?>
User avatar
Skara
Forum Regular
Posts: 703
Joined: Sat Mar 12, 2005 7:13 pm
Location: US

Post by Skara »

Code: Select all

$bad = array(",","'","etc...");
$good = array(html entity counterparts);
$inputdata = str_replace($bad,$good,$inputdata);
That's if you don't actually need the special chars later. Of course, you could always just convert them back.

Dunno why it sometimes works and sometimes doesn't, though.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

try using mysql_escape_string() around your post vars...
PHPlearner
Forum Newbie
Posts: 2
Joined: Sun May 22, 2005 9:47 pm

Post by PHPlearner »

Burrito wrote:try using mysql_escape_string() around your post vars...
Thanks a lot burrito! That worked things out quite nicely. However, it still doesn't answer my second question: Why does my original script occasionally work? When I refresh my page are some of the values being stored somewhere, and thereby 'helping' the script to work better the second time through? That doesn't make any sense as an explanation now that I'm looking at it, but it's got me really befuddled.

Anyway, thanks again for the tip!
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

I dunno why it would work sometimes and not others.

you should try showing the sql errors to see why it was dying in the first place...that might give you a better clue as to what was making it bomb:

Code: Select all

mysql_query("yourquery")
  or die(mysql_error());
see what that shows you, seems weird though that it would work on a page refresh w/o changing anything...very weird indeed.
Post Reply