Page 1 of 1

Inserting info from a form.

Posted: Sun May 22, 2005 10:00 pm
by PHPlearner
This form sometimes functions and sometimes doesn't. It seems to depend on what sort of characters I enter in the 'comments' field; special characters, even punctuation like ',' cause it to fail. However, if I refresh the form and then add a special character to the comments field it will, more often than not, submit successfully. Why does it work sometimes and not others? I guess this is a bit long to expect anyone to read. But nothing is coming to me...

Code: Select all

<FORM method=&quote;post&quote; action=&quote;log_entry.php&quote;>
   Date:<INPUT type=text name='date' maxlength=10 size=10>  
   Day:<INPUT type=text name='day_name' maxlength=9 size=10>  
   Time:<INPUT type=text name='time' maxlength=5 size=10>  
   Class ID:<INPUT type=text name='class_id' maxlenth=2 size=10><BR>
   Attendence:<INPUT type=text name='attendance' maxlength=100 size=30><BR>
   Comments:<BR><TEXTAREA name='comments' rows=10 cols=40></TEXTAREA>
   <INPUT type=hidden name='os' value='ds'>
   <INPUT type=submit value='log it'>
</FORM>

Code: Select all

<?php

   mysql_connect("localhost", "user", "*******") or die("Couldn't connect to server");
   mysql_select_db("blueberries") or die("Couldn't connect to database "blueberries".");

   $os = $_GET[os];
   if(!(isset($os))){
      $os = $_POST[os];
   }

   if($os==ds){
 
      $query = "INSERT INTO log (date, day_name, time, class_id, attendance, comments) VALUES ".
               "('$_POST[date]', '$_POST[day_name]', '$_POST[time]', '$_POST[class_id]', '$_POST[attendance]', '$_POST[comments]')";

      $result = mysql_query($query);
      if($result){
         echo mysql_affected_rows()." rows affected.<BR>";
      } else{
         echo "Something went wrong.<BR>";
      }
   }

   $query2 = "SELECT * FROM log ORDER BY date, time";
   $result2 = mysql_query($query2);
   $num = mysql_numrows($result2);

   $i=0;
   if($num<1){
      echo "There are no entries in the database.";
   } else{
      while($i<$num){
        $date = mysql_result($result2, $i, "date");
	$day_name = mysql_result($result2, $i, "day_name");
	$time = mysql_result($result2, $i, "time");
   	$class_id = mysql_result($result2, $i, "class_id");
      	$attendance = mysql_result($result2, $i, "attendance");
	$comments = mysql_result($result2, $i, "comments");

  	echo "<P>$date, $day_name, $time</P>".
    	     "<P>$class_id Attendance: "$attendance"</P>".
	     "<P>$comments</P>";

	$i++;
      }
   }
   mysql_close();
?>

Posted: Sun May 22, 2005 10:41 pm
by Skara

Code: Select all

$bad = array(",","'","etc...");
$good = array(html entity counterparts);
$inputdata = str_replace($bad,$good,$inputdata);
That's if you don't actually need the special chars later. Of course, you could always just convert them back.

Dunno why it sometimes works and sometimes doesn't, though.

Posted: Sun May 22, 2005 10:42 pm
by Burrito
try using mysql_escape_string() around your post vars...

Posted: Sun May 22, 2005 11:22 pm
by PHPlearner
Burrito wrote:try using mysql_escape_string() around your post vars...
Thanks a lot burrito! That worked things out quite nicely. However, it still doesn't answer my second question: Why does my original script occasionally work? When I refresh my page are some of the values being stored somewhere, and thereby 'helping' the script to work better the second time through? That doesn't make any sense as an explanation now that I'm looking at it, but it's got me really befuddled.

Anyway, thanks again for the tip!

Posted: Mon May 23, 2005 12:05 am
by Burrito
I dunno why it would work sometimes and not others.

you should try showing the sql errors to see why it was dying in the first place...that might give you a better clue as to what was making it bomb:

Code: Select all

mysql_query("yourquery")
  or die(mysql_error());
see what that shows you, seems weird though that it would work on a page refresh w/o changing anything...very weird indeed.