form will not post to mysql

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kristie380
Forum Commoner
Posts: 36
Joined: Sun Oct 09, 2005 10:51 pm

form will not post to mysql

Post by kristie380 »

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


HELP!  I have been working on this all day and cannot figure it out!  I am trying to get my PHP code to sen the form data that a user inputs to MYSQL database.  I am using phpmyadmin and mysql through yahoo web hosting.  When I try to fill out the form with user info and press submit, my php processing file (create_profile.php) will only post the code and not the actual info I entered into the form.  

Here is a link to the form that I am trying to get to work: http://www.naamanforestalumni.com

Here is my form code ----signup.htm-----:

Code: Select all

<body text="#008000" topmargin="0">


<h1><font size="4" color="#008000">Create My Profile</font></h1>
<p><b><font color="#008000">To add your profile to the NFHS Alumni Network, 
please fill out and submit the form below.&nbsp; <br>
Please be sure to fill out all of the required fields, which are specified in 
orange.</font></b></p>
<hr color="#008000" size="1" width="65%" align="left">
<form method="POST" action="create_profile.php" onsubmit="return FrontPage_Form1_Validator(this)" language="JavaScript" name="FrontPage_Form1">
	<table border="0" width="1045" height="377">
		<tr>
			<td height="42" width="238"><font color="#FF6600">First Name:</font><br>
			&nbsp;<!--webbot bot="Validation" B-Value-Required="TRUE" --><input type="text" name="firstname" size="20"></td>
			<td height="42" width="193" valign="top"><font color="#FF6600">Last 
			Name (in high school):</font><br>
			&nbsp;<!--webbot bot="Validation" b-value-required="TRUE" --><input type="text" name="lastname" size="20"></td>
			<td height="42" width="600" valign="top">New Last Name (if 
			applicable):<br>
			<input type="text" name="maidenname" size="20"></td>
		</tr>
		<tr>
			<td height="20" width="238" valign="top"><font color="#FF6600">
			Graduation Year:</font><br>
			&nbsp;<!--webbot bot="Validation" b-value-required="TRUE" --><select size="1" name="gradyear">
			<option selected>Class of...</option>
			<option>1992</option>
			<option>1993</option>
			<option>1994</option>
			<option>1995</option>
			<option>1996</option>
			<option>1997</option>
			<option>1998</option>
			<option>1999</option>
			<option>2000</option>
			<option>2001</option>
			<option>2002</option>
			<option>2003</option>
			<option>2004</option>
			<option>2005</option>
			</select></td>
			<td height="20" width="193" valign="top">E-mail address:<font color="#FF6600"><br>
			<input type="text" name="email" size="20"></font></td>
			<td height="20" width="600" valign="top">Home Page (URL):<br>
			<input type="text" name="url" size="20"></td>
		</tr>
		<tr>
			<td height="219" width="1031" colspan="3" valign="top"><br>
			Tell the world what you have been up to since graduation (no novels 
			please):<br>
			<textarea rows="10" name="update" cols="85"></textarea></td>
		</tr>
		<tr>
			<td height="60" width="238" valign="top"><font color="#FF6600">Make 
			up a username:</font><br>
			<font size="2">(up to 10 letters and numbers only)<br>
			</font>
			&nbsp;<!--webbot bot="Validation" b-value-required="TRUE" i-maximum-length="10" --><input type="text" size="25" maxlength="10" name="username"></td>
			<td height="60" width="193" valign="top"><font color="#FF6600">Make 
			up a password:<br>
			</font><font size="2">(must be at least 6 characters)<br>
			</font>
			&nbsp;<!--webbot bot="Validation" b-value-required="TRUE" i-minimum-length="6" i-maximum-length="12" --><input type="password" size="25" maxlength="12" name="password"></td>
			<td height="60" width="600" valign="top">&nbsp;</td>
		</tr>
		<tr>
			<td height="60" width="1031" valign="top" colspan="3">
			<font color="#FF6600">Enter a secret question:</font><BR>This secret question (up to 50 characters) will allow you to obtain your password if you forget it.  
			<br>
			Please be sure it is a unique question, but one that you will remember the EXACT answer to.<FONT face="arial" style="font-size:12" color="#cccccc"><BR></FONT>
<INPUT type="text" name="secretquestion" size="25">
   </td>
		</tr>
		<tr>
			<td height="60" width="1031" valign="top" colspan="3">
			<font color="#FF6600">Answer to your secret question:</font><BR>Please make sure you pick a logical, easy to remember answer.  
			<br>
			If you forget your password, and wish to recover it, you will be required to match your EXACT secret answer in our database.<BR>
<input type="text" name="answer" size="25"><BR></td>
		</tr>
	</table>
	<h2><input type="submit" value="Submit" name="Submit">
                 <input type="reset" value="Clear Form" name="Clear"></h2>
</form>

</body>

</html>
create_profile.php

Code: Select all

<?php
$conn = mysql_connect("mysql", "username", "password");
mysql_select_db("alumni", $conn);


$sql = 'INSERT INTO `signup` VALUES (
\'\', 
\'$_Post[firstname]\', 
\'$_Post[lastname]\', 
\'$_Post[maidenname]\', 
\'$_Post[gradyear]\', 
\'$_Post[email]\', 
\'$_Post[url]\', 
\'$_Post[update]\', 
\'$_Post[username]\', 
\'$_Post[password]\', 
\'$_Post[secretquestion]\', 
\'$_Post[answer]\'
)';  

if (mysql_query($sql, $conn)) {
echo "record added!";
} else {
echo "something went wrong";
}

?>

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

  1. $_POST not $_Post
  2. in single quote strings php variables are not parsed, use a double quote string (in your php code)
  3. Using submitted information without filtering/sanitization is extremely dangerous, and as such you have extremely high chances to get SQL injection attacks. For more information on SQL injection, search for it.. there have been many discussions on the topic
kristie380
Forum Commoner
Posts: 36
Joined: Sun Oct 09, 2005 10:51 pm

Thanks!

Post by kristie380 »

It worked! You make it sound so simple!
Post Reply