example php/mysql script not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Purdue23
Forum Newbie
Posts: 7
Joined: Tue Feb 11, 2003 11:51 am

example php/mysql script not working

Post by Purdue23 »

I am a beginner to PHP/MySQL and copied this script from a tutorial, and it does not work. I have tried to modify it but with no luck. The form shows, but when I enter the values and hit submit nothing happens.

Please Help.

Thanks

<html>

<body>



<?php



if ($submit) {

// process form

$db = mysql_connect("localhost", "");

mysql_select_db("employees",$db);

$sql = "INSERT INTO employee (first,last,address,position) VALUES

('$first','$last','$address','$position')";

$result = mysql_query($sql);

echo ("Thank you! Information entered.\n");

} else{



// display form



?>



<form method="post" action="<?php echo($_SERVER['PHP_SELF'])?>">

First name:<input type="Text" name="first"><br>

Last name:<input type="Text" name="last"><br>

Address:<input type="Text" name="address"><br>

Position:<input type="Text" name="position"><br>

<input type="Submit" name="submit" value="Enter information">

</form>



<?php



} // end if



?>



</body>



</html>
User avatar
DaZZleD
Forum Commoner
Posts: 38
Joined: Tue Jan 07, 2003 5:39 am

Post by DaZZleD »

first of all you need to verify that a mysql server is running, that you have a database called employees containing a table called employee(with a structure coresponding to the data types you want to enter), a username and password to connect to the database. once you checked all this, you use the following statement to connect to the database:

$db = mysql_connect("localhost", "username", "password");

to enter the submitted data you need to modify the insert statement:

$sql = "INSERT INTO employee (first,last,address,position) VALUES

('" . $first . "','" . $last . "','" . $address . "','" . $position . "')";

because the way it is now, PHP interprets $first as a string not as a variable name.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

And read this:
viewtopic.php?t=511

Mac
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

twigletmac wrote:And read this:
viewtopic.php?t=511
sorry, that everyone in any thread you open on this topic is pointing you to this thread.
It has been created to answer that kind of question since so many people encountered the problem. You really should read it. are handled in newer versions of php.
There's also this short article in the online manual of php http://www.php.net/manual/en/security.r ... lobals.php

Opening new threads with virtually the same content probably will give you over and over again the same answers, at least it will slow down the help process.
Always remember that this is not a "write-me-this-script"-forum. Only expect hints and explanations that will help you to figure out a working solution.

(* include some text about learning php instead of receiveing complete scripts here; have to go now ;) *)

Code: Select all

<html>
	<body>
<?php
// using isset() will avoid a warning/notice message
if (isset($_POST['submit']))  // element 'submit' from a POSTed form
{	// maybe/certainly first, last, address, position should be checked, too
	// otherwise users might hit the submit-button without entering any data
	
	$dbServer = 'localhost'; // if possible move these variables/values to a another file
	$dbUser = '';		// outside your web-directory and include that file
	$dbPassword = ''; // so login/password are kept secret even if php is turned off (accidentally)
	$dbDBName = 'employees';
	// if the script fails to establish a database connection it should handle this situation
	// or die(...) is a simple mechanism to abort the execution, mysql_error() will show the error message
	// maybe feasable only during the development process
	$dbConn= mysql_connect($dbServer, $dbUser, $dbPassword) or die('mysql_connect failed: '. mysql_error());
	// same procedure here
	mysql_select_db($dbDBName,$dbConn) or die('cannot select database: '.mysql_error());
	
	// first, last, address, position are also POSTed from a form
	// so they are elements of the superglobal array $_POST
	// They may contain malicious data entered by users
	// data that may alter the effect of a query
	// always check user-input.
	// one way is to 'escape' the special meaning of certain characters
	// that may be included in the user data
	$first = mysql_escape_string($_POST['first']);
	$last = mysql_escape_string($_POST['last']);
	$address = mysql_escape_string($_POST['address']);
	$position = mysql_escape_string($_POST['position']);
	
	$sql = "INSERT INTO employee (first,last,address,position) VALUES ('$first','$last','$address','$position')";
	if (mysql_query($sql, $dbConn))
	{
		// a linebreak (\n) usually has no effect in html (it has within a <pre>...</pre> block)
		echo 'Thank you! Information entered.';
	}
	else
	{
		 echo 'There has been a problem with the database. Information NOT inserted.';
		 die($sql.' :'. mysql_error()); // error output for debugging only
	}
}
else
{ // display form
	// writing the text after the input-box will at least align the boxes
	// although it will not win any design-price 
?>
		<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
			<input type="Text" name="first">: First name<br>
			<input type="Text" name="last">: Last name<br>
			<input type="Text" name="address">: Address<br>
			<input type="Text" name="position">: Position<br>
			<input type="Submit" name="submit" value="Enter information">
		</form>
<?php
} // end if
?>
	</body>
</html>
script completely untested
Post Reply