Page 1 of 1
example php/mysql script not working
Posted: Tue Feb 11, 2003 10:46 pm
by Purdue23
I am a beginner to PHP/MySQL and copied this script from a tutorial, and it does not work. I have tried to modify it but with no luck. The form shows, but when I enter the values and hit submit nothing happens.
Please Help.
Thanks
<html>
<body>
<?php
if ($submit) {
// process form
$db = mysql_connect("localhost", "");
mysql_select_db("employees",$db);
$sql = "INSERT INTO employee (first,last,address,position) VALUES
('$first','$last','$address','$position')";
$result = mysql_query($sql);
echo ("Thank you! Information entered.\n");
} else{
// display form
?>
<form method="post" action="<?php echo($_SERVER['PHP_SELF'])?>">
First name:<input type="Text" name="first"><br>
Last name:<input type="Text" name="last"><br>
Address:<input type="Text" name="address"><br>
Position:<input type="Text" name="position"><br>
<input type="Submit" name="submit" value="Enter information">
</form>
<?php
} // end if
?>
</body>
</html>
Posted: Wed Feb 12, 2003 2:03 am
by DaZZleD
first of all you need to verify that a mysql server is running, that you have a database called employees containing a table called employee(with a structure coresponding to the data types you want to enter), a username and password to connect to the database. once you checked all this, you use the following statement to connect to the database:
$db = mysql_connect("localhost", "username", "password");
to enter the submitted data you need to modify the insert statement:
$sql = "INSERT INTO employee (first,last,address,position) VALUES
('" . $first . "','" . $last . "','" . $address . "','" . $position . "')";
because the way it is now, PHP interprets $first as a string not as a variable name.
Posted: Wed Feb 12, 2003 2:23 am
by twigletmac
And read this:
viewtopic.php?t=511
Mac
Posted: Wed Feb 12, 2003 8:52 am
by volka
sorry, that everyone in any thread you open on this topic is pointing you to this thread.
It has been created to answer that kind of question since so many people encountered the problem. You really should read it.
are handled in newer versions of php.
There's also this short article in the online manual of php
http://www.php.net/manual/en/security.r ... lobals.php
Opening new threads with virtually the same content probably will give you over and over again the same answers, at least it will slow down the help process.
Always remember that this is not a "write-me-this-script"-forum. Only expect hints and explanations that will help you to figure out a working solution.
(* include some text about
learning php instead of receiveing complete scripts here; have to go now

*)
Code: Select all
<html>
<body>
<?php
// using isset() will avoid a warning/notice message
if (isset($_POST['submit'])) // element 'submit' from a POSTed form
{ // maybe/certainly first, last, address, position should be checked, too
// otherwise users might hit the submit-button without entering any data
$dbServer = 'localhost'; // if possible move these variables/values to a another file
$dbUser = ''; // outside your web-directory and include that file
$dbPassword = ''; // so login/password are kept secret even if php is turned off (accidentally)
$dbDBName = 'employees';
// if the script fails to establish a database connection it should handle this situation
// or die(...) is a simple mechanism to abort the execution, mysql_error() will show the error message
// maybe feasable only during the development process
$dbConn= mysql_connect($dbServer, $dbUser, $dbPassword) or die('mysql_connect failed: '. mysql_error());
// same procedure here
mysql_select_db($dbDBName,$dbConn) or die('cannot select database: '.mysql_error());
// first, last, address, position are also POSTed from a form
// so they are elements of the superglobal array $_POST
// They may contain malicious data entered by users
// data that may alter the effect of a query
// always check user-input.
// one way is to 'escape' the special meaning of certain characters
// that may be included in the user data
$first = mysql_escape_string($_POST['first']);
$last = mysql_escape_string($_POST['last']);
$address = mysql_escape_string($_POST['address']);
$position = mysql_escape_string($_POST['position']);
$sql = "INSERT INTO employee (first,last,address,position) VALUES ('$first','$last','$address','$position')";
if (mysql_query($sql, $dbConn))
{
// a linebreak (\n) usually has no effect in html (it has within a <pre>...</pre> block)
echo 'Thank you! Information entered.';
}
else
{
echo 'There has been a problem with the database. Information NOT inserted.';
die($sql.' :'. mysql_error()); // error output for debugging only
}
}
else
{ // display form
// writing the text after the input-box will at least align the boxes
// although it will not win any design-price
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="Text" name="first">: First name<br>
<input type="Text" name="last">: Last name<br>
<input type="Text" name="address">: Address<br>
<input type="Text" name="position">: Position<br>
<input type="Submit" name="submit" value="Enter information">
</form>
<?php
} // end if
?>
</body>
</html>
script completely untested