passing user input to mysql table

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
monkeymafia
Forum Commoner
Posts: 31
Joined: Mon Oct 08, 2007 3:08 pm

passing user input to mysql table

Post by monkeymafia »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi

im trying to send user inputted data from a html form into a mysql table.
when i press the submit button it does not display any errors but the table is empty. i dont know whats wrong.

heres my php connection code:

Code: Select all

<?php
mysql_connect("localhost", "username", "mypassword") or die(mysql_error());
mysql_select_db("mydbname") or die(mysql_error());
?>
code for form and inserting data to mysql:

Code: Select all

<?php

if (!isset($_POST['submit'])) {
?>
<FORM name="drop_list" action="useraccount.php" method="POST" >


<table width="660" cellpadding="0" cellspacing="0"><tr><td align=left>

<input type="hidden" name="action" value="tickets"><input type="hidden" name="id" value="new">
<table width="660" cellpadding="4" cellspacing="1" bgcolor="#3366CC">
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Username</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="username" type="text" size="50" readonly value="<?php echo $_GET['memberid']?>"</td>
  </tr>
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Subject</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="subject" type="text" size="50"></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Category</strong></td>
    <td bgcolor="#FFFFFF">
    
<SELECT  NAME="category" onChange="SelectSubCat();" >
<Option value="">Category</option>
</SELECT>&nbsp;
<SELECT id="SubCat" NAME="subcat">
<Option value="">SubCat</option>
</SELECT>

	</td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Priority</strong></td>
    <td bgcolor="#FFFFFF"><select name="priority">
      <option value="QUERY" selected>QUERY</option>
      <option value="LOW">LOW</option>

      <option value="MEDIUM">MEDIUM</option>
      <option value="HIGH">HIGH</option>
    </select></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Tel No. </strong></td>
    <td bgcolor="#FFFFFF"><input name="telno" type="text" id="telno" size="20"></td>

  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>E-Mail address</strong></td>
    <td bgcolor="#FFFFFF"><input name="email" type="text" id="email" size="40" value="<?php echo $row['email'] ?>" /></td>
  </tr>
  <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF">
    <br><b>Message</b><br><textarea name="message" cols="100" rows="10" class="message"></textarea><br></td>
      </tr>
      <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF"><b>Attachment</b><br>
    <br><input name="attach" type="file" id="attach"></td>
  </tr>
  <tr>

    <td colspan="2" align="center" bgcolor="#FFFFFF"><input type="submit"  value="Create ticket" name ="submit" onClick="return validate_form()" class="submit2";></td>
  </tr>
</table>
<br><br>
</td></tr></table><br>	</td>
  </tr>
</table>
<br /></td>
              </tr>
            </table></td>
          </tr>

          <tr>
            <td height="13" background="page_bottom.gif"></td>
          </tr>
        </table></td>
      </tr>
    </table>
    </td>
  </tr>

      </table>
  </form>

Code: Select all

<?php
  } else {
          $userid = $_POST['username'];
          $subject = $_POST['subject'];
          $cat = $_POST['category'];
          $subcat = $_POST['subcat'];
          $priority = $_POST['priority'];
          $tel = $_POST['telno'];
          $email = $_POST['email'];
          $message = $_POST['message'];
          
mysql_query("INSERT INTO 'technicalproblems' (fk_memberid2, subject, cat1, cat2, priority, tel, email, message) VALUES ('$userid', '$subject', '$cat', '$subcat', '$priority', $tel', '$email', '$message')");      
  echo "Success! details have been submitted, we will contact you within 24 hours";
  }
  ?>
the drop down menus are done by javascript so i dont know if this makes a difference, but i dont see why it would. any help would be greatly appreciated because im abit baffled. thanks alot in advance


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
markg85
Forum Commoner
Posts: 32
Joined: Sat Dec 03, 2005 6:49 pm

Post by markg85 »

Hey,

First of all.. please make your script secure!! now your just inserting th users data without checking it at all!!

And the error is likely in your sql query.
$tel in the sql query doesn't have a single quote in front of it.
Btw it's better to do the sql query this way:

Code: Select all

"VALUES ('" . $userid . "', '" . $subject . "', '" . $cat . "' .................."
You get the point.
monkeymafia
Forum Commoner
Posts: 31
Joined: Mon Oct 08, 2007 3:08 pm

Post by monkeymafia »

hi

yes thank you that was the problem.

validation was next on the to do list :)

thank you
Post Reply