Page 1 of 1

passing user input to mysql table

Posted: Sat Oct 13, 2007 3:48 am
by monkeymafia
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi

im trying to send user inputted data from a html form into a mysql table.
when i press the submit button it does not display any errors but the table is empty. i dont know whats wrong.

heres my php connection code:

Code: Select all

<?php
mysql_connect("localhost", "username", "mypassword") or die(mysql_error());
mysql_select_db("mydbname") or die(mysql_error());
?>
code for form and inserting data to mysql:

Code: Select all

<?php

if (!isset($_POST['submit'])) {
?>
<FORM name="drop_list" action="useraccount.php" method="POST" >


<table width="660" cellpadding="0" cellspacing="0"><tr><td align=left>

<input type="hidden" name="action" value="tickets"><input type="hidden" name="id" value="new">
<table width="660" cellpadding="4" cellspacing="1" bgcolor="#3366CC">
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Username</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="username" type="text" size="50" readonly value="<?php echo $_GET['memberid']?>"</td>
  </tr>
  <tr>
    <td width="20%" bgcolor="#CAE4FF"><strong>Subject</strong></td>
    <td width="80%" bgcolor="#FFFFFF"><input name="subject" type="text" size="50"></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Category</strong></td>
    <td bgcolor="#FFFFFF">
    
<SELECT  NAME="category" onChange="SelectSubCat();" >
<Option value="">Category</option>
</SELECT>&nbsp;
<SELECT id="SubCat" NAME="subcat">
<Option value="">SubCat</option>
</SELECT>

	</td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Priority</strong></td>
    <td bgcolor="#FFFFFF"><select name="priority">
      <option value="QUERY" selected>QUERY</option>
      <option value="LOW">LOW</option>

      <option value="MEDIUM">MEDIUM</option>
      <option value="HIGH">HIGH</option>
    </select></td>
  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>Tel No. </strong></td>
    <td bgcolor="#FFFFFF"><input name="telno" type="text" id="telno" size="20"></td>

  </tr>
  <tr>
    <td bgcolor="#CAE4FF"><strong>E-Mail address</strong></td>
    <td bgcolor="#FFFFFF"><input name="email" type="text" id="email" size="40" value="<?php echo $row['email'] ?>" /></td>
  </tr>
  <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF">
    <br><b>Message</b><br><textarea name="message" cols="100" rows="10" class="message"></textarea><br></td>
      </tr>
      <tr>
    <td colspan="2" align="center" bgcolor="#FFFFFF"><b>Attachment</b><br>
    <br><input name="attach" type="file" id="attach"></td>
  </tr>
  <tr>

    <td colspan="2" align="center" bgcolor="#FFFFFF"><input type="submit"  value="Create ticket" name ="submit" onClick="return validate_form()" class="submit2";></td>
  </tr>
</table>
<br><br>
</td></tr></table><br>	</td>
  </tr>
</table>
<br /></td>
              </tr>
            </table></td>
          </tr>

          <tr>
            <td height="13" background="page_bottom.gif"></td>
          </tr>
        </table></td>
      </tr>
    </table>
    </td>
  </tr>

      </table>
  </form>

Code: Select all

<?php
  } else {
          $userid = $_POST['username'];
          $subject = $_POST['subject'];
          $cat = $_POST['category'];
          $subcat = $_POST['subcat'];
          $priority = $_POST['priority'];
          $tel = $_POST['telno'];
          $email = $_POST['email'];
          $message = $_POST['message'];
          
mysql_query("INSERT INTO 'technicalproblems' (fk_memberid2, subject, cat1, cat2, priority, tel, email, message) VALUES ('$userid', '$subject', '$cat', '$subcat', '$priority', $tel', '$email', '$message')");      
  echo "Success! details have been submitted, we will contact you within 24 hours";
  }
  ?>
the drop down menus are done by javascript so i dont know if this makes a difference, but i dont see why it would. any help would be greatly appreciated because im abit baffled. thanks alot in advance


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Oct 13, 2007 8:27 am
by markg85
Hey,

First of all.. please make your script secure!! now your just inserting th users data without checking it at all!!

And the error is likely in your sql query.
$tel in the sql query doesn't have a single quote in front of it.
Btw it's better to do the sql query this way:

Code: Select all

"VALUES ('" . $userid . "', '" . $subject . "', '" . $cat . "' .................."
You get the point.

Posted: Sat Oct 13, 2007 11:18 am
by monkeymafia
hi

yes thank you that was the problem.

validation was next on the to do list :)

thank you