html interface

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
seriousdamage
Forum Commoner
Posts: 30
Joined: Sat Nov 27, 2004 10:18 am

html interface

Post by seriousdamage »

Hi,
I have the below code which I will use to add a record into a database.
Could someone help me to create an html interface where I have a field to add the record and a submit button to process the form?

Code: Select all

<?PHP

$user_name = "root";
$password = "";
$database = "addressbook";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found) {

$SQL = "INSERT INTO tb_address_book (First_Name, Surname, Address) VALUES ('bill', 'gates', 'Microsoft')";
$result = mysql_query($SQL);

mysql_close($db_handle);

print "Records added to the database";
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}

?>
User avatar
Inkyskin
Forum Contributor
Posts: 282
Joined: Mon Nov 19, 2007 10:15 am
Location: UK

Post by Inkyskin »

This is assuming the name fields are varchar and the address field takes longtext or similar:

Code: Select all

<?PHP

if(isset($_POST[action]) && $_POST[action] == 'Submit'){

  $user_name = "root";
  $password = "";
  $database = "addressbook";
  $server = "127.0.0.1";
  $db_handle = mysql_connect($server, $user_name, $password);
  $db_found = mysql_select_db($database, $db_handle);

  if ($db_found) {

  $SQL = "INSERT INTO tb_address_book (First_Name, Surname, Address) VALUES ('".$_POST[first_name]."', '".$_POST[last_name]."', '".$_POST[address]."')";
  $result = mysql_query($SQL);

  mysql_close($db_handle);

  print "Records added to the database";
  }
  else {
  print "Database NOT Found ";
  mysql_close($db_handle);
  }

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>My Form</title>
</head>

<body>

<form name="address" action="" method="post">

  <input type="text" name="first_name" />
  <input type="text" name="last_name" />
  <textarea name="address"></textarea>
  <input type="submit" name="action" value="Submit">

</form>

</body>
</html>
That should work, its a form in it's most basic form.
User avatar
webspider
Forum Commoner
Posts: 52
Joined: Sat Oct 27, 2007 3:29 am

Post by webspider »

Inkyskin wrote: <form name="address" action="" method="post">
in action attribute of form tag we are supposed to give a file name that will process the form. In this case

Code: Select all

<form name="address" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
if no file name is given in action attributes it takes the current file for processing the form. So is there any difference using blank or $_SERVER['PHP_SELF'] ?
User avatar
Inkyskin
Forum Contributor
Posts: 282
Joined: Mon Nov 19, 2007 10:15 am
Location: UK

Post by Inkyskin »

Im not sure if there is a right way or not, but both ways would validate.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Never ever ever use PHP_SELF. It contains user input and can therefore also contain XSS. You can often use alternate actions like "#" instead with the same outcome and no XSS possibilities.
seriousdamage
Forum Commoner
Posts: 30
Joined: Sat Nov 27, 2004 10:18 am

Post by seriousdamage »

Hi, I think I went way over my head in posting the above message,
it is already getting way to complicated for me.

I have posted a new message with different subject,
I really think I should start from the beginning with this :-)

Thanks a lot all for your help.

Regards
Nic
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Not

Code: Select all

$_POST[first_name]
but

Code: Select all

$_POST['first_name']
and actually in this case

Code: Select all

mysql_real_escape_string($_POST['first_name'])
Post Reply