Very Basic PHP question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
johnmiles
Forum Newbie
Posts: 1
Joined: Wed Sep 24, 2008 4:30 pm

Very Basic PHP question

Post by johnmiles »

I was wondering if you guys could help me out

I'm using an html form similar to the one below to insert text and numbers into a mysql database

Code: Select all

<html>
<body>
 
<form action="insert.php" method="post">
First Name: <input type="text" name="first"><br>
Last Name: <input type="text" name="last"><br>
Phone: <input type="text" name="phone"><br>
Mobile: <input type="text" name="mobile"><br>
Fax: <input type="text" name="fax"><br>
E-mail: <input type="text" name="email"><br>
Web: <input type="text" name="web"><br>
<input type="Submit">
</form>
 
 
</body>
</html>
As you can see, the variables are sent to "insert.php" to be entered into the database (as below)

Code: Select all

<?
$username="username";
$password="password";
$database="your_database";
 
$first=$_POST['first'];
$last=$_POST['last'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$fax=$_POST['fax'];
$email=$_POST['email'];
$web=$_POST['web'];
 
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
 
$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
mysql_query($query);
 
mysql_close();
?>
Everything is being inserted properly and everything.

My question is - Entering information into the orginal html form and then clicking submit takes me to the insert.php page, inserts the data into the data base and then leaves the user on the insert.php page.

How can I get it to redirect me back to the original html page (the one with the form) after the php script has inserted the data into the database?
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: Very Basic PHP question

Post by Stryks »

I would recommend that you submit the form to itself. Using your code for example ...

Code: Select all

<?php
 
if($_SERVER['REQUEST_METHOD'] == 'POST') { 
    $username="username";
    $password="password";
    $database="your_database";
     
    $first  = mysql_real_escape_string($_POST['first']);
    $last   = mysql_real_escape_string($_POST['last']);
    $phone  = mysql_real_escape_string($_POST['phone']);
    $mobile = mysql_real_escape_string($_POST['mobile']);
    $fax    = mysql_real_escape_string($_POST['fax']);
    $email  = mysql_real_escape_string($_POST['email']);
    $web    = mysql_real_escape_string($_POST['web']);
 
    mysql_connect('localhost', $username, $password);
    @mysql_select_db($database) or die( "Unable to select database");
     
    $query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
    mysql_query($query);
    
    
    if(mysql_num_rows($result) < 1) $error = 'Database insert failed';     
}
 
?>
 
<html>
<body>
<?php
   if(isset($error)) echo "<pre>$error</pre>";
?> 
<form action="insert.php" method="post">
First Name: <input type="text" name="first"><br>
Last Name: <input type="text" name="last"><br>
Phone: <input type="text" name="phone"><br>
Mobile: <input type="text" name="mobile"><br>
Fax: <input type="text" name="fax"><br>
E-mail: <input type="text" name="email"><br>
Web: <input type="text" name="web"><br>
<input type="Submit">
</form>
 
 
</body>
</html>
Just a brief run through. When you submit a form $_SERVER['REQUEST_METHOD'] will be set to POST, so none of the code will be run until the form is actually submitted. So first view, show the form without the code - after submit, run the code and then view the form. This is especially useful if you do some validation of the input and need to redisplay for form with an error message and the previous data preloaded.

When you pass ANYTHING from the user side into the database, at the very least run it through mysql_real_escape_string() as I have done above.

It's also a good idea to check that data has been written, so I added that as well. I would also add a duplicate entry check, and as I mentioned before, I'd validate those form values (eg. names should be text only, phone numbers should be numerical with the right number of digits) to make sure you're getting what you expect from the user.

Or you could just use header() to redirect back to the form for the second page. But this is my preferred method.

Anyhow ... hope that helps.
Post Reply