INSERT not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
icepirates
Forum Newbie
Posts: 6
Joined: Mon Aug 18, 2008 11:11 am

INSERT not working

Post by icepirates »

Moved to PHP - Code Forum by moderator.
Hello,

I have an html form that users fill out the following fields: <article-name><article-date><article-description>

Im testing it out and when you submit the form, article-description submits into the data base, and article-name submits into the database, and article-date does as well...However for some reason if I put 2008-10-05 in the text box it submits into the database as 0000-00-00, and the article name isn't submitting at all

Would anyone know why that is happening? Ive included the SQL from the table I have created in PHPMyAdmin, and the php code that does the inserting...thanks

Code: Select all

CREATE TABLE `legion`.`cadet_Testing` (
`id` INT( 4 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`articlename` TEXT NOT NULL ,
`date` DATE NOT NULL ,
`description` VARCHAR( 100 ) NOT NULL
) ENGINE = MYISAM

Code: Select all

 
<?php
$con = mysql_connect("***","***","***") or die('Could not connect: ' . mysql_error());
mysql_select_db("***", $con);
 
$sql="INSERT INTO cadet_Testing (articlename, date, description) VALUES ('".$_POST['articlename']."','".$_POST['date']."','".$_POST['description']."')";
$query = mysql_query($sql,$con) or die('Error: ' . mysql_error());
 
if ($query)
{
  echo "Your Event has been added";mysql_close($con);
}
else
{
  echo "Not added.";
}
?>
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: INSERT not working

Post by califdon »

icepirates wrote:I have an html form that users fill out the following fields: <article-name><article-date><article-description>

Im testing it out and when you submit the form, article-description submits into the data base, and article-name submits into the database, and article-date does as well...However for some reason if I put 2008-10-05 in the text box it submits into the database as 0000-00-00, and the article name isn't submitting at all
I'm not sure which you mean, is it inserting a record or not? Assuming that it is, there are several things I would suggest. First, never embed raw $_POST array data in an SQL string. It's not easy to check what's happening, and you open your script to "sql injection" by hackers. Always do it like this:

Code: Select all

...
if(isset($_POST['articlename']) {
   $articlename = mysql_real_escape_string($_POST['articlename']);
} else {
   $articlename = '';
if(isset($_POST['[color=#008040]articledate[/color]']) {
   $articledate = mysql_real_escape_string($_POST['[color=#008040]articledate[/color]']);
} else {
   &articledate = '';
if(isset($_POST['description']) {
   $description = mysql_real_escape_string($_POST['description']);
} else {
   $description= '';
...
$sql="INSERT INTO cadet_Testing (articlename, date, description) VALUES ('&articlename','&date','&description')";
...
Also, never use reserved words, like "date" for the name of a field in a table or a variable!

With the above approach, you can now echo out the variables $articlename, $articledate, and $description before you try to update the table and you will probably see what is going wrong.
Post Reply