User input into MySQL
Moderator: General Moderators
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
User input into MySQL
I have an order form that I need to have placed into a MySQL DB, I have only used MySQL a few times and I have never coded my own app using it So this will be my first, I attemped it and was very Amzaed by the amount of errors I had created so I scraped it and am hoping you guys can point me in the right direction..
The order Form is contained all in one page, It has the basics like Name Address Email ect, Also has hosting plan information and Credit card info I also need to know how to transfer the card numbers in MD5?
Any help would be great.. Thank you..
The order Form is contained all in one page, It has the basics like Name Address Email ect, Also has hosting plan information and Credit card info I also need to know how to transfer the card numbers in MD5?
Any help would be great.. Thank you..
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
I use a templet system and this file is just included into the templets when called.. So this is all there is to the order page, The config.inc is blank I was using it when I tryed to get this completed..
Last edited by seeker2921 on Mon Nov 24, 2003 2:16 am, edited 1 time in total.
wow... that was a lot more then i guess i needed, but that's ok, i think i can help you get started though.
when you want to call variables from forms, you are passing to PHP a post statement ( as you can see in your first form statement ).
In php, obtaining the values is very easy by using the $_POST['some_value'];
for example, you have the input box :
<input size="40" name="First-Name">
in order to grab this from php, all you would have to do is something like this :
a much better approach, though, would be
that way, you can just call $fname instead of that long $_POST statement when you are gonna insert or query a mysql table.
since now we understand how to call the variables, the next thing we need to do is create a mysql database and a table that is gonna hold these values.
this is provided to you in your MySQL manual that you recived when you installed MySQL. Just go into your MySQL diretory, and you'll see a DOC directory. Within it, you will see manual.htm .
scroll down to section 3.1 and it will go through how to get into mysql #1, and then it shows you how to create databases and tables.
After creating this database, you will need to use methods of connecting to MySQL with php.
this is available here : [php_man]MySQL[/php_man]
it's gonna take a little patience and research on these, but overall it should only take a few hours of research and implimenting your ideas into your code.
hope that helps. if you get stuck during this, post what you have done so far with php, and we'll help you correct your problems the best we can. enjoy.
when you want to call variables from forms, you are passing to PHP a post statement ( as you can see in your first form statement ).
In php, obtaining the values is very easy by using the $_POST['some_value'];
for example, you have the input box :
<input size="40" name="First-Name">
in order to grab this from php, all you would have to do is something like this :
Code: Select all
<?php
$_POST['First-Name'];
?>Code: Select all
<?php
$fname = $_POST['First-Name'];
?>since now we understand how to call the variables, the next thing we need to do is create a mysql database and a table that is gonna hold these values.
this is provided to you in your MySQL manual that you recived when you installed MySQL. Just go into your MySQL diretory, and you'll see a DOC directory. Within it, you will see manual.htm .
scroll down to section 3.1 and it will go through how to get into mysql #1, and then it shows you how to create databases and tables.
After creating this database, you will need to use methods of connecting to MySQL with php.
this is available here : [php_man]MySQL[/php_man]
it's gonna take a little patience and research on these, but overall it should only take a few hours of research and implimenting your ideas into your code.
hope that helps. if you get stuck during this, post what you have done so far with php, and we'll help you correct your problems the best we can. enjoy.
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
I'm stuck..
I have my db created and I added a table (orders) and I added fields to the table and In my php I can connect to the db without any problems but when I submit and then go check to see if the info is in the databse nothing is there..
the MySQL connection code
I only am trying to get the first and last names in right now just to see if it works..
I have my db created and I added a table (orders) and I added fields to the table and In my php I can connect to the db without any problems but when I submit and then go check to see if the info is in the databse nothing is there..
the MySQL connection code
Code: Select all
<?
$db_host = 'localhost';
$db_usr = 'alienweb_alienwe';
$db_pass = '******';
$db_name = 'alienweb_order';
//Mysql Conntect.. hopefully??
$conn = mysql_connect("$db_host", "$db_usr", "$db_pass", "$db_name")
or die("Could not connect: " . mysql_error());
mysql_query("INSERT INTO mytable (fname) values ('$fname')");
mysql_query("INSERT INTO mytable (lname) values ('$lname')");
?>you just had a few problems with the code. try this instead :
edit : this should be in the database forum anyways. sending there.
Code: Select all
<?php
$db_host = 'localhost';
$db_usr = 'alienweb_alienwe';
$db_pass = '******';
$db_name = 'alienweb_order';
//Mysql Conntect.. hopefully??
// this line does not need " marks since you are passing a variable..
$conn = mysql_connect($db_host, $db_usr, $db_pass, $db_name)
or die("Could not connect: " . mysql_error());
// need to escape out of the query in order to insert the variables correctly.
//compare what i did to your code and you'll see.
mysql_query("INSERT INTO mytable (fname, lname) values ('".$fname."', '".$lname."'");
?>edit : this should be in the database forum anyways. sending there.
Last edited by infolock on Mon Nov 24, 2003 12:59 am, edited 1 time in total.
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
Okay, Well I tried the new code but I am still having problems So this is what I did..
I added this line below to mysql_query()
print('Thank you $fname $lname for choosing Alien Web Netwroks!');
Just to see if the I had set my var's correctly and the name transfered over like it was supposed to.. But I still can't get it to go into the database??
I added this line below to mysql_query()
print('Thank you $fname $lname for choosing Alien Web Netwroks!');
Just to see if the I had set my var's correctly and the name transfered over like it was supposed to.. But I still can't get it to go into the database??
Re: User input into MySQL
My jaw hit the floor when you mentioned you are dealing with credit card info... I fell off my chair when you went on to post code on a public forum..seeker2921 wrote:I have an order form that I need to have placed into a MySQL DB, I have only used MySQL a few times and I have never coded my own app using it ... The order Form is contained all in one page, It has the basics like Name Address Email ect, Also has hosting plan information and Credit card info...
If you don't have a thorough knowledge of related security issues you really should not attempt this project. It could be a fatal blow for the business for which you are working and for your own reputation as a programmer if you create an insecure program which later on gets hacked.
I've used dansie cart in the past before I got into php - only costs about $150 if I remember rightly. Use that (or something similar) instead.
Sorry, but it's got to be said. You can't fool around with other people's money. I hope you do go on to learn more about php and mysql though.
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
lol, thank you.. I do understand where you are coming from but this is just a porject I have other means of collecting my orders as of right now I am just trying to do this, It doubt it will be used anytime soon.. I know I'm no where good enough to make a secure order from right now but I'm trying to learn how.. I have alot of stuff I need to make using securestuff so this is just a start..
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
in place of this :
try this and see if it gives you an error :
edit : because from what i can tell, your setup is fine... also, try this :
in place of :
put this :
other then that, i have no idea. because if it's not erroring out on you, then you are connecting fine, and there is no reason why you can't update to it...
Code: Select all
<?php
$conn = mysql_connect($db_host, $db_usr, $db_pass, $db_name)
or die("Could not connect: " . mysql_error());
?>Code: Select all
<?php
$conn = mysql_connect($db_host, $db_usr, $db_pass) or die("Could not connect: " . mysql_error());
mysql_select_db($db_name) or die(mysql_error());
?>in place of :
Code: Select all
<?php
mysql_query("INSERT INTO mytable (fname, lname) values ('".$fname."', '".$lname."'");
?>Code: Select all
<?php
mysql_query("INSERT INTO mytable (fname, lname) values ('".$fname."', '".$lname."'") or die('Could not query database due to '.mysql_error());
?>other then that, i have no idea. because if it's not erroring out on you, then you are connecting fine, and there is no reason why you can't update to it...
-
seeker2921
- Forum Contributor
- Posts: 120
- Joined: Sat Mar 22, 2003 7:10 pm
- Location: Wiesbaden Germany
- Contact:
At first it didn't work but then I went over the code again and saw then when I copyed and pasted the code you posted you forgot a ) so I did that and it updated the two var's to my database with no errors so then I added the rest of my var's and it didn't work, heres the new line
Code: Select all
<?php
mysql_query("INSERT INTO orders (fname,lname,email,company,address,address_cont,city,state,zip,country,phone,fax,
domain,usr,pass,plan,type,dns,thwate,geotrust,dns,jvm,tomcat,comments,refered,
refered_other,ccfname,cclname,ccnum,ccex,cccode,cctype) values ('".$fname."',
'".$lname."','".$email."','".$address."','".$address_cont."','".$city."','".$state."','".$zip."','
".$country."','".$phone."','".$fax."','".$domain."','".$usr."','".$pass."','".$plan."','".$type."','".$dns."','".$thwate."','".$geotrust."','".$jvm."','".$tomcat."','".$comments."',
'".$refered."','".$refered_other."','".$ccfname."','".$cclname."','".$ccnum."','".$ccex."',
'".$cccode."','".$cctype."')");
?>yeah, but you forgot to keep the error control in it
you know, the or die(mysql_error())
add that to the end of your query ( i deleted that mysql list. was stupid of me to even consider posting that )
EDIT : BTW, did you assign the rest of your $_POST's to variables that you are trying to insert into this table? ( like you did with name )
you know, the or die(mysql_error())
add that to the end of your query ( i deleted that mysql list. was stupid of me to even consider posting that )
EDIT : BTW, did you assign the rest of your $_POST's to variables that you are trying to insert into this table? ( like you did with name )