Page 1 of 2
User input into MySQL
Posted: Sun Nov 23, 2003 6:12 pm
by seeker2921
I have an order form that I need to have placed into a MySQL DB, I have only used MySQL a few times and I have never coded my own app using it So this will be my first, I attemped it and was very Amzaed by the amount of errors I had created so I scraped it and am hoping you guys can point me in the right direction..
The order Form is contained all in one page, It has the basics like Name Address Email ect, Also has hosting plan information and Credit card info I also need to know how to transfer the card numbers in MD5?
Any help would be great.. Thank you..
Posted: Sun Nov 23, 2003 6:27 pm
by infolock
what you are wanting to do seems simple enough, except for maybe the credit card portion with MD5..
any way that we can get some code from you, especially your html for your form layout?
Posted: Sun Nov 23, 2003 6:30 pm
by seeker2921
I use a templet system and this file is just included into the templets when called.. So this is all there is to the order page, The config.inc is blank I was using it when I tryed to get this completed..
Posted: Sun Nov 23, 2003 6:43 pm
by infolock
wow... that was a lot more then i guess i needed, but that's ok, i think i can help you get started though.
when you want to call variables from forms, you are passing to PHP a post statement ( as you can see in your first form statement ).
In php, obtaining the values is very easy by using the $_POST['some_value'];
for example, you have the input box :
<input size="40" name="First-Name">
in order to grab this from php, all you would have to do is something like this :
a much better approach, though, would be
Code: Select all
<?php
$fname = $_POST['First-Name'];
?>
that way, you can just call $fname instead of that long $_POST statement when you are gonna insert or query a mysql table.
since now we understand how to call the variables, the next thing we need to do is create a mysql database and a table that is gonna hold these values.
this is provided to you in your MySQL manual that you recived when you installed MySQL. Just go into your MySQL diretory, and you'll see a DOC directory. Within it, you will see manual.htm .
scroll down to section 3.1 and it will go through how to get into mysql #1, and then it shows you how to create databases and tables.
After creating this database, you will need to use methods of connecting to MySQL with php.
this is available here : [php_man]MySQL[/php_man]
it's gonna take a little patience and research on these, but overall it should only take a few hours of research and implimenting your ideas into your code.
hope that helps. if you get stuck during this, post what you have done so far with php, and we'll help you correct your problems the best we can. enjoy.
Posted: Sun Nov 23, 2003 6:56 pm
by seeker2921
Awsome, Thank you..
Posted: Sun Nov 23, 2003 8:05 pm
by seeker2921
I'm stuck..
I have my db created and I added a table (orders) and I added fields to the table and In my php I can connect to the db without any problems but when I submit and then go check to see if the info is in the databse nothing is there..
the MySQL connection code
Code: Select all
<?
$db_host = 'localhost';
$db_usr = 'alienweb_alienwe';
$db_pass = '******';
$db_name = 'alienweb_order';
//Mysql Conntect.. hopefully??
$conn = mysql_connect("$db_host", "$db_usr", "$db_pass", "$db_name")
or die("Could not connect: " . mysql_error());
mysql_query("INSERT INTO mytable (fname) values ('$fname')");
mysql_query("INSERT INTO mytable (lname) values ('$lname')");
?>
I only am trying to get the first and last names in right now just to see if it works..
Posted: Sun Nov 23, 2003 9:01 pm
by infolock
you just had a few problems with the code. try this instead :
Code: Select all
<?php
$db_host = 'localhost';
$db_usr = 'alienweb_alienwe';
$db_pass = '******';
$db_name = 'alienweb_order';
//Mysql Conntect.. hopefully??
// this line does not need " marks since you are passing a variable..
$conn = mysql_connect($db_host, $db_usr, $db_pass, $db_name)
or die("Could not connect: " . mysql_error());
// need to escape out of the query in order to insert the variables correctly.
//compare what i did to your code and you'll see.
mysql_query("INSERT INTO mytable (fname, lname) values ('".$fname."', '".$lname."'");
?>
edit : this should be in the database forum anyways. sending there.
Posted: Sun Nov 23, 2003 9:44 pm
by seeker2921
Okay, Well I tried the new code but I am still having problems So this is what I did..
I added this line below to mysql_query()
print('Thank you $fname $lname for choosing Alien Web Netwroks!');
Just to see if the I had set my var's correctly and the name transfered over like it was supposed to.. But I still can't get it to go into the database??
Re: User input into MySQL
Posted: Sun Nov 23, 2003 9:51 pm
by McGruff
seeker2921 wrote:I have an order form that I need to have placed into a MySQL DB, I have only used MySQL a few times and I have never coded my own app using it ... The order Form is contained all in one page, It has the basics like Name Address Email ect, Also has hosting plan information and Credit card info...
My jaw hit the floor when you mentioned you are dealing with credit card info... I fell off my chair when you went on to post code on a public forum..
If you don't have a thorough knowledge of related security issues you really should not attempt this project. It could be a fatal blow for the business for which you are working and for your own reputation as a programmer if you create an insecure program which later on gets hacked.
I've used dansie cart in the past before I got into php - only costs about $150 if I remember rightly. Use that (or something similar) instead.
Sorry, but it's got to be said. You can't fool around with other people's money. I hope you do go on to learn more about php and mysql though.
Posted: Sun Nov 23, 2003 9:58 pm
by seeker2921
lol, thank you.. I do understand where you are coming from but this is just a porject I have other means of collecting my orders as of right now I am just trying to do this, It doubt it will be used anytime soon.. I know I'm no where good enough to make a secure order from right now but I'm trying to learn how.. I have alot of stuff I need to make using securestuff so this is just a start..
Posted: Sun Nov 23, 2003 10:03 pm
by McGruff
Rgr - apologies.
By the way, you might want to look at the mysql privilege system, if you haven't already. Users should only be able to connect to the database with the minimum of privileges.
Manual at mysql.com.
Posted: Mon Nov 24, 2003 12:55 am
by seeker2921
I don't know what privileges need to be set for what I'm trying to do?? Could that be wwhy I can't get my data into the database?
Posted: Mon Nov 24, 2003 1:04 am
by infolock
in place of this :
Code: Select all
<?php
$conn = mysql_connect($db_host, $db_usr, $db_pass, $db_name)
or die("Could not connect: " . mysql_error());
?>
try this and see if it gives you an error :
Code: Select all
<?php
$conn = mysql_connect($db_host, $db_usr, $db_pass) or die("Could not connect: " . mysql_error());
mysql_select_db($db_name) or die(mysql_error());
?>
edit : because from what i can tell, your setup is fine... also, try this :
in place of :
Code: Select all
<?php
mysql_query("INSERT INTO mytable (fname, lname) values ('".$fname."', '".$lname."'");
?>
put this :
Code: Select all
<?php
mysql_query("INSERT INTO mytable (fname, lname) values ('".$fname."', '".$lname."'") or die('Could not query database due to '.mysql_error());
?>
other then that, i have no idea. because if it's not erroring out on you, then you are connecting fine, and there is no reason why you can't update to it...
Posted: Mon Nov 24, 2003 1:34 am
by seeker2921
At first it didn't work but then I went over the code again and saw then when I copyed and pasted the code you posted you forgot a ) so I did that and it updated the two var's to my database with no errors so then I added the rest of my var's and it didn't work, heres the new line
Code: Select all
<?php
mysql_query("INSERT INTO orders (fname,lname,email,company,address,address_cont,city,state,zip,country,phone,fax,
domain,usr,pass,plan,type,dns,thwate,geotrust,dns,jvm,tomcat,comments,refered,
refered_other,ccfname,cclname,ccnum,ccex,cccode,cctype) values ('".$fname."',
'".$lname."','".$email."','".$address."','".$address_cont."','".$city."','".$state."','".$zip."','
".$country."','".$phone."','".$fax."','".$domain."','".$usr."','".$pass."','".$plan."','".$type."','".$dns."','".$thwate."','".$geotrust."','".$jvm."','".$tomcat."','".$comments."',
'".$refered."','".$refered_other."','".$ccfname."','".$cclname."','".$ccnum."','".$ccex."',
'".$cccode."','".$cctype."')");
?>
Posted: Mon Nov 24, 2003 2:19 am
by infolock
yeah, but you forgot to keep the error control in it
you know, the or die(mysql_error())
add that to the end of your query ( i deleted that mysql list. was stupid of me to even consider posting that )
EDIT : BTW, did you assign the rest of your $_POST's to variables that you are trying to insert into this table? ( like you did with name )