Newbie: Basic Question on Adding Record to MySQL db

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
rustynail
Forum Newbie
Posts: 21
Joined: Wed Jul 05, 2006 12:14 pm

Newbie: Basic Question on Adding Record to MySQL db

Post by rustynail »

I am new to PHP and MySQL and the site, but experienced with CGI and HTML. As soon as I get a few moments I will be checking the board for more info.

I have gone through this tutorial -> http://www.freewebmasterhelp.com/tutorials/phpmysql and have downloaded their "Full Code Of Example" on the lower left side of the screen where you can download the code they used in the tutorial.

My server is a Linux box with MySQL, PHP, and Apache installed. I am maintaining the server as well.

Everything seems to work as described, but when I go to "add.html" and add a record to the database, a record is in fact added, but all the fields are empty.

I have narrowed it down that insert.php is not seeing the information being passed to it from add.html.

I don't know what to do next find the problem.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Can you post some code? I would bet this is a register globals issue, but it would be helpful if we could see the HTML form elements and the variable assignments of those form elements on the resulting PHP page.
rustynail
Forum Newbie
Posts: 21
Joined: Wed Jul 05, 2006 12:14 pm

Post by rustynail »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Thanks for the fast reply.  Hope this is what you are looking for.

add.html[syntax="html"]
<form action="insert.php" method="post">
First Name: <input type="text" name="first"><br>
Last Name: <input type="text" name="last"><br>
Phone: <input type="text" name="phone"><br>
Mobile: <input type="text" name="mobile"><br>
Fax: <input type="text" name="fax"><br>
E-mail: <input type="text" name="email"><br>
Web: <input type="text" name="web"><br>
<input type="Submit">
</form>
insert.php[/syntax]

Code: Select all

<?
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database"); 

$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
mysql_query($query);

mysql_close();
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Yeah, I thought that would be it. You are using globally registered values for your input variables. What that means is that the tutorial you are using is teaching you a bad practise. The vars that are in the INSERT query have no value because your PHP install does not know what those vars contain. In the days of PHP 3 (and some PHP 4), register globals would be enabled and would automatically add the values of GET, POST, COOKIE and SESSION array vars into their single variable equivalents. Very insecure and dangerous!

What you need to do is assign the post array values to the vars before using them.

Code: Select all

<?php
// Personally, I like to initialize my vars  
$first = '';
$last = '';
$phone= '';
$mobile = '';
$fax= '';
$email = '';
$web = '';

if (isset($_POST['first'])) // I would really consider using a hidden trigger field in your form
{
    $first = $_POST['first'];
    $last = $_POST['last'];
    $phone= $_POST['phone'];
    $mobile = $_POST['mobile'];
    $fax= $_POST['fax'];
    $email = $_POST['email'];
    $web = $_POST['web'];

    include("dbinfo.inc.php");
    mysql_connect(localhost,$username,$password) or die('Could not connect to the database: ' . mysql_error());
    mysql_select_db($database) or die( "Unable to select database");

    $query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
    mysql_query($query) or die('Could not enter the data: ' . mysql_error()); // You may want to look at mysql_affected_rows() as well

    mysql_close(); 
}
?>
rustynail
Forum Newbie
Posts: 21
Joined: Wed Jul 05, 2006 12:14 pm

Post by rustynail »

Awsome - worked as designed. I also like added safety features. Great first experience at the forum. Thanks.
Post Reply