Page 1 of 1

Newbie: Basic Question on Adding Record to MySQL db

Posted: Wed Jul 05, 2006 12:26 pm
by rustynail
I am new to PHP and MySQL and the site, but experienced with CGI and HTML. As soon as I get a few moments I will be checking the board for more info.

I have gone through this tutorial -> http://www.freewebmasterhelp.com/tutorials/phpmysql and have downloaded their "Full Code Of Example" on the lower left side of the screen where you can download the code they used in the tutorial.

My server is a Linux box with MySQL, PHP, and Apache installed. I am maintaining the server as well.

Everything seems to work as described, but when I go to "add.html" and add a record to the database, a record is in fact added, but all the fields are empty.

I have narrowed it down that insert.php is not seeing the information being passed to it from add.html.

I don't know what to do next find the problem.

Posted: Wed Jul 05, 2006 12:56 pm
by RobertGonzalez
Can you post some code? I would bet this is a register globals issue, but it would be helpful if we could see the HTML form elements and the variable assignments of those form elements on the resulting PHP page.

Posted: Wed Jul 05, 2006 1:55 pm
by rustynail
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Thanks for the fast reply.  Hope this is what you are looking for.

add.html[syntax="html"]
<form action="insert.php" method="post">
First Name: <input type="text" name="first"><br>
Last Name: <input type="text" name="last"><br>
Phone: <input type="text" name="phone"><br>
Mobile: <input type="text" name="mobile"><br>
Fax: <input type="text" name="fax"><br>
E-mail: <input type="text" name="email"><br>
Web: <input type="text" name="web"><br>
<input type="Submit">
</form>
insert.php[/syntax]

Code: Select all

<?
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database"); 

$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
mysql_query($query);

mysql_close();
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Jul 05, 2006 2:11 pm
by RobertGonzalez
Yeah, I thought that would be it. You are using globally registered values for your input variables. What that means is that the tutorial you are using is teaching you a bad practise. The vars that are in the INSERT query have no value because your PHP install does not know what those vars contain. In the days of PHP 3 (and some PHP 4), register globals would be enabled and would automatically add the values of GET, POST, COOKIE and SESSION array vars into their single variable equivalents. Very insecure and dangerous!

What you need to do is assign the post array values to the vars before using them.

Code: Select all

<?php
// Personally, I like to initialize my vars  
$first = '';
$last = '';
$phone= '';
$mobile = '';
$fax= '';
$email = '';
$web = '';

if (isset($_POST['first'])) // I would really consider using a hidden trigger field in your form
{
    $first = $_POST['first'];
    $last = $_POST['last'];
    $phone= $_POST['phone'];
    $mobile = $_POST['mobile'];
    $fax= $_POST['fax'];
    $email = $_POST['email'];
    $web = $_POST['web'];

    include("dbinfo.inc.php");
    mysql_connect(localhost,$username,$password) or die('Could not connect to the database: ' . mysql_error());
    mysql_select_db($database) or die( "Unable to select database");

    $query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')";
    mysql_query($query) or die('Could not enter the data: ' . mysql_error()); // You may want to look at mysql_affected_rows() as well

    mysql_close(); 
}
?>

Posted: Wed Jul 05, 2006 2:31 pm
by rustynail
Awsome - worked as designed. I also like added safety features. Great first experience at the forum. Thanks.