Page 1 of 1

inserting into a database by clicking the submit button

Posted: Wed Aug 08, 2007 7:48 am
by phpphp2007
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I wrote a code to insert information from text field into database by clicking a submit button but I don’t know why it wouldn't out. I'll appreciate if you can help to solve this problem.

Code: Select all

<?php
	

                             if ($_POST[submit] == "Submit") 
                             {
			$host_name = 'localhost'; // Set this to your Database Name  
			$database_name= 'login';
			$database_username = 'root'; // Set this to your MySQL username  
			$database_password = 'root'; // Set this to your MySQL password  
  			
			$connect = mysql_pconnect($host_name,$database_username, $database_password)
			or die ("coneect nashod jigar");
			
			$db = mysql_select_db( $database_name, $connect) or die ("select nashod jigar");;
			
			$textfield = $_POST['textfield']; 
			$textfield2 = $_POST['textfield2']; 
						
			$query = "INSERT INTO logindata (username, passw) VALUES ($textfield, $textfield2)";
			
			mysql_query($query,$connect) or die('Error, insert query failed');

			}
	?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Re: inserting into a database by clicking the submit button

Posted: Wed Aug 08, 2007 8:33 am
by superdezign
phpphp2007 wrote:if ($_POST[submit] == "Submit")
1) Don't check for a submit button... It isn't always sent because it doesn't need to be clicked
2) Don't use constants... Strings are surrounded by quotes. i.e. $_POST['foo']
phpphp2007 wrote:$database_username = 'root'; // Set this to your MySQL username
$database_password = 'root'; // Set this to your MySQL password
Your database password locally is root? Mine is empty.
phpphp2007 wrote:$connect = mysql_pconnect($host_name,$database_username, $database_password) or die ("coneect nashod jigar");
Why are you using a persistent connection...?
phpphp2007 wrote:$textfield = $_POST['textfield'];
$textfield2 = $_POST['textfield2'];
You should check for the existence of all variables before usage with isset() or empty().
phpphp2007 wrote:$query = "INSERT INTO logindata (username, passw) VALUES ($textfield, $textfield2)";
You should sanitize all data going into MySQL queries using mysql_real_escape_string().


So, what is the problem? ;)

Re: inserting into a database by clicking the submit button

Posted: Thu Aug 09, 2007 3:00 am
by phpphp2007
Thanks for your help :wink: , I will do what you said to see how can the problem be solve

Posted: Thu Aug 09, 2007 3:23 am
by timvw
And even with sanitized, prepared data, the query will be invalid... string types (in sql) have to be quoted:

Code: Select all

INSERT INTO table ( x, y ) VALUES ( 'xval', 'yval' );

Code: Select all

// let's create a container to hold values that have been prepared for use in a mysql query
$mysql = array(); 
// prepare $textfield and $textfield2 for use in a mysql query
$mysql['textfield'] = mysql_real_escape_string($textfield);
$mysql['textfield2'] = mysql_real_escape_string($textfield2);
// build the query
$query = "INSERT INTO logindata (username, passw) VALUES ('${mysql['textfield']}', '${mysql['textfield2']}')";