insert into statment insters a blank row

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
packetsmacker
Forum Newbie
Posts: 5
Joined: Mon Oct 15, 2007 12:05 pm

insert into statment insters a blank row

Post by packetsmacker »

I have insert statement that inserts a blank row. I have the primary key that is autoincremented . so after i hit submit i check the table and it has a new row with the next number but all the other fields are blank. I don't get any errors form the .mysql_error(). I am just starting with php so i am sure this code has other issues.


here is my code

<?php
$db_host = "localhost";
$db_user = "test";
$db_pwd = "test";
$db_name = "TreoStatus";
mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name);
?>


<html>

<head>
<title>Treo Status</title>
</head>
<body>
<?php
if (!isset($_POST['submit'])) {
?>

<form action="" method="post">
PhoneNumer: <input type="text" name="PhoneNumber"><br>
Problem: <input type="text" name="Problem"><br>
Status: <input type="text" name="Status"><br>
DateSentOut: <input type="text" name="DateSentOut"><br>
DateReturned: <input type="text" name="DateReturned"><br>
EsnHex: <input type="text" name="EsnHex"><br>
EsnDec: <input type="text" name="EsnDec"><br>
Notes: <input type="text" name="Notes"><br>
<input type="submit" name="submit" value="Submit!">
<?php
} else {
mysql_query("INSERT INTO `RepairStatus` (RepairID, PhoneNumber, Problem, Status, DateSentOut, DateReturned, EsnHex, EsnDec, Notes) VALUES ('', '$PhoneNumber', '$Problem', '$Status', '$DateSentOut', '$DateReturned','$EsnHex', '$EsnDec', '$Notes')") or die ('cannot complete query ' . mysql_error());

echo "Success! ";

}

?>
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Re: insert into statment insters a blank row

Post by Zoxive »

Your code expects register_globals to be set. Which is BAD.

Code: Select all

ini_set('display_errors',true);
error_reporting(E_ALL);
Put that on top of the page and you should be getting a lot of errors.

You need to change all your Variables.

Code: Select all

 
$PhoneNumber  -> $_POST['PhoneNumber']
$Problem          -> $_POST['Problem']
$Status           -> $_POST['Status']
 
Your next step is to validate user data. You are vulnerable to SQL Injection, as well as many other problems. Example: your user data with quotes will break the insert.
packetsmacker
Forum Newbie
Posts: 5
Joined: Mon Oct 15, 2007 12:05 pm

Re: insert into statment insters a blank row

Post by packetsmacker »

Thanks for the input. It might take me a day or two to post back i am getting slammed at work.
Post Reply