I have insert statement that inserts a blank row. I have the primary key that is autoincremented . so after i hit submit i check the table and it has a new row with the next number but all the other fields are blank. I don't get any errors form the .mysql_error(). I am just starting with php so i am sure this code has other issues.
here is my code
<?php
$db_host = "localhost";
$db_user = "test";
$db_pwd = "test";
$db_name = "TreoStatus";
mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name);
?>
<html>
<head>
<title>Treo Status</title>
</head>
<body>
<?php
if (!isset($_POST['submit'])) {
?>
<form action="" method="post">
PhoneNumer: <input type="text" name="PhoneNumber"><br>
Problem: <input type="text" name="Problem"><br>
Status: <input type="text" name="Status"><br>
DateSentOut: <input type="text" name="DateSentOut"><br>
DateReturned: <input type="text" name="DateReturned"><br>
EsnHex: <input type="text" name="EsnHex"><br>
EsnDec: <input type="text" name="EsnDec"><br>
Notes: <input type="text" name="Notes"><br>
<input type="submit" name="submit" value="Submit!">
<?php
} else {
mysql_query("INSERT INTO `RepairStatus` (RepairID, PhoneNumber, Problem, Status, DateSentOut, DateReturned, EsnHex, EsnDec, Notes) VALUES ('', '$PhoneNumber', '$Problem', '$Status', '$DateSentOut', '$DateReturned','$EsnHex', '$EsnDec', '$Notes')") or die ('cannot complete query ' . mysql_error());
echo "Success! ";
}
?>
insert into statment insters a blank row
Moderator: General Moderators
-
packetsmacker
- Forum Newbie
- Posts: 5
- Joined: Mon Oct 15, 2007 12:05 pm
Re: insert into statment insters a blank row
Your code expects register_globals to be set. Which is BAD.
Put that on top of the page and you should be getting a lot of errors.
You need to change all your Variables.
Your next step is to validate user data. You are vulnerable to SQL Injection, as well as many other problems. Example: your user data with quotes will break the insert.
Code: Select all
ini_set('display_errors',true);
error_reporting(E_ALL);You need to change all your Variables.
Code: Select all
$PhoneNumber -> $_POST['PhoneNumber']
$Problem -> $_POST['Problem']
$Status -> $_POST['Status']
-
packetsmacker
- Forum Newbie
- Posts: 5
- Joined: Mon Oct 15, 2007 12:05 pm
Re: insert into statment insters a blank row
Thanks for the input. It might take me a day or two to post back i am getting slammed at work.