Page 1 of 1

insert into statment insters a blank row

Posted: Thu Jan 31, 2008 10:43 am
by packetsmacker
I have insert statement that inserts a blank row. I have the primary key that is autoincremented . so after i hit submit i check the table and it has a new row with the next number but all the other fields are blank. I don't get any errors form the .mysql_error(). I am just starting with php so i am sure this code has other issues.


here is my code

<?php
$db_host = "localhost";
$db_user = "test";
$db_pwd = "test";
$db_name = "TreoStatus";
mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name);
?>


<html>

<head>
<title>Treo Status</title>
</head>
<body>
<?php
if (!isset($_POST['submit'])) {
?>

<form action="" method="post">
PhoneNumer: <input type="text" name="PhoneNumber"><br>
Problem: <input type="text" name="Problem"><br>
Status: <input type="text" name="Status"><br>
DateSentOut: <input type="text" name="DateSentOut"><br>
DateReturned: <input type="text" name="DateReturned"><br>
EsnHex: <input type="text" name="EsnHex"><br>
EsnDec: <input type="text" name="EsnDec"><br>
Notes: <input type="text" name="Notes"><br>
<input type="submit" name="submit" value="Submit!">
<?php
} else {
mysql_query("INSERT INTO `RepairStatus` (RepairID, PhoneNumber, Problem, Status, DateSentOut, DateReturned, EsnHex, EsnDec, Notes) VALUES ('', '$PhoneNumber', '$Problem', '$Status', '$DateSentOut', '$DateReturned','$EsnHex', '$EsnDec', '$Notes')") or die ('cannot complete query ' . mysql_error());

echo "Success! ";

}

?>

Re: insert into statment insters a blank row

Posted: Thu Jan 31, 2008 11:22 am
by Zoxive
Your code expects register_globals to be set. Which is BAD.

Code: Select all

ini_set('display_errors',true);
error_reporting(E_ALL);
Put that on top of the page and you should be getting a lot of errors.

You need to change all your Variables.

Code: Select all

 
$PhoneNumber  -> $_POST['PhoneNumber']
$Problem          -> $_POST['Problem']
$Status           -> $_POST['Status']
 
Your next step is to validate user data. You are vulnerable to SQL Injection, as well as many other problems. Example: your user data with quotes will break the insert.

Re: insert into statment insters a blank row

Posted: Thu Jan 31, 2008 12:43 pm
by packetsmacker
Thanks for the input. It might take me a day or two to post back i am getting slammed at work.