Database/Email Script

**Carl** · Nov 7 '06, 10:55 PM

Re: Database/Email Script

Jerim79 wrote:

I am no PHP programmer. At my current job I made it known that I was no
PHP programmer during the interview. Still they have given me a script
to write with the understanding that it will take me a while (This
information is just for general knowledge as I don't want anyone
thinking I am trying to be dishonest with my intentions. Also, I do not
portray myself as something I am not. I am a beginner.)
>
Anyway, what the script needs to do is to take variables passed from an
HTML form and do two things. One is read it into a database. The other
is to send me an email with all of the customer's information.
>
//Name of the script is test.php
<?php
//I am using this echo command to make sure that the variables where
passed correctly.
echo $_Post['FName']; //Never displays
//Here is where the script for the database connections starts
$username='user name';
$password='pass word';
$hostname='loca lhost';
$databasename=' database';
//Here is where the database connection is actually made
$conection = mysql_connect($ hostname, $username, $password);
mysql_select_db ($databasename) or die ("Cannot connect to
database");
//With the database connection open, I start to insert the data from
the HTML form.
$result = mysql_query("IN SERT INTO table() VALUES($FName,
$LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone,
$Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)");
//After reading the information into the table, we close the database
connection
mysql_close();
>8 Message Cut >8

Hi Jerim,

A couple of things;
- $_Post is not the same as $_POST.
- When a function returns a value (as is the case with mysql_query()),
It is usually wise to check the value returned and make sure it is what
you expected.
- The mysql_error() function (http://php.net/mysql_error) is quite
useful when debugging these sorts of problems.

Hope that helps,
Carl.

**Jerim79** · Nov 8 '06, 02:25 PM

Re: Database/Email Script

Carl wrote:

Jerim79 wrote:

I am no PHP programmer. At my current job I made it known that I was no
PHP programmer during the interview. Still they have given me a script
to write with the understanding that it will take me a while (This
information is just for general knowledge as I don't want anyone
thinking I am trying to be dishonest with my intentions. Also, I do not
portray myself as something I am not. I am a beginner.)

Anyway, what the script needs to do is to take variables passed from an
HTML form and do two things. One is read it into a database. The other
is to send me an email with all of the customer's information.

//Name of the script is test.php
<?php
//I am using this echo command to make sure that the variables where
passed correctly.
echo $_Post['FName']; //Never displays
//Here is where the script for the database connections starts
$username='user name';
$password='pass word';
$hostname='loca lhost';
$databasename=' database';
//Here is where the database connection is actually made
$conection = mysql_connect($ hostname, $username, $password);
mysql_select_db ($databasename) or die ("Cannot connect to
database");
//With the database connection open, I start to insert the data from
the HTML form.
$result = mysql_query("IN SERT INTO table() VALUES($FName,
$LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone,
$Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)");
//After reading the information into the table, we close the database
connection
mysql_close();
8 Message Cut >8

>
Hi Jerim,
>
A couple of things;
- $_Post is not the same as $_POST.
- When a function returns a value (as is the case with mysql_query()),
It is usually wise to check the value returned and make sure it is what
you expected.
- The mysql_error() function (http://php.net/mysql_error) is quite
useful when debugging these sorts of problems.
>
Hope that helps,
Carl.

I tried out POST instead of Post. I even set the method to POST. It
still won't even display the top echo $_POST['FName'] so I don't think
the variables are getting passed.

However, I had a question about the mail script. I keep getting this
error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_ WHITESPACE,
expecting T_STRING or T_VARIABLE or T_NUM_STRING in /(website)/test.php
on line 270

Line 270 is this:
$message = "First Name: $_POST['FName']";

I believe the problem is the way in which I am adding the variable
$_POST['FName] to the line. I saw this method used somewhere: "First
Name: \"$_POST['FName']\""; but it didn't seem to work for me. I
haven't been able to find anything on point.

**Jerim79** · Nov 8 '06, 03:25 PM

Re: Database/Email Script

Jerim79 wrote:

Carl wrote:

Jerim79 wrote:

I am no PHP programmer. At my current job I made it known that I was no
PHP programmer during the interview. Still they have given me a script
to write with the understanding that it will take me a while (This
information is just for general knowledge as I don't want anyone
thinking I am trying to be dishonest with my intentions. Also, I do not
portray myself as something I am not. I am a beginner.)
>
Anyway, what the script needs to do is to take variables passed from an
HTML form and do two things. One is read it into a database. The other
is to send me an email with all of the customer's information.
>
//Name of the script is test.php
<?php
//I am using this echo command to make sure that the variables where
passed correctly.
echo $_Post['FName']; //Never displays
//Here is where the script for the database connections starts
$username='user name';
$password='pass word';
$hostname='loca lhost';
$databasename=' database';
//Here is where the database connection is actually made
$conection = mysql_connect($ hostname, $username, $password);
mysql_select_db ($databasename) or die ("Cannot connect to
database");
//With the database connection open, I start to insert the data from
the HTML form.
$result = mysql_query("IN SERT INTO table() VALUES($FName,
$LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone,
$Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)");
//After reading the information into the table, we close the database
connection
mysql_close();
>8 Message Cut >8

Hi Jerim,

A couple of things;
- $_Post is not the same as $_POST.
- When a function returns a value (as is the case with mysql_query()),
It is usually wise to check the value returned and make sure it is what
you expected.
- The mysql_error() function (http://php.net/mysql_error) is quite
useful when debugging these sorts of problems.

Hope that helps,
Carl.

>
I tried out POST instead of Post. I even set the method to POST. It
still won't even display the top echo $_POST['FName'] so I don't think
the variables are getting passed.
>
However, I had a question about the mail script. I keep getting this
error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_ WHITESPACE,
expecting T_STRING or T_VARIABLE or T_NUM_STRING in /(website)/test.php
on line 270
>
Line 270 is this:
$message = "First Name: $_POST['FName']";
>
I believe the problem is the way in which I am adding the variable
$_POST['FName] to the line. I saw this method used somewhere: "First
Name: \"$_POST['FName']\""; but it didn't seem to work for me. I
haven't been able to find anything on point.

I was able to figure out the POST issue. If you use " in the name on
the HTML form, you have to use " in the PHP script. So $_POST['FName']
didn't work but $_POST["FName"] does. (I haven't seen this mentioned
anywhere.)

The other issue I am having, besides the email issue is the database
INSERT. Here is the code:
$result = mysql_query("IN SERT INTO table() VALUES($FName, $LName,
$Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone, $Fax,
$Email, $Var1, $Var2, $Var3, $Var4, $Var5)")

I know that $FName isn't the proper way to do it. However, when I set
it to $_POST["FName"] I get this error:

Parse error: syntax error, unexpected '"', expecting T_STRING or
T_VARIABLE or T_NUM_STRING in /website/test.php on line 264

I did insert this command to show any database errors, but it doesn't
show any:
echo mysql_error($co nnection)

**Carl** · Nov 8 '06, 06:05 PM

Re: Database/Email Script

Jerim79,

My reply is inline...

Jerim79 wrote:

>
I was able to figure out the POST issue. If you use " in the name on
the HTML form, you have to use " in the PHP script. So $_POST['FName']
didn't work but $_POST["FName"] does. (I haven't seen this mentioned
anywhere.)
>

I don't believe this to be true. Double quotes should be used for
parsing variables within a string.

PHP: Strings - Manual

http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing

Strings

Both double and single quotes work for quoting array indexes. I would
suggest your problem is elsewhere.

The other issue I am having, besides the email issue is the database
INSERT. Here is the code:
$result = mysql_query("IN SERT INTO table() VALUES($FName, $LName,
$Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone, $Fax,
$Email, $Var1, $Var2, $Var3, $Var4, $Var5)")
>
I know that $FName isn't the proper way to do it. However, when I set
it to $_POST["FName"] I get this error:
>
Parse error: syntax error, unexpected '"', expecting T_STRING or
T_VARIABLE or T_NUM_STRING in /website/test.php on line 264

You are receiving this error because when you insert the variable
$_POST["FName"] into your SQL statement, the first double quote is
ending the quotes you use to enclose your SQL statement.

You have a couple of options, but remember that It is VERY bad practice
to pass user input (POST/GET) values directly to the database.

The following page describes this problem. I strongly advise you read
the page carefully and make sure you understand it.

PHP: mysql_real_escape_string - Manual

http://www.php.net/manual/en/function.mysql-real-escape-string.php

Escapes special characters in a string for use in an SQL statement

I did insert this command to show any database errors, but it doesn't
show any:
echo mysql_error($co nnection)

What was the value of your $result variable? It would be helpful to see
the relevant code.

Hope this helps,
Carl.

**Jerim79** · Nov 8 '06, 07:05 PM

Re: Database/Email Script

Jerim79 wrote:

Jerim79 wrote:

Carl wrote:

Jerim79 wrote:
I am no PHP programmer. At my current job I made it known that I was no
PHP programmer during the interview. Still they have given me a script
to write with the understanding that it will take me a while (This
information is just for general knowledge as I don't want anyone
thinking I am trying to be dishonest with my intentions. Also, I do not
portray myself as something I am not. I am a beginner.)

Anyway, what the script needs to do is to take variables passed from an
HTML form and do two things. One is read it into a database. The other
is to send me an email with all of the customer's information.

//Name of the script is test.php
<?php
//I am using this echo command to make sure that the variables where
passed correctly.
echo $_Post['FName']; //Never displays
//Here is where the script for the database connections starts
$username='user name';
$password='pass word';
$hostname='loca lhost';
$databasename=' database';
//Here is where the database connection is actually made
$conection = mysql_connect($ hostname, $username, $password);
mysql_select_db ($databasename) or die ("Cannot connect to
database");
//With the database connection open, I start to insert the data from
the HTML form.
$result = mysql_query("IN SERT INTO table() VALUES($FName,
$LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone,
$Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)");
//After reading the information into the table, we close the database
connection
mysql_close();
8 Message Cut >8
>
Hi Jerim,
>
A couple of things;
- $_Post is not the same as $_POST.
- When a function returns a value (as is the case with mysql_query()),
It is usually wise to check the value returned and make sure it is what
you expected.
- The mysql_error() function (http://php.net/mysql_error) is quite
useful when debugging these sorts of problems.
>
Hope that helps,
Carl.

I tried out POST instead of Post. I even set the method to POST. It
still won't even display the top echo $_POST['FName'] so I don't think
the variables are getting passed.

However, I had a question about the mail script. I keep getting this
error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_ WHITESPACE,
expecting T_STRING or T_VARIABLE or T_NUM_STRING in /(website)/test.php
on line 270

Line 270 is this:
$message = "First Name: $_POST['FName']";

I believe the problem is the way in which I am adding the variable
$_POST['FName] to the line. I saw this method used somewhere: "First
Name: \"$_POST['FName']\""; but it didn't seem to work for me. I
haven't been able to find anything on point.

>
I was able to figure out the POST issue. If you use " in the name on
the HTML form, you have to use " in the PHP script. So $_POST['FName']
didn't work but $_POST["FName"] does. (I haven't seen this mentioned
anywhere.)
>
The other issue I am having, besides the email issue is the database
INSERT. Here is the code:
$result = mysql_query("IN SERT INTO table() VALUES($FName, $LName,
$Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone, $Fax,
$Email, $Var1, $Var2, $Var3, $Var4, $Var5)")
>
I know that $FName isn't the proper way to do it. However, when I set
it to $_POST["FName"] I get this error:
>
Parse error: syntax error, unexpected '"', expecting T_STRING or
T_VARIABLE or T_NUM_STRING in /website/test.php on line 264
>
I did insert this command to show any database errors, but it doesn't
show any:
echo mysql_error($co nnection)

Okay, I found something that works. It probably isn't the best way, but
it works. At the beginning of the script I set each variable to a local
variable. Such as:
$FName=$_POST["FName"];

That may not be the best way to do it, but it works. The email script
is working great now. Which just leaves the MySQL connection. Here is
the code:

$username='user name';
$password='pass word';
$hostname='loca lhost';
$databasename=' database';
//Here is where the database connection is actually made
$conection = mysql_connect($ hostname, $username, $password);
mysql_select_db ($databasename) or die ("Cannot connect to
database" . msyql_error());
//This sets the query to a variable for easy calling
$query='INSERT INTO table() VALUES($FName,
$LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip,
$Phone,
$Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)'
//With the database connection open, I insert the data using
$query
$result = mysql_query($qu ery) or die ('Query failed: ' .
mysql_error());
//After reading the information into the table, we close the
database connection
mysql_close();

The error message I get:

Query failed: Unknown column '$FName' in 'field list'

If I enclose the variables inside the VALUES() part with quotations,
such as "$FName", "$LName","$Titl e" that data does get put into the
table with no error. Which is to say that $FName gets written to the
table, and not the data that $FName represents. So I know the database
connection is working and it is able to write. I tried defining the
columns in table() such as table(FNAME, LNAME, TITLE) with the same
error as above. I tried using $_POST[FName] in the VALUES() function
but it just returns a syntax error and tells me to check the manual for
my version of MySQL for the correct version. I am running 4.0.1 by the
way.

**Jerim79** · Nov 8 '06, 07:15 PM

Re: Database/Email Script

Carl wrote:

Jerim79,
>
My reply is inline...
>
Jerim79 wrote:

I was able to figure out the POST issue. If you use " in the name on
the HTML form, you have to use " in the PHP script. So $_POST['FName']
didn't work but $_POST["FName"] does. (I haven't seen this mentioned
anywhere.)

>
I don't believe this to be true. Double quotes should be used for
parsing variables within a string.

PHP: Strings - Manual

http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing

Strings

Both double and single quotes work for quoting array indexes. I would
suggest your problem is elsewhere.
>

The other issue I am having, besides the email issue is the database
INSERT. Here is the code:
$result = mysql_query("IN SERT INTO table() VALUES($FName, $LName,
$Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone, $Fax,
$Email, $Var1, $Var2, $Var3, $Var4, $Var5)")

I know that $FName isn't the proper way to do it. However, when I set
it to $_POST["FName"] I get this error:

Parse error: syntax error, unexpected '"', expecting T_STRING or
T_VARIABLE or T_NUM_STRING in /website/test.php on line 264

>
You are receiving this error because when you insert the variable
$_POST["FName"] into your SQL statement, the first double quote is
ending the quotes you use to enclose your SQL statement.
>
You have a couple of options, but remember that It is VERY bad practice
to pass user input (POST/GET) values directly to the database.
>
The following page describes this problem. I strongly advise you read
the page carefully and make sure you understand it.

PHP: mysql_real_escape_string - Manual

http://www.php.net/manual/en/function.mysql-real-escape-string.php

Escapes special characters in a string for use in an SQL statement

>

I did insert this command to show any database errors, but it doesn't
show any:
echo mysql_error($co nnection)

>
What was the value of your $result variable? It would be helpful to see
the relevant code.
>
Hope this helps,
Carl.

Carl,

I just read the links you gave me. I am certainly on board with what
they had to say. I do intend to add the functionality to the final
script. What I would like first would be to get the script working.
Right now, this is a dummy script, with access only to a blank table. I
can mess around with it as much as I want. (My boss just gave me this
task as a learning experience.) This is day 2 of my PHP learning
experience. So I am just trying to take it one step at a time. I really
do appreciate your help.

**Carl** · Nov 8 '06, 10:35 PM

Re: Database/Email Script

Reply Inline...

Jerim79 wrote:

>
Okay, I found something that works. It probably isn't the best way, but
it works. At the beginning of the script I set each variable to a local
variable. Such as:
$FName=$_POST["FName"];
>
That may not be the best way to do it, but it works. The email script
is working great now. Which just leaves the MySQL connection. Here is
the code:
>
$username='user name';
$password='pass word';
$hostname='loca lhost';
$databasename=' database';
//Here is where the database connection is actually made
$conection = mysql_connect($ hostname, $username, $password);
mysql_select_db ($databasename) or die ("Cannot connect to
database" . msyql_error());
//This sets the query to a variable for easy calling
$query='INSERT INTO table() VALUES($FName,
$LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip,
$Phone,
$Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)'
//With the database connection open, I insert the data using
$query
$result = mysql_query($qu ery) or die ('Query failed: ' .
mysql_error());
//After reading the information into the table, we close the
database connection
mysql_close();
>
The error message I get:
>
Query failed: Unknown column '$FName' in 'field list'

If you want the variables in your SQL statement to be parsed by the php
interpreter, your SQL statement string needs to be in double quotes.
This behaviour is described here:

PHP: Strings - Manual

http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing

Strings

Note that you will still be left with an error as the string values
should themselves be enclosed in single quotes (you're using mysql,
right?). Numeric values do not need to be enclosed in single quotes,
but you must remember to ensure that they are infact numeric values or
cast them explicitly.

$query = "INSERT INTO table() VALUES('$FName' , '$LName'...

Alternatively, you can kill two birds with one stone and sanitize the
input while building the SQL statement.

$query = sprintf("INSERT INTO table() VALUES('%s', '$s'...
mysql_real_esca pe_string($FNam e),
mysql_real_esca pe_string($LNam e),...

>
If I enclose the variables inside the VALUES() part with quotations,
such as "$FName", "$LName","$Titl e" that data does get put into the
table with no error. Which is to say that $FName gets written to the
table, and not the data that $FName represents.

As stated above, this is due to the fact that php wil not expand the
value of a variable inside of single quotes. '$var' literally means
'$var'. With "$var", the php interpreter will attempt to resolve to the
value for the variable $var.

Hope that helps,
Carl.

>So I know the database
connection is working and it is able to write. I tried defining the
columns in table() such as table(FNAME, LNAME, TITLE) with the same
error as above. I tried using $_POST[FName] in the VALUES() function
but it just returns a syntax error and tells me to check the manual for
my version of MySQL for the correct version. I am running 4.0.1 by the
way.

**Jerim79** · Nov 8 '06, 11:05 PM

Re: Database/Email Script

Carl wrote:

Reply Inline...
>
Jerim79 wrote:

Okay, I found something that works. It probably isn't the best way, but
it works. At the beginning of the script I set each variable to a local
variable. Such as:
$FName=$_POST["FName"];

That may not be the best way to do it, but it works. The email script
is working great now. Which just leaves the MySQL connection. Here is
the code:

$username='user name';
$password='pass word';
$hostname='loca lhost';
$databasename=' database';
//Here is where the database connection is actually made
$conection = mysql_connect($ hostname, $username, $password);
mysql_select_db ($databasename) or die ("Cannot connect to
database" . msyql_error());
//This sets the query to a variable for easy calling
$query='INSERT INTO table() VALUES($FName,
$LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip,
$Phone,
$Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)'
//With the database connection open, I insert the data using
$query
$result = mysql_query($qu ery) or die ('Query failed: ' .
mysql_error());
//After reading the information into the table, we close the
database connection
mysql_close();

The error message I get:

Query failed: Unknown column '$FName' in 'field list'

>
If you want the variables in your SQL statement to be parsed by the php
interpreter, your SQL statement string needs to be in double quotes.
This behaviour is described here:
>

PHP: Strings - Manual

http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing

Strings

>
Note that you will still be left with an error as the string values
should themselves be enclosed in single quotes (you're using mysql,
right?). Numeric values do not need to be enclosed in single quotes,
but you must remember to ensure that they are infact numeric values or
cast them explicitly.
>
$query = "INSERT INTO table() VALUES('$FName' , '$LName'...
>
Alternatively, you can kill two birds with one stone and sanitize the
input while building the SQL statement.
>
$query = sprintf("INSERT INTO table() VALUES('%s', '$s'...
mysql_real_esca pe_string($FNam e),
mysql_real_esca pe_string($LNam e),...
>

If I enclose the variables inside the VALUES() part with quotations,
such as "$FName", "$LName","$Titl e" that data does get put into the
table with no error. Which is to say that $FName gets written to the
table, and not the data that $FName represents.

>
As stated above, this is due to the fact that php wil not expand the
value of a variable inside of single quotes. '$var' literally means
'$var'. With "$var", the php interpreter will attempt to resolve to the
value for the variable $var.
>
>
Hope that helps,
Carl.
>

So I know the database
connection is working and it is able to write. I tried defining the
columns in table() such as table(FNAME, LNAME, TITLE) with the same
error as above. I tried using $_POST[FName] in the VALUES() function
but it just returns a syntax error and tells me to check the manual for
my version of MySQL for the correct version. I am running 4.0.1 by the
way.

Thanks so much for the help. Once I get it working, I am going to go
back and clean everything up.

**David T. Ashley** · Nov 9 '06, 02:05 PM

Re: Database/Email Script

"Jerim79" <mylek@hotmail. comwrote in message
news:1162938427 .548263.120380@ f16g2000cwb.goo glegroups.com.. .

>
>I am no PHP programmer. At my current job I made it known that I was no
PHP programmer during the interview. Still they have given me a script
to write with the understanding that it will take me a while (This
information is just for general knowledge as I don't want anyone
thinking I am trying to be dishonest with my intentions. Also, I do not
portray myself as something I am not. I am a beginner.)

I'm working on a project at:

http://fboprimedevel.e3ft.com

Please feel free to sign on as dashley with password dashley. Select "Show
More Options" twice then try "View/Edit Resources". This will get you to
basic scripts that will display, manipulate, add to a database table.

(And please let me know if the userid/password doesn't work--the most likely
reason would be that some prankster from this newsgroup signed on and
changed the password.)

Here are the examples that may be useful:

The set of include files I'm using:

http://fboprime.e3ft.com/vcvsgpl01/viewcvs.cgi/gpl01/webprojs/fboprime/sw/phplib/

Displaying the list of resources:

http://fboprime.e3ft.com/vcvsgpl01/viewcvs.cgi/gpl01/webprojs/fboprime/sw/webdir/resourcelist.php?rev=1.9&content-type=text/vnd.viewcvs-markup

Adding a resource:

http://fboprime.e3ft.com/vcvsgpl01/viewcvs.cgi/gpl01/webprojs/fboprime/sw/webdir/resourceadd.php?rev=1.5&content-type=text/vnd.viewcvs-markup

Viewing a resource:

http://fboprime.e3ft.com/vcvsgpl01/viewcvs.cgi/gpl01/webprojs/fboprime/sw/webdir/resourceview.php?rev=1.6&content-type=text/vnd.viewcvs-markup

In any case, if you weed through a few of those (and you'll have to look up
the include files as well), it should answer all questions.

You may write me directly at DTA@E3FT.COM if I can be of further assistance.

Dave.

Database/Email Script

Database/Email Script

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment