PHP Form data database insert

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • andrewtayloruk
    New Member
    • Feb 2007
    • 12
    #1

    PHP Form data database insert

    I'm a newbie when it come to things php and i'm having a bit of trouble.

    I'm trying to insert data from an html form into a mysql database and can't get it to work.

    Just a few bits about my setup, i'm running an sql server locally, i've created the database, table and fields. I think what i'm missing is something that actually runs the sql query when i hit the submit button. Also, i'm aware i haven't made the data being inserted safe, i just wanted to get it working first.

    Thanks in advance

    [php]
    <?php
    $dbid = mysql_connect ('localhost');
    mysql_select_db ("addresses",$d bid) or die ("Cannot find database");
    $query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES ('1 INT', $name text, $address text, $postcode text, $telephone int, $email text, $picture longblob)";
    $result = mysql_query($qu ery,$dbid);

    $name = "($_REQUEST[name])";
    $address = "($_REQUEST[address])";
    $postcode = "($_REQUEST[postcode])";
    $telephone = "($_REQUEST[telephone])";
    $email = "($_REQUEST[email])";
    $picture = "($_REQUEST[picture])";
    }
    ?>

    <html>
    <head>
    <title>Data submission - db version</title?
    </head>
    <body>
    <form enctype="multip art/form-data" method="post">
    <br>
    <input name="name" value="Name"><b r />
    <input name="address" value="Address" ><br />
    <input name="postcode" value="Postcode "><br />
    <input name="telephone " value="Telephon e"><br />
    <input name="email" value="Email">< br />
    Picture:<br><in put type="file" name="picture" size"80" value="Image">< br />

    <br><input type="submit" action="data_in put.php"></form><br>

    </body>
    </html>
    [/php]
    Last edited by ronverdonk; Mar 23 '07, 12:55 PM. Reason: enclosing code within tags
    Tags: None
    • ronverdonk
      Recognized Expert Specialist
      • Jul 2006
      • 4259
      #2
      Please read the Posting Guidelines before you post in this forum!.

      Especially the part about enclosing code within code or php tags!!!


      moderator

        Comment

        • andrewtayloruk
          New Member
          • Feb 2007
          • 12
          #3
          Originally posted by ronverdonk
          Please read the Posting Guidelines before you post in this forum!.

          Especially the part about enclosing code within code or php tags!!!


          moderator
          Oo-er! Sorry about that, i'd edit it but it doesn't look like i can edit my post. If one of your moderators could edit it so that it conforms to your rules. I'm very sorry, i've just noticed the guidelines on the right hand side of my screen. I was in a bit of a rush to get a post up i didn't really pay much attention.

          Sorry

            Comment

            • ronverdonk
              Recognized Expert Specialist
              • Jul 2006
              • 4259
              #4
              You have so many errors in your script that I cannot possibly show them all. A few of them are:

              - what about the userid and password in your mysql_connect?
              - the </title statement misses the &gt.
              - miss the action in the <form> statement
              - no action in the submit input stmt
              - no enclosing quotation marks in the POST array assignments
              - how to upload the picture??
              - how do you know that the form is submitted?
              - what are the data types doing in the insert statement values?
              - etc.

              Btw: your script is heaven for a hacker! You can specify anything and you store it unchecked and unvalidated in your db!

              So, instead of addressing all errors, I show you the code that works somehow (but not for the image upload). You'll have to adapt this to your own requirement.
              [php]
              <?php
              if (isset($_POST['submitted'])) {
              $name = trim(strip_tags ($_POST['name']));
              $address = trim(strip_tags ($_POST['address']));
              $postcode = trim(strip_tags ($_POST['postcode']));
              $telephone = trim(strip_tags ($_POST['telephone']));
              $email = trim(strip_tags ($_POST['email']));
              $picture = trim(strip_tags ($_POST['picture']));
              $dbid = mysql_connect ('localhost', 'xxx', 'yyy');
              mysql_select_db ("vwso",$dbi d)
              or die ("Cannot find database");
              $query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES (1, '$name', '$address', '$postcode', $telephone, '$email' , '$picture')";
              $result = mysql_query($qu ery,$dbid)
              or die("INSERT error:".mysql_e rror());
              echo 'Row inserted';
              exit;
              }
              ?>

              <html>
              <head>
              <title>Data submission - db version</title>
              </head>
              <body>
              <form enctype="multip art/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
              Name: <input name="name" /><br />
              Address: <input name="address" /><br />
              Postcode: <input name="postcode" /><br />
              Telno: <input name="telephone " /><br />
              Email: <input name="email" /><br />
              Picture:<br><in put type="file" name="picture" size"80" /><br />

              <br><input type="submit" name="submitted " value="Submit" ></form><br>

              </body>
              </html>
              [/php]

              Ronald :cool:

                Comment

                Previous template Next
                Working...