PHP MySql Forms

**Jerry Stuckle** · May 14 '07, 09:15 PM

Re: PHP MySql Forms

shaggynuts24@gm ail.com wrote:

I am new to mysql and php. I am trying to learn this in order to
implement a web based database to keep track of camera inventory along
with RMA and cost information. I am not sure what I am doing wrong
with this.
>
I am trying to set this up so that when someone hits submit it enters
the information into the database.
>
I would also like to find a way to get it to append the information as
well. I have no prior html, php, or mysql experience.
>
<?php
// database connection
mysql_connect(" localhost", "username", "password") or
die(mysql_error ());
mysql_select_db ("cameradb") or die(mysql_error ());
>
//$query definition
$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
CAM_Name, RMA_Number, RMA_Description ,
RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date , RMA_Cost)
>
VALUES
('$_post[SN]','$_post[MAC_Adress]',
'$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
'$_post[RMA_Number]', '$_post[RMA_Description]',
'$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
'$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',
'$_post[RMA_Cost]')";
>
{
>
?>
//form definition and assigning variables
<form action ="<?php mysql_query($qu ery) ?>" method="post">
<p>Camera Serial Number: <input type="text" name="SN" /></p>
<p>Mac Adress: <input type="text" name="Mac_adres s" /></p>
<p>Camera Types: <input type="text" name="cam_type" /></p>
<p>Camera Loacation: <input type="text" name="cam_locat ion" /></p>
<p>Camera Name: <input type="text" name="cam_name" /></p>
<p>RMA Number: <input type="text" name="RMA_Numbe r" /></p>
<p>RMA Description: <input type="text" name="RMA_Descr iption" /></p>
<p>RMA Request Date: <input type="text" name="RMA_Req_d ate" /></p>
<p>RMA Recieve Date: <input type="text" name="RMA_Rec_d ate" /></p>
<p>RMA Ship Date: <input type="text" name="RMA_Ship_ Date" /></p>
<p>RMA Return Date: <input type="text" name="RMA_Retur n_date" /></p>
<p>RMA Cost: <input type="text" name="RMA_Cost" /></p>
<p><input type="submit" /></p>
</form>
>
<?php
}
>
?>
>

A couple of things.

First of all, it is $_POST, not $_post - case sensitive.

And you need to ALWAYS VALIDATE input from the user. Don't just
"assume" the data are correct.

Finally, all strings should be processed with mysql_real_esca pe_string()
before being inserted into the database - among other things it takes
care of apostrophes in the text - but also helps protect you if someone
tries some bad data (google for "SQL injection").

Something like:

$sn = $_POST['SN'];
.... validate here
$macaddr = $_post[MAC_Adress];
.... validate
(or get each one locally and validate it)

Finally,

$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, " .
"CAM_Locati on, CAM_Name, RMA_Number, RMA_Description , " .
"RMA_Req_Da te, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date , " .
"RMA_Cost) " .
"VALUES ('" . mysql_real_esca pe_string($sn) . "', '" .
mysql_real_esca pe_string($maca ddr) . "', '" .

etc.

If course there are other ways to handle the actual syntax - but you get
the idea.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Toby A Inkster** · May 14 '07, 10:05 PM

Re: PHP MySql Forms

shaggynuts24@gm ail.com wrote:

//$query definition
$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
CAM_Name, RMA_Number, RMA_Description ,
RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date , RMA_Cost)
>
VALUES
('$_post[SN]','$_post[MAC_Adress]',
'$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
'$_post[RMA_Number]', '$_post[RMA_Description]',
'$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
'$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',
'$_post[RMA_Cost]')";

To begin with, variables are case-sensitive in PHP. That is, $_POST and
$_post are two very different things. Here you go:

function escaped_post ($key)
{
if (!isset($_POST[$key]))
return 'NULL';

if (is_numeric($_P OST[$key]))
return $_POST[$key];

$value = $_POST[$key];
if (get_magic_quot es_gpc())
$value = stripslashes($v alue);
$value = mysql_real_esca pe_string($valu e);
return "'{$value}' ";
}

$query = sprintf("INSERT INTO cameras (SN, MAC_Adress, CAM_Type, "
. "CAM_Locati on, CAM_Name, RMA_Number, "
. "RMA_Descriptio n, RMA_Req_Date, "
. "RMA_Rec_Da te, RMA_Ship_Date, RMA_Return_Date , "
. "RMA_Cost) "
. "VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s);",
escaped_post('S N'),
escaped_post('M AC_Adress'),
escaped_post('C AM_Type'),
escaped_post('C AM_Location'),
escaped_post('C AM_Name'),
escaped_post('R MA_Number'),
escaped_post('R MA_Description' ),
escaped_post('R MA_Req_Date'),
escaped_post('R MA_Rec_Date'),
escaped_post('R MA_Ship_Date'),
escaped_post('R MA_Return_Date' ),
escaped_post('R MA_Cost'));

--
Toby A Inkster BSc (Hons) ARCS

Fast Withdrawal Casino UK 2025 – Online Casinos for Instant Payouts

http://tobyinkster.co.uk/

Fast withdrawal casino UK 2025 – Play now & cash out instantly! Discover the top sites for rapid, secure payouts with no delays.

Geek of ~ HTML/SQL/Perl/PHP/Python/Apache/Linux

PHP MySql Forms

PHP MySql Forms

Comment

Comment