problem occured while inserting records from form into database

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • puneetmca
    New Member
    • Jan 2010
    • 15
    #1

    problem occured while inserting records from form into database

    hi
    i m facing problem while m trying to insert a record from form into database..the empty records will be inserted.values are not inserted in it....no error is shown..
    here is the html coding.......
    Code:
    <body>
 <form method="POST" action="p.php">
Firstname: <input type="text" name="FirstName" size="30" /><BR>  <BR>
<INPUT NAME="enter" TYPE="submit" VALUE="Enter">
</form>
 </body>
    here is the php coding.......

    Code:
    <?php
error_reporting(5);
$con = mysql_connect("localhost","root","root");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("mydb", $con);
$sql="INSERT INTO stuinfo (FirstName) VALUES('$FirstName')";

if (!mysql_query($sql,$con))
{
die ('Error: '.mysql_error());
echo "Error in Record Submission";
}
echo "New Record Added ";
mysql_close($con) ;

?>
    Last edited by Atli; Jan 22 '10, 08:28 AM. Reason: Added [code] tags.
    Tags: None
    • Atli
      Recognized Expert Expert
      • Nov 2006
      • 5062
      #2
      Hey.

      To get a value from a HTML form, we use the $_GET or $_POST arrays, depending on what you set your form's method attribute. - So in your case, you would use the $_POST array.
      [code=php]
      $value = $_POST['value'];
      echo "Your value is: $value";
      [/code]
      In old versions of PHP you could have just used $value directly, without having to use $_POST, but for security reasons that functionality has been removed. (See Using Register Globals)


      Also, be careful about using user input in your queries. If you just put it right into the query, you open yourself up for an SQL Injection attack.
      You should always run user input though mysql_real_esca pe_string before putting it into a query.
      [code=php]
      <?php
      $value = mysql_real_esca pe_string($_POS T['value']);
      $sql = "INSERT INTO `tbl`(`value`) VALUES('$value' )";
      $result = mysql_query($sq l) or die(mysql_error ());
      ?>
      [/code]

        Comment

        Previous template Next
        Working...