Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Adding info to mysql database via php?

Options
  • 03-02-2006 2:56pm
    #1
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭


    As stated, i'm trying to add data to a mysql database via a form.
    The html of the page is working fine, the form seems ok. but when i add data and click save it doesn't send it to the database, it just creates a new empty row on the table meant to display the data.

    I debugged the $SQL variable before the INSERT INTO statment and got this:

    [INSERT INTO tbl_service_request (servreq_name, servreq_machine, servreq_fault_desc, servreq_contact_det, servreq_date) VALUES ('', '', '', '', '')]

    So the values are being sent off empty...why?


Comments

  • Options
    #2
    TouchingVirus
    Registered Users Posts: 8,584 ✭✭✭TouchingVirus


    It is obvious your SQL query to insert data is incorrect.


    Post it up so we can have a look..


    To make 100% sure your form is passing data to the server you could try a print_R($_POST); which will print out everything that the form passes to the server :)


  • Options
    #3
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭Adam


    if($v==0){
    $SQL="INSERT INTO tbl_service_request (servreq_name, servreq_machine, servreq_fault_desc, servreq_contact_det, servreq_date) VALUES ('{$s}', '{$s}', '{$s}', '{$s}', '{$s}')";
    mysql_query($SQL) or die("Query failed : " . mysql_error());



    Its messy posting! :D


  • Options
    #4
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭Adam


    I ran that print_R and entered random 3 letter jobbies into the fields and it gave me this:

    Array ( [servreq_id] => [servreq_name] => asd [servreq_machine] => sdf [servreq_fault_desc] => dfg [servreq_contact_det] => fgh [servreq_date] => nbm )


  • Options
    #5
    TouchingVirus
    Registered Users Posts: 8,584 ✭✭✭TouchingVirus


    fade_to_grey wrote:
    if($v==0){
    $SQL="INSERT INTO tbl_service_request (servreq_name, servreq_machine, servreq_fault_desc, servreq_contact_det, servreq_date) VALUES ('{$s}', '{$s}', '{$s}', '{$s}', '{$s}')";
    mysql_query($SQL) or die("Query failed : " . mysql_error());



    Its messy posting! :D

    heh, what did you assign the $s variable to..

    When php parses a form, all data is thrown into the global variable $_POST.

    if you set $s = $_POST before your statements, then $s will become the array that holds the form data


    for example
    <form action="form.php">
Check here for the craic? <input type="checkbox" name="yesno" value="1" CHECKED>
<input type="hidden" name="do" value="dosomething">
<input type="submit" value="Submit form">
</form>

    form.php extract

    [php]
    // Print all form values received..

    print_R($_POST);

    // Do the form...
    if($_POST == 'dosomething')
    {
    $value = $_POST;

    $sql = "INSERT INTO table (id,craic_value) VALUES ('','$value');

    mysql_query($sql) or die("Query failed : " . mysql_error());
    }
    [/php]


  • Options
    #6
    TouchingVirus
    Registered Users Posts: 8,584 ✭✭✭TouchingVirus


    fade_to_grey wrote:
    I ran that print_R and entered random 3 letter jobbies into the fields and it gave me this:

    Array ( [servreq_id] => [servreq_name] => asd [servreq_machine] => sdf [servreq_fault_desc] => dfg [servreq_contact_det] => fgh [servreq_date] => nbm )

    Yes, so your html form is correct, they are the values you sent to the server when you clicked submit.

    Thing is, they are stored in $_POST, not $s...

    Try doing a print_R($s); and you will most likely see this
    Array ()

    To solve, you can either change $s[xxxx] to $_POST[xxxx] or you could type this above the insert. If your form sequence has multiple if statements for different scenario's of serverreq_id then it would be better to type the following line before the first if :)

    [php]
    $s = $_POST;
    [/php]


    Im also a little curious as to why you are basing the appropriate SQL statement on $v and not on $s ...this could prove a little hazardous if you dont know what you're at.. e.g.

    [php]
    if($v==0)
    {

    $SQL="INSERT INTO tbl_service_request (servreq_name, servreq_machine, servreq_fault_desc, servreq_contact_det, servreq_date) VALUES ('{$s}', '{$s}', '{$s}', '{$s}', '{$s}')";
    mysql_query($SQL) or die("Query failed : " . mysql_error());
    }
    else
    {
    $SQL="UPDATE tbl_service_request SET blah blah blah WHERE servreq_id=$v";
    mysql_query($SQL) or die("Query failed : " . mysql_error());
    }[/php]

    if $v is supposed to be the value in the form then this will never execute the else, since that is $s :)


  • Advertisement
  • Options
    #7
    Adam
    Closed Accounts Posts: 8,866 ✭✭✭Adam


    You sir, are a god :D


  • Options
    #8
    TouchingVirus
    Registered Users Posts: 8,584 ✭✭✭TouchingVirus


    fade_to_grey wrote:
    You sir, are a god :D

    ;) You're very welcome, re-read my above post to see the little bit of info i added to make sure you're on the right track :)


  • Options
    #9
    rsynnott
    Registered Users Posts: 4,003 ✭✭✭rsynnott


    TouchingVirus wrote:
    ...

    This is vulnerable to SQL Injection. Careful now!


  • Options
    #10
    Cake Fiend
    Registered Users Posts: 5,335 ✭✭✭Cake Fiend


    SQL harassment... panda!

    PeteySexualHarassmentPanda.gif


Advertisement