By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,244 Members | 1,772 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,244 IT Pros & Developers. It's quick & easy.

PHP Form data database insert

P: 12
I'm a newbie when it come to things php and i'm having a bit of trouble.

I'm trying to insert data from an html form into a mysql database and can't get it to work.

Just a few bits about my setup, i'm running an sql server locally, i've created the database, table and fields. I think what i'm missing is something that actually runs the sql query when i hit the submit button. Also, i'm aware i haven't made the data being inserted safe, i just wanted to get it working first.

Thanks in advance

[php]
<?php
$dbid = mysql_connect ('localhost');
mysql_select_db("addresses",$dbid) or die ("Cannot find database");
$query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES ('1 INT', $name text, $address text, $postcode text, $telephone int, $email text, $picture longblob)";
$result = mysql_query($query,$dbid);

$name = "($_REQUEST[name])";
$address = "($_REQUEST[address])";
$postcode = "($_REQUEST[postcode])";
$telephone = "($_REQUEST[telephone])";
$email = "($_REQUEST[email])";
$picture = "($_REQUEST[picture])";
}
?>

<html>
<head>
<title>Data submission - db version</title?
</head>
<body>
<form enctype="multipart/form-data" method="post">
<br>
<input name="name" value="Name"><br />
<input name="address" value="Address"><br />
<input name="postcode" value="Postcode"><br />
<input name="telephone" value="Telephone"><br />
<input name="email" value="Email"><br />
Picture:<br><input type="file" name="picture" size"80" value="Image"><br />

<br><input type="submit" action="data_input.php"></form><br>

</body>
</html>
[/php]
Mar 23 '07 #1
Share this Question
Share on Google+
3 Replies


ronverdonk
Expert 2.5K+
P: 4,258
Please read the Posting Guidelines before you post in this forum!.

Especially the part about enclosing code within code or php tags!!!


moderator
Mar 23 '07 #2

P: 12
Please read the Posting Guidelines before you post in this forum!.

Especially the part about enclosing code within code or php tags!!!


moderator
Oo-er! Sorry about that, i'd edit it but it doesn't look like i can edit my post. If one of your moderators could edit it so that it conforms to your rules. I'm very sorry, i've just noticed the guidelines on the right hand side of my screen. I was in a bit of a rush to get a post up i didn't really pay much attention.

Sorry
Mar 23 '07 #3

ronverdonk
Expert 2.5K+
P: 4,258
You have so many errors in your script that I cannot possibly show them all. A few of them are:

- what about the userid and password in your mysql_connect?
- the </title statement misses the &gt.
- miss the action in the <form> statement
- no action in the submit input stmt
- no enclosing quotation marks in the POST array assignments
- how to upload the picture??
- how do you know that the form is submitted?
- what are the data types doing in the insert statement values?
- etc.

Btw: your script is heaven for a hacker! You can specify anything and you store it unchecked and unvalidated in your db!

So, instead of addressing all errors, I show you the code that works somehow (but not for the image upload). You'll have to adapt this to your own requirement.
[php]
<?php
if (isset($_POST['submitted'])) {
$name = trim(strip_tags($_POST['name']));
$address = trim(strip_tags($_POST['address']));
$postcode = trim(strip_tags($_POST['postcode']));
$telephone = trim(strip_tags($_POST['telephone']));
$email = trim(strip_tags($_POST['email']));
$picture = trim(strip_tags($_POST['picture']));
$dbid = mysql_connect ('localhost', 'xxx', 'yyy');
mysql_select_db("vwso",$dbid)
or die ("Cannot find database");
$query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES (1, '$name', '$address', '$postcode', $telephone, '$email' , '$picture')";
$result = mysql_query($query,$dbid)
or die("INSERT error:".mysql_error());
echo 'Row inserted';
exit;
}
?>

<html>
<head>
<title>Data submission - db version</title>
</head>
<body>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Name: <input name="name" /><br />
Address: <input name="address" /><br />
Postcode: <input name="postcode" /><br />
Telno: <input name="telephone" /><br />
Email: <input name="email" /><br />
Picture:<br><input type="file" name="picture" size"80" /><br />

<br><input type="submit" name="submitted" value="Submit" ></form><br>

</body>
</html>
[/php]

Ronald :cool:
Mar 23 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.