471,311 Members | 1,835 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,311 software developers and data experts.

PHP Form data database insert

I'm a newbie when it come to things php and i'm having a bit of trouble.

I'm trying to insert data from an html form into a mysql database and can't get it to work.

Just a few bits about my setup, i'm running an sql server locally, i've created the database, table and fields. I think what i'm missing is something that actually runs the sql query when i hit the submit button. Also, i'm aware i haven't made the data being inserted safe, i just wanted to get it working first.

Thanks in advance

$dbid = mysql_connect ('localhost');
mysql_select_db("addresses",$dbid) or die ("Cannot find database");
$query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES ('1 INT', $name text, $address text, $postcode text, $telephone int, $email text, $picture longblob)";
$result = mysql_query($query,$dbid);

$name = "($_REQUEST[name])";
$address = "($_REQUEST[address])";
$postcode = "($_REQUEST[postcode])";
$telephone = "($_REQUEST[telephone])";
$email = "($_REQUEST[email])";
$picture = "($_REQUEST[picture])";

<title>Data submission - db version</title?
<form enctype="multipart/form-data" method="post">
<input name="name" value="Name"><br />
<input name="address" value="Address"><br />
<input name="postcode" value="Postcode"><br />
<input name="telephone" value="Telephone"><br />
<input name="email" value="Email"><br />
Picture:<br><input type="file" name="picture" size"80" value="Image"><br />

<br><input type="submit" action="data_input.php"></form><br>

Mar 23 '07 #1
3 4426
4,258 Expert 4TB
Please read the Posting Guidelines before you post in this forum!.

Especially the part about enclosing code within code or php tags!!!

Mar 23 '07 #2
Please read the Posting Guidelines before you post in this forum!.

Especially the part about enclosing code within code or php tags!!!

Oo-er! Sorry about that, i'd edit it but it doesn't look like i can edit my post. If one of your moderators could edit it so that it conforms to your rules. I'm very sorry, i've just noticed the guidelines on the right hand side of my screen. I was in a bit of a rush to get a post up i didn't really pay much attention.

Mar 23 '07 #3
4,258 Expert 4TB
You have so many errors in your script that I cannot possibly show them all. A few of them are:

- what about the userid and password in your mysql_connect?
- the </title statement misses the &gt.
- miss the action in the <form> statement
- no action in the submit input stmt
- no enclosing quotation marks in the POST array assignments
- how to upload the picture??
- how do you know that the form is submitted?
- what are the data types doing in the insert statement values?
- etc.

Btw: your script is heaven for a hacker! You can specify anything and you store it unchecked and unvalidated in your db!

So, instead of addressing all errors, I show you the code that works somehow (but not for the image upload). You'll have to adapt this to your own requirement.
if (isset($_POST['submitted'])) {
$name = trim(strip_tags($_POST['name']));
$address = trim(strip_tags($_POST['address']));
$postcode = trim(strip_tags($_POST['postcode']));
$telephone = trim(strip_tags($_POST['telephone']));
$email = trim(strip_tags($_POST['email']));
$picture = trim(strip_tags($_POST['picture']));
$dbid = mysql_connect ('localhost', 'xxx', 'yyy');
or die ("Cannot find database");
$query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES (1, '$name', '$address', '$postcode', $telephone, '$email' , '$picture')";
$result = mysql_query($query,$dbid)
or die("INSERT error:".mysql_error());
echo 'Row inserted';

<title>Data submission - db version</title>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Name: <input name="name" /><br />
Address: <input name="address" /><br />
Postcode: <input name="postcode" /><br />
Telno: <input name="telephone" /><br />
Email: <input name="email" /><br />
Picture:<br><input type="file" name="picture" size"80" /><br />

<br><input type="submit" name="submitted" value="Submit" ></form><br>


Ronald :cool:
Mar 23 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

12 posts views Thread by Pete..... | last post: by
13 posts views Thread by Schoo | last post: by
4 posts views Thread by marek zegarek | last post: by
1 post views Thread by fugaki | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.