By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,813 Members | 2,351 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,813 IT Pros & Developers. It's quick & easy.

PHP MySql Forms

P: n/a
I am new to mysql and php. I am trying to learn this in order to
implement a web based database to keep track of camera inventory along
with RMA and cost information. I am not sure what I am doing wrong
with this.

I am trying to set this up so that when someone hits submit it enters
the information into the database.

I would also like to find a way to get it to append the information as
well. I have no prior html, php, or mysql experience.

<?php
// database connection
mysql_connect("localhost", "username", "password") or
die(mysql_error());
mysql_select_db("cameradb") or die(mysql_error());

//$query definition
$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
CAM_Name, RMA_Number, RMA_Description,
RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, RMA_Cost)

VALUES
('$_post[SN]','$_post[MAC_Adress]',
'$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
'$_post[RMA_Number]', '$_post[RMA_Description]',
'$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
'$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',
'$_post[RMA_Cost]')";

{

?>
//form definition and assigning variables
<form action ="<?php mysql_query($query) ?>" method="post">
<p>Camera Serial Number: <input type="text" name="SN" /></p>
<p>Mac Adress: <input type="text" name="Mac_adress" /></p>
<p>Camera Types: <input type="text" name="cam_type" /></p>
<p>Camera Loacation: <input type="text" name="cam_location" /></p>
<p>Camera Name: <input type="text" name="cam_name" /></p>
<p>RMA Number: <input type="text" name="RMA_Number" /></p>
<p>RMA Description: <input type="text" name="RMA_Description" /></p>
<p>RMA Request Date: <input type="text" name="RMA_Req_date" /></p>
<p>RMA Recieve Date: <input type="text" name="RMA_Rec_date" /></p>
<p>RMA Ship Date: <input type="text" name="RMA_Ship_Date" /></p>
<p>RMA Return Date: <input type="text" name="RMA_Return_date" /></p>
<p>RMA Cost: <input type="text" name="RMA_Cost" /></p>
<p><input type="submit" /></p>
</form>

<?php
}

?>

May 14 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
sh**********@gmail.com wrote:
I am new to mysql and php. I am trying to learn this in order to
implement a web based database to keep track of camera inventory along
with RMA and cost information. I am not sure what I am doing wrong
with this.

I am trying to set this up so that when someone hits submit it enters
the information into the database.

I would also like to find a way to get it to append the information as
well. I have no prior html, php, or mysql experience.

<?php
// database connection
mysql_connect("localhost", "username", "password") or
die(mysql_error());
mysql_select_db("cameradb") or die(mysql_error());

//$query definition
$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
CAM_Name, RMA_Number, RMA_Description,
RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, RMA_Cost)

VALUES
('$_post[SN]','$_post[MAC_Adress]',
'$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
'$_post[RMA_Number]', '$_post[RMA_Description]',
'$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
'$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',
'$_post[RMA_Cost]')";

{

?>
//form definition and assigning variables
<form action ="<?php mysql_query($query) ?>" method="post">
<p>Camera Serial Number: <input type="text" name="SN" /></p>
<p>Mac Adress: <input type="text" name="Mac_adress" /></p>
<p>Camera Types: <input type="text" name="cam_type" /></p>
<p>Camera Loacation: <input type="text" name="cam_location" /></p>
<p>Camera Name: <input type="text" name="cam_name" /></p>
<p>RMA Number: <input type="text" name="RMA_Number" /></p>
<p>RMA Description: <input type="text" name="RMA_Description" /></p>
<p>RMA Request Date: <input type="text" name="RMA_Req_date" /></p>
<p>RMA Recieve Date: <input type="text" name="RMA_Rec_date" /></p>
<p>RMA Ship Date: <input type="text" name="RMA_Ship_Date" /></p>
<p>RMA Return Date: <input type="text" name="RMA_Return_date" /></p>
<p>RMA Cost: <input type="text" name="RMA_Cost" /></p>
<p><input type="submit" /></p>
</form>

<?php
}

?>
A couple of things.

First of all, it is $_POST, not $_post - case sensitive.

And you need to ALWAYS VALIDATE input from the user. Don't just
"assume" the data are correct.

Finally, all strings should be processed with mysql_real_escape_string()
before being inserted into the database - among other things it takes
care of apostrophes in the text - but also helps protect you if someone
tries some bad data (google for "SQL injection").

Something like:

$sn = $_POST['SN'];
.... validate here
$macaddr = $_post[MAC_Adress];
.... validate
(or get each one locally and validate it)

Finally,

$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, " .
"CAM_Location, CAM_Name, RMA_Number, RMA_Description, " .
"RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, " .
"RMA_Cost) " .
"VALUES ('" . mysql_real_escape_string($sn) . "', '" .
mysql_real_escape_string($macaddr) . "', '" .

etc.

If course there are other ways to handle the actual syntax - but you get
the idea.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
May 14 '07 #2

P: n/a
sh**********@gmail.com wrote:
//$query definition
$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
CAM_Name, RMA_Number, RMA_Description,
RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, RMA_Cost)

VALUES
('$_post[SN]','$_post[MAC_Adress]',
'$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
'$_post[RMA_Number]', '$_post[RMA_Description]',
'$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
'$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',
'$_post[RMA_Cost]')";
To begin with, variables are case-sensitive in PHP. That is, $_POST and
$_post are two very different things. Here you go:

function escaped_post ($key)
{
if (!isset($_POST[$key]))
return 'NULL';

if (is_numeric($_POST[$key]))
return $_POST[$key];

$value = $_POST[$key];
if (get_magic_quotes_gpc())
$value = stripslashes($value);
$value = mysql_real_escape_string($value);
return "'{$value}'";
}

$query = sprintf("INSERT INTO cameras (SN, MAC_Adress, CAM_Type, "
. "CAM_Location, CAM_Name, RMA_Number, "
. "RMA_Description, RMA_Req_Date, "
. "RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, "
. "RMA_Cost) "
. "VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s);",
escaped_post('SN'),
escaped_post('MAC_Adress'),
escaped_post('CAM_Type'),
escaped_post('CAM_Location'),
escaped_post('CAM_Name'),
escaped_post('RMA_Number'),
escaped_post('RMA_Description'),
escaped_post('RMA_Req_Date'),
escaped_post('RMA_Rec_Date'),
escaped_post('RMA_Ship_Date'),
escaped_post('RMA_Return_Date'),
escaped_post('RMA_Cost'));

--
Toby A Inkster BSc (Hons) ARCS
http://tobyinkster.co.uk/
Geek of ~ HTML/SQL/Perl/PHP/Python/Apache/Linux
May 14 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.