Script help...

[somo]

I have created a php script that adds customers to a MySQL database but when the form is filled out and the data is posted to MySQL, i get the information entered in the fields sent to the database all in the correct way but i also get an empty record set.

Does any one know why this is happening? Is it the script not excuting correctly or an issue with MYSQL?

All help is appreciated (the code is below)

HTML FORM

<form name="formcheck" onsubmit="return formCheck(this);" action="insert_record.php" method="POST">

  <table>
      <tr>
        <td></td>
        <td>Please supply information about the customer in the fields below</td>
      </tr>

      <tr>
        <td>Title</td>
        <form>
        <td><select name=title>
        <option value=Mr>Mr
        <option value=Ms>Ms
        <option value=Miss>Miss
        <option value=Mrs>Mrs</td>
        </select>
        </form>
      </tr>

  <tr>
        <td>Firstname</td>
        <td><input type=text name=fname size=30 /></td>
      </tr>

      <tr>
        <td>Surname</td>
        <td><input type=text name=sname size=30 /></td>
      </tr>

      <tr>
        <td>Address #1</td>
        <td><input type=text name=add1 size=50 /></td
      </tr>
     
      <tr>
        <td>Address #2</td>
        <td><input type=text name=add2 size=50 /></td>
      </tr>

      <tr>
        <td>Address #3</td>
        <td><input type=text name=add3 size=50 /></td>
      </tr>

      <tr>
        <td>Town/City</td>
        <td><input type=text name=town size=40 /></td>
      </tr>

      <tr>
        <td>County</td>
        <td><input type=text name=county size=40 /></td>
      </tr>

      <tr>
        <td>Post Code</td>
        <td><input type=number name=pcode size=7 /></td>
      </tr>
     
      <tr>
        <td>Telephone
(Please include area code)</td>
        <td><input type=number name=tel size=11 /></td>
      </tr>
     
     
        <td>E-mail</td>
        <td><input type=text name=email size=50 /></td>
      </tr>
     
     
        <td>Username</td>
        <td><input type=text name=username size=30 /></td>
      </tr>

     
        <td>Password</td>
        <td><input type=password name=pass size=30 /></td>
      </tr>
     



<tr>
<td><input type=submit value=Submit></td>
<td><input type=reset></td>
</tr>
</form>
</td></tr></table>



SCRIPT TO ADD ENTERD DATA TO DATABASE
<?

$C_Title=$_POST['title'];
$C_Firstname=$_POST['fname'];
$C_Surname=$_POST['sname'];
$C_Address1=$_POST['add1'];
$C_Address2=$_POST['add2'];
$C_Address3=$_POST['add3'];
$C_TownCity=$_POST['town'];
$C_County=$_POST['county'];
$C_PostCode=$_POST['pcode'];
$C_Telephone=$_POST['tel'];
$C_Email=$_POST['email'];
$C_Username=$_POST['username'];
$C_Password=$_POST['pass'];

print($C_Title);
print($C_Firstname);
print($C_Surname);
print($C_Address1);
print($C_Address2);
print($C_Address3);
print($C_TownCity);
print($C_County);
print($C_PostCode);
print($C_Telephone);
print($C_Email);
print($C_Username);
print($C_Password);



$db="hotelBooking";
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");


mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
print "New Customer Record Added Sucessfully";
?>

[redarrow]

what varable name is not entering to the database fromthe insert properly


double quotes missing on all inputs example

correct way ok.

< input type="text" name="fname" >

select box correct way

<select name=" " >

<option value=" "> whaterver </option>

</select>

before database entrys stripslashes
example only.

$C_Firstname=stripslashes($_POST['fname']);


form valadation needed.

email valadation needed.

check for existing username and password if exist echo message nedded.

loots more good luck.

[somo]

[quote author=redarrow link=topic=99191.msg390493#msg390493 date=1151852108]
what varable name is not entering to the database fromthe insert properly

[color=red]The information is added to MYSQL fine the problem is there is an additional empty record set added at the same time.

so fo example customer id #1 will have the data entered BUT...

customer ID #2 there are just empty fields
[/color]

[color=red]DONE[/color]
double quotes missing on all inputs example

correct way ok.

< input type="text" name="fname" >

select box correct way

<select name=" " >

<option value=" "> whaterver </option>

</select>

before database entrys stripslashes
example only.
[color=red]DONE[/color]
$C_Firstname=stripslashes($_POST['fname']);


form valadation needed.

email valadation needed.

check for existing username and password if exist echo message nedded.

loots more good luck.
[/quote]

[redarrow]

have a go.


if($_POST(['submit'])) {


insert code

}

[somo]

[quote author=redarrow link=topic=99191.msg390525#msg390525 date=1151857629]
have a go.


if($_POST(['submit'])) {


insert code

}
[/quote]
[color=red]Now there is a parse error
Parse error: parse error, expecting `')'' [/color]

[redarrow]

if($_POST['submit']){

}
sorry a sleep.

[somo]

[quote author=redarrow link=topic=99191.msg390535#msg390535 date=1151858658]
if($_POST['submit']){

}
sorry a sleep.
[/quote]
[color=red]Another error:
Notice: Undefined index: submit[/color]

[avo]

HI where are you putting you if statement

is it [quote]
if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
}
[/quote]

[somo]

Still getting undefined index error as you have shown in the code below.

[quote author=avo link=topic=99191.msg390546#msg390546 date=1151859467]
HI where are you putting you if statement

is it [quote]
if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
}
[/quote]
[/quote]

[avo]

HI

try this

[quote]
if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');
$select=mysql_select_db($db , $link) or die (mysql_error());
$result="INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')";
$query=mysql_query($result) or die (mysql_error());
mysql_close($link);
}[/quote]

[redarrow]

what about this the worse code ever

if($_POST['$submit']){
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

$sql= "INSERT INTO customer VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password' ) or die("Error Inserting Customer Details: ".mysql_error());
mysql_close($link);

}

[avo]

Instead of ripping the guy why not just help him out !
i thought that what its all about HELP.

We all need it .

[.josh]

whoa whoa whoa you guys are both making the problem worse. your solutions have nothing to do with the problem at hand.  Should he have stuff like form validation? YES, but that is NOT the problem!

okay one of you sort of mentioned the problem, but by accident i'm sure, as you were mentioning it along with your non-related solution. the problem is that the query is being executed twice: once when the page is loaded, and once when the form is submitted. there needs to be an if statement around the query to see if the form has been submitted or not.

[redarrow]

i thort there was mysql injection so i advised the if submit i am wrong then please exspain ok cheers.

the other surgestion were correct i hope cheers.

[.josh]

the format should be like this:

[code]
<?php
  if ($_POST['submit']) {
    //do the insert stuff here
  } else {
    //display the form
    //in the form be sure to name your submit button 'submit' 
  }
?>
[/code]

this is to make it work. I will agree that you should sanitize your user's input etc.. but that's not the question here.

[somo]

the problem lies in the  if statement "<?php
  if ($_POST['submit']) " php just doesn't like it wherever its placed.  had the original code working a while back and come back to it and an extra record set is being added and shouldn't i have got client side form validation but that ISN'T the issue. This is doing my head in  >:(

[quote author=Crayon Violent link=topic=99191.msg390581#msg390581 date=1151862097]
the format should be like this:

[code]
<?php
  if ($_POST['submit']) {
    //do the insert stuff here
  } else {
    //display the form
    //in the form be sure to name your submit button 'submit' 
  }
?>
[/code]

this is to make it work. I will agree that you should sanitize your user's input etc.. but that's not the question here.
[/quote]

[xyn]

[quote]mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());[/quote]

I'd suggest you where to use the $_GET[]; function such as:

[code=php:0]<?PHP
$submit = $_GET['submit'];

if( !$submit ) {
echo ''; //Form here.
exit;

} elseif( $submit == true ){

//insert stuff here.

} else {
die("Error: You account submittion has failed");
}
?>[/code]

I also suggest you secure the Password field with the following phrase and everytime the password field need reading use this form:

md5($C_Password) + I would also suggest just using this sort of formatting instead of $C_Field. just use '".$_POST['name']."'.

Ie:
[code=php:0]mysql_query("INSERT INTO customer ('".$_POST['title']."', C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, '".strtolower($_POST['username'])."', '".md5($_POST['password'])."') VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());[/code]

[.josh]

i suggest you not use the GET method, as it sends all your data through your url.  You should never use the GET method if there is an alternative.  Also, that method won't work unless you change your form method from POST to GET.

[xyn]

That get method works fine with me, especially on account creating methods. + wouldn't you agree on secure passwords iie some kind of encryption if not MD5? anyway. you've probably got a point.

[.josh]

i agree that encrypting your password is a good idea. I also agree that using the GET method "works,"  but it is the least secure way of carrying information from one page to another, and therefore should not be used unless there is no other method.  About the only thing GET is really the only option for is creating dynamic links. And even then you have to do some heavy sanitizing.

[somo]

i understand what everyone is sayin... but how can the script go from working fine then when i come to it next its adding an extra record set. still havent got it working gtg to work in a mo so will see what others think and try again in the morning. cheers.

[somo]

;D ;D ;D  FOUND THE ISSUE WITH THE EXTRA RECORD!! SSI - IM USING INCLUDES IN THE SITE IM CREATING AND JUST USING THE FORM (WITHOUT THE INCLUDES) AND SUBMITTING THE PAGE; THE PROBLEM HAS BEEN RESOLVED.

DONT KNOW WHY BUT THE INCLUDES HAVE BEEN CAUSING THE EXTRA RECORD SET!

THANKS FOR EVERYONES INPUT, CHEERS!!!  ;)