Jump to content


Photo

Script help...


  • Please log in to reply
21 replies to this topic

#1 somo

somo
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 02 July 2006 - 02:43 PM

I have created a php script that adds customers to a MySQL database but when the form is filled out and the data is posted to MySQL, i get the information entered in the fields sent to the database all in the correct way but i also get an empty record set.

Does any one know why this is happening? Is it the script not excuting correctly or an issue with MYSQL?

All help is appreciated (the code is below)

HTML FORM

<form name="formcheck" onsubmit="return formCheck(this);" action="insert_record.php" method="POST">

  <table>
      <tr>
        <td></td>
        <td>Please supply information about the customer in the fields below</td>
      </tr>

      <tr>
        <td>Title</td>
        <form>
        <td><select name=title>
        <option value=Mr>Mr
        <option value=Ms>Ms
        <option value=Miss>Miss
        <option value=Mrs>Mrs</td>
        </select>
        </form>
      </tr>

  <tr>
        <td>Firstname</td>
        <td><input type=text name=fname size=30 /></td>
      </tr>

      <tr>
        <td>Surname</td>
        <td><input type=text name=sname size=30 /></td>
      </tr>

      <tr>
        <td>Address #1</td>
        <td><input type=text name=add1 size=50 /></td
      </tr>
     
      <tr>
        <td>Address #2</td>
        <td><input type=text name=add2 size=50 /></td>
      </tr>

      <tr>
        <td>Address #3</td>
        <td><input type=text name=add3 size=50 /></td>
      </tr>

      <tr>
        <td>Town/City</td>
        <td><input type=text name=town size=40 /></td>
      </tr>

      <tr>
        <td>County</td>
        <td><input type=text name=county size=40 /></td>
      </tr>

      <tr>
        <td>Post Code</td>
        <td><input type=number name=pcode size=7 /></td>
      </tr>
     
      <tr>
        <td>Telephone
(Please include area code)</td>
        <td><input type=number name=tel size=11 /></td>
      </tr>
     
     
        <td>E-mail</td>
        <td><input type=text name=email size=50 /></td>
      </tr>
     
     
        <td>Username</td>
        <td><input type=text name=username size=30 /></td>
      </tr>

     
        <td>Password</td>
        <td><input type=password name=pass size=30 /></td>
      </tr>
     



<tr>
<td><input type=submit value=Submit></td>
<td><input type=reset></td>
</tr>
</form>
</td></tr></table>



SCRIPT TO ADD ENTERD DATA TO DATABASE
<?

$C_Title=$_POST['title'];
$C_Firstname=$_POST['fname'];
$C_Surname=$_POST['sname'];
$C_Address1=$_POST['add1'];
$C_Address2=$_POST['add2'];
$C_Address3=$_POST['add3'];
$C_TownCity=$_POST['town'];
$C_County=$_POST['county'];
$C_PostCode=$_POST['pcode'];
$C_Telephone=$_POST['tel'];
$C_Email=$_POST['email'];
$C_Username=$_POST['username'];
$C_Password=$_POST['pass'];

print($C_Title);
print($C_Firstname);
print($C_Surname);
print($C_Address1);
print($C_Address2);
print($C_Address3);
print($C_TownCity);
print($C_County);
print($C_PostCode);
print($C_Telephone);
print($C_Email);
print($C_Username);
print($C_Password);



$db="hotelBooking";
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");


mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
print "New Customer Record Added Sucessfully";
?>

#2 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 02 July 2006 - 02:55 PM

what varable name is not entering to the database fromthe insert properly


double quotes missing on all inputs example

correct way ok.

< input type="text" name="fname" >

select box correct way

<select name=" " >

<option value=" "> whaterver </option>

</select>

before database entrys stripslashes
example only.

$C_Firstname=stripslashes($_POST['fname']);


form valadation needed.

email valadation needed.

check for existing username and password if exist echo message nedded.

loots more good luck.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#3 somo

somo
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 02 July 2006 - 03:30 PM

what varable name is not entering to the database fromthe insert properly

The information is added to MYSQL fine the problem is there is an additional empty record set added at the same time.

so fo example customer id #1 will have the data entered BUT...

customer ID #2 there are just empty fields


DONE
double quotes missing on all inputs example

correct way ok.

< input type="text" name="fname" >

select box correct way

<select name=" " >

<option value=" "> whaterver </option>

</select>

before database entrys stripslashes
example only.
DONE
$C_Firstname=stripslashes($_POST['fname']);


form valadation needed.

email valadation needed.

check for existing username and password if exist echo message nedded.

loots more good luck.



#4 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 02 July 2006 - 04:27 PM

have a go.


if($_POST(['submit'])) {


insert code

}
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#5 somo

somo
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 02 July 2006 - 04:35 PM

have a go.


if($_POST(['submit'])) {


insert code

}

Now there is a parse error
Parse error: parse error, expecting `')''


#6 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 02 July 2006 - 04:44 PM

if($_POST['submit']){

}
sorry a sleep.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#7 somo

somo
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 02 July 2006 - 04:52 PM

if($_POST['submit']){

}
sorry a sleep.

Another error:
Notice: Undefined index: submit


#8 avo

avo
  • Members
  • PipPipPip
  • Advanced Member
  • 148 posts
  • Locationstaffordshire uk

Posted 02 July 2006 - 04:57 PM

HI where are you putting you if statement

is it

if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
}


Im loving it ........

#9 somo

somo
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 02 July 2006 - 05:07 PM

Still getting undefined index error as you have shown in the code below.

HI where are you putting you if statement

is it

if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
}



#10 avo

avo
  • Members
  • PipPipPip
  • Advanced Member
  • 148 posts
  • Locationstaffordshire uk

Posted 02 July 2006 - 05:12 PM

HI

try this

if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');
$select=mysql_select_db($db , $link) or die (mysql_error());
$result="INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')";
$query=mysql_query($result) or die (mysql_error());
mysql_close($link);
}


Im loving it ........

#11 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 02 July 2006 - 05:25 PM

what about this the worse code ever

if($_POST['$submit']){
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

$sql= "INSERT INTO customer VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password' ) or die("Error Inserting Customer Details: ".mysql_error());
mysql_close($link);

}
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#12 avo

avo
  • Members
  • PipPipPip
  • Advanced Member
  • 148 posts
  • Locationstaffordshire uk

Posted 02 July 2006 - 05:33 PM

Instead of ripping the guy why not just help him out !
i thought that what its all about HELP.

We all need it .
Im loving it ........

#13 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 02 July 2006 - 05:35 PM

whoa whoa whoa you guys are both making the problem worse. your solutions have nothing to do with the problem at hand.  Should he have stuff like form validation? YES, but that is NOT the problem!

okay one of you sort of mentioned the problem, but by accident i'm sure, as you were mentioning it along with your non-related solution. the problem is that the query is being executed twice: once when the page is loaded, and once when the form is submitted. there needs to be an if statement around the query to see if the form has been submitted or not.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#14 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 02 July 2006 - 05:37 PM

i thort there was mysql injection so i advised the if submit i am wrong then please exspain ok cheers.

the other surgestion were correct i hope cheers.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#15 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 02 July 2006 - 05:41 PM

the format should be like this:

<?php
  if ($_POST['submit']) {
     //do the insert stuff here
  } else {
    //display the form
    //in the form be sure to name your submit button 'submit'  
  }
?>

this is to make it work. I will agree that you should sanitize your user's input etc.. but that's not the question here.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#16 somo

somo
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 02 July 2006 - 05:59 PM

the problem lies in the  if statement "<?php
  if ($_POST['submit']) " php just doesn't like it wherever its placed.  had the original code working a while back and come back to it and an extra record set is being added and shouldn't i have got client side form validation but that ISN'T the issue. This is doing my head in  >:(

the format should be like this:

<?php
  if ($_POST['submit']) {
     //do the insert stuff here
  } else {
    //display the form
    //in the form be sure to name your submit button 'submit'  
  }
?>

this is to make it work. I will agree that you should sanitize your user's input etc.. but that's not the question here.



#17 xyn

xyn
  • Members
  • PipPipPip
  • Advanced Member
  • 779 posts
  • LocationNorthampton

Posted 02 July 2006 - 06:14 PM

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());


I'd suggest you where to use the $_GET[]; function such as:

<?PHP
$submit = $_GET['submit'];

if( !$submit ) {
echo ''; //Form here.
exit;

} elseif( $submit == true ){

//insert stuff here.

} else {
die("Error: You account submittion has failed");
}
?>

I also suggest you secure the Password field with the following phrase and everytime the password field need reading use this form:

md5($C_Password) + I would also suggest just using this sort of formatting instead of $C_Field. just use '".$_POST['name']."'.

Ie:
mysql_query("INSERT INTO customer ('".$_POST['title']."', C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, '".strtolower($_POST['username'])."', '".md5($_POST['password'])."') VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());


#18 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 02 July 2006 - 06:18 PM

i suggest you not use the GET method, as it sends all your data through your url.  You should never use the GET method if there is an alternative.  Also, that method won't work unless you change your form method from POST to GET.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#19 xyn

xyn
  • Members
  • PipPipPip
  • Advanced Member
  • 779 posts
  • LocationNorthampton

Posted 02 July 2006 - 06:20 PM

That get method works fine with me, especially on account creating methods. + wouldn't you agree on secure passwords iie some kind of encryption if not MD5? anyway. you've probably got a point.

#20 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 02 July 2006 - 06:23 PM

i agree that encrypting your password is a good idea. I also agree that using the GET method "works,"  but it is the least secure way of carrying information from one page to another, and therefore should not be used unless there is no other method.  About the only thing GET is really the only option for is creating dynamic links. And even then you have to do some heavy sanitizing.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users