Jump to content

Script help...


somo

Recommended Posts

I have created a php script that adds customers to a MySQL database but when the form is filled out and the data is posted to MySQL, i get the information entered in the fields sent to the database all in the correct way but i also get an empty record set.

Does any one know why this is happening? Is it the script not excuting correctly or an issue with MYSQL?

All help is appreciated (the code is below)

HTML FORM

<form name="formcheck" onsubmit="return formCheck(this);" action="insert_record.php" method="POST">

  <table>
      <tr>
        <td></td>
        <td>Please supply information about the customer in the fields below</td>
      </tr>

      <tr>
        <td>Title</td>
        <form>
        <td><select name=title>
        <option value=Mr>Mr
        <option value=Ms>Ms
        <option value=Miss>Miss
        <option value=Mrs>Mrs</td>
        </select>
        </form>
      </tr>

  <tr>
        <td>Firstname</td>
        <td><input type=text name=fname size=30 /></td>
      </tr>

      <tr>
        <td>Surname</td>
        <td><input type=text name=sname size=30 /></td>
      </tr>

      <tr>
        <td>Address #1</td>
        <td><input type=text name=add1 size=50 /></td
      </tr>
     
      <tr>
        <td>Address #2</td>
        <td><input type=text name=add2 size=50 /></td>
      </tr>

      <tr>
        <td>Address #3</td>
        <td><input type=text name=add3 size=50 /></td>
      </tr>

      <tr>
        <td>Town/City</td>
        <td><input type=text name=town size=40 /></td>
      </tr>

      <tr>
        <td>County</td>
        <td><input type=text name=county size=40 /></td>
      </tr>

      <tr>
        <td>Post Code</td>
        <td><input type=number name=pcode size=7 /></td>
      </tr>
     
      <tr>
        <td>Telephone
(Please include area code)</td>
        <td><input type=number name=tel size=11 /></td>
      </tr>
     
     
        <td>E-mail</td>
        <td><input type=text name=email size=50 /></td>
      </tr>
     
     
        <td>Username</td>
        <td><input type=text name=username size=30 /></td>
      </tr>

     
        <td>Password</td>
        <td><input type=password name=pass size=30 /></td>
      </tr>
     



<tr>
<td><input type=submit value=Submit></td>
<td><input type=reset></td>
</tr>
</form>
</td></tr></table>



SCRIPT TO ADD ENTERD DATA TO DATABASE
<?

$C_Title=$_POST['title'];
$C_Firstname=$_POST['fname'];
$C_Surname=$_POST['sname'];
$C_Address1=$_POST['add1'];
$C_Address2=$_POST['add2'];
$C_Address3=$_POST['add3'];
$C_TownCity=$_POST['town'];
$C_County=$_POST['county'];
$C_PostCode=$_POST['pcode'];
$C_Telephone=$_POST['tel'];
$C_Email=$_POST['email'];
$C_Username=$_POST['username'];
$C_Password=$_POST['pass'];

print($C_Title);
print($C_Firstname);
print($C_Surname);
print($C_Address1);
print($C_Address2);
print($C_Address3);
print($C_TownCity);
print($C_County);
print($C_PostCode);
print($C_Telephone);
print($C_Email);
print($C_Username);
print($C_Password);



$db="hotelBooking";
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");


mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
print "New Customer Record Added Sucessfully";
?>
Link to comment
Share on other sites

what varable name is not entering to the database fromthe insert properly


double quotes missing on all inputs example

correct way ok.

< input type="text" name="fname" >

select box correct way

<select name=" " >

<option value=" "> whaterver </option>

</select>

before database entrys stripslashes
example only.

$C_Firstname=stripslashes($_POST['fname']);


form valadation needed.

email valadation needed.

check for existing username and password if exist echo message nedded.

loots more good luck.
Link to comment
Share on other sites

[quote author=redarrow link=topic=99191.msg390493#msg390493 date=1151852108]
what varable name is not entering to the database fromthe insert properly

[color=red]The information is added to MYSQL fine the problem is there is an additional empty record set added at the same time.

so fo example customer id #1 will have the data entered BUT...

customer ID #2 there are just empty fields
[/color]

[color=red]DONE[/color]
double quotes missing on all inputs example

correct way ok.

< input type="text" name="fname" >

select box correct way

<select name=" " >

<option value=" "> whaterver </option>

</select>

before database entrys stripslashes
example only.
[color=red]DONE[/color]
$C_Firstname=stripslashes($_POST['fname']);


form valadation needed.

email valadation needed.

check for existing username and password if exist echo message nedded.

loots more good luck.
[/quote]
Link to comment
Share on other sites

[quote author=redarrow link=topic=99191.msg390525#msg390525 date=1151857629]
have a go.


if($_POST(['submit'])) {


insert code

}
[/quote]
[color=red]Now there is a parse error
Parse error: parse error, expecting `')'' [/color]
Link to comment
Share on other sites

HI where are you putting you if statement

is it [quote]
if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
}
[/quote]
Link to comment
Share on other sites

Still getting undefined index error as you have shown in the code below.

[quote author=avo link=topic=99191.msg390546#msg390546 date=1151859467]
HI where are you putting you if statement

is it [quote]
if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());

mysql_close($link);
}
[/quote]
[/quote]
Link to comment
Share on other sites

HI

try this

[quote]
if ($_POST['submit'])
{
$link = mysql_connect('localhost', 'root', '');
$select=mysql_select_db($db , $link) or die (mysql_error());
$result="INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')";
$query=mysql_query($result) or die (mysql_error());
mysql_close($link);
}[/quote]
Link to comment
Share on other sites

what about this the worse code ever

if($_POST['$submit']){
$link = mysql_connect('localhost', 'root', '');

if (! $link)
die("Could not connect to MySQL");

mysql_select_db($db , $link) or die("Could not select the database: ".mysql_error());

$sql= "INSERT INTO customer VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password' ) or die("Error Inserting Customer Details: ".mysql_error());
mysql_close($link);

}
Link to comment
Share on other sites

whoa whoa whoa you guys are both making the problem worse. your solutions have nothing to do with the problem at hand.  Should he have stuff like form validation? YES, but that is NOT the problem!

okay one of you sort of mentioned the problem, but by accident i'm sure, as you were mentioning it along with your non-related solution. the problem is that the query is being executed twice: once when the page is loaded, and once when the form is submitted. there needs to be an if statement around the query to see if the form has been submitted or not.
Link to comment
Share on other sites

the format should be like this:

[code]
<?php
  if ($_POST['submit']) {
    //do the insert stuff here
  } else {
    //display the form
    //in the form be sure to name your submit button 'submit' 
  }
?>
[/code]

this is to make it work. I will agree that you should sanitize your user's input etc.. but that's not the question here.
Link to comment
Share on other sites

the problem lies in the  if statement "<?php
  if ($_POST['submit']) " php just doesn't like it wherever its placed.  had the original code working a while back and come back to it and an extra record set is being added and shouldn't i have got client side form validation but that ISN'T the issue. This is doing my head in  >:(

[quote author=Crayon Violent link=topic=99191.msg390581#msg390581 date=1151862097]
the format should be like this:

[code]
<?php
  if ($_POST['submit']) {
    //do the insert stuff here
  } else {
    //display the form
    //in the form be sure to name your submit button 'submit' 
  }
?>
[/code]

this is to make it work. I will agree that you should sanitize your user's input etc.. but that's not the question here.
[/quote]
Link to comment
Share on other sites

[quote]mysql_query("INSERT INTO customer (C_Title, C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, C_Username, C_Password) VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());[/quote]

I'd suggest you where to use the $_GET[]; function such as:

[code=php:0]<?PHP
$submit = $_GET['submit'];

if( !$submit ) {
echo ''; //Form here.
exit;

} elseif( $submit == true ){

//insert stuff here.

} else {
die("Error: You account submittion has failed");
}
?>[/code]

I also suggest you secure the Password field with the following phrase and everytime the password field need reading use this form:

md5($C_Password) + I would also suggest just using this sort of formatting instead of $C_Field. just use '".$_POST['name']."'.

Ie:
[code=php:0]mysql_query("INSERT INTO customer ('".$_POST['title']."', C_Firstname, C_Surname, C_Address1, C_Address2, C_Address3, C_TownCity, C_County, C_PostCode, C_Telephone, C_Email, '".strtolower($_POST['username'])."', '".md5($_POST['password'])."') VALUES ('$C_Title', '$C_Firstname', '$C_Surname', '$C_Address1', '$C_Address2', '$C_Address3', '$C_TownCity', '$C_County', '$C_PostCode', '$C_Telephone', '$C_Email', '$C_Username', '$C_Password')")or die("Error Inserting Customer Details: ".mysql_error());[/code]
Link to comment
Share on other sites

That get method works fine with me, especially on account creating methods. + wouldn't you agree on secure passwords iie some kind of encryption if not MD5? anyway. you've probably got a point.
Link to comment
Share on other sites

i agree that encrypting your password is a good idea. I also agree that using the GET method "works,"  but it is the least secure way of carrying information from one page to another, and therefore should not be used unless there is no other method.  About the only thing GET is really the only option for is creating dynamic links. And even then you have to do some heavy sanitizing.
Link to comment
Share on other sites

i understand what everyone is sayin... but how can the script go from working fine then when i come to it next its adding an extra record set. still havent got it working gtg to work in a mo so will see what others think and try again in the morning. cheers.
Link to comment
Share on other sites

;D ;D ;D  FOUND THE ISSUE WITH THE EXTRA RECORD!! SSI - IM USING INCLUDES IN THE SITE IM CREATING AND JUST USING THE FORM (WITHOUT THE INCLUDES) AND SUBMITTING THE PAGE; THE PROBLEM HAS BEEN RESOLVED.

DONT KNOW WHY BUT THE INCLUDES HAVE BEEN CAUSING THE EXTRA RECORD SET!

THANKS FOR EVERYONES INPUT, CHEERS!!!  ;)
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.