Im having trouble using superglobals with mysql query

[Imothep]

Hello guys.. im kinda n00bish when it comes to PHP so i hope you can help me. Basically what im trying to do is to tell mysql to insert information into the database which the user inputs through a HTML form.

I tried coding this but it is not entered into the database. Also i tried to echo the mysql_query string, but nothing seems to be inserted into the variable $sql.
Any help would be greatly appriciated.

[b]CODE1[/b]

$sql=mysql_query("INSERT INTO `larf_users` (`firstname`, `surname`, `email`, `landphone`, `mobilephone`, `postalcode`)
VALUES
('$_POST[firstname]' , '$_POST[surname]', '$_POST[email]', '$_POST[landphone] ', '$_POST[mobilphone] ', '$_POST[postalcode]')" );


[b]CODE2[/b]

mysql_query("INSERT INTO `larf_users` (`firstname`, `surname`, `email`, `landphone`, `mobilephone`, `postalcode`)
VALUES
('" .$_POST['firstname']."', '".$_POST['surname']."', '" .$_POST['email']."', '" .$_POST['landphone']. "', '" .$_POST['mobilephone']."', '" .$_POST['postalcode']."')");


It is probably just a shabby code error somewhere.. Also can you try and give me some advice on how to make my code cleaner ?

Thank you very much

Fredrik Christensen
Ip Generation Ltd

[hvle]

super globals are just array and you will need to wrap {} around it.

[code]
$sql = "INSERT INTO `larf_users` (`firstname`, `surname`, `email`, `landphone`, `mobilephone`, `postalcode`)
        VALUES (
        '{$_POST['firstname']}',
        '{$_POST['surname']}',
        '{$_POST['email']}',
        '{$_POST['landphone']}',
        '{$_POST['mobilphone']}',
        '{$_POST['postalcode']}')";
       
    mysql_query($sql);
[/code]

[kenrbnsn]

First, make sure the script is recieving the $_POST values, put this at the start of your script:
[code]<?php if (isset($_POST)) echo '<pre>' . print_r($_POST,true) . '</pre>'; ?>[/code]
Then, you could use the alternative syntax for the insert "insert into tablename set field='value'" and use PHP to create the query:
[code]<?php
$qtmp = array();
foreach ($_POST as $key=>$value)
      switch ($key) {
          case 'firstname':
          case 'surname':
          case 'email':
          case 'landphone':
          case 'mobilphone':
          case 'postalcode':
                $qtmp[] = $key . " = '" . mysql_real_escape_string(trim(stripslashes($val))) . "'";
                breaK;
      }
$q = 'insert into larf_users set ' . implode(', ',$qtmp);
echo "Generated query: $q<br>\n";
?>[/code]
BTW, I use the mysql_real_escape_string() function to prevent sql injections.

Ken

[Imothep]

:( Thank you very much but it doesnt seem to be entering data into the database:


This is my whole script... please dont laugh  :P im a n00b. But the mail functions and the echo functions work perfectly :S

except from the mysql_query :S

[code]<?php
$username="xxxxxx"; ( changed for security reasons)
$password="xxxxxx"; ( changed for security reasons)
$server="xxxxxx"; ( changed for security reasons)
$database="xxxxxx"; ( changed for security reasons)

$adminmail="fred@ipgeneration.co.uk";

$required="This is a required field *";
$usermail= $_POST['email'];


$adminmessage= " \n"
. "\n"
. "\n"
. "Name: $_POST[firstname] $_POST[surname]" 
. "\n"
. "\n"
. "\n"
. "User email: $_POST[email]" 
. "\n"
. "\n"
. "\n"
. "Landline phone: $_POST[landphone]"
. "\n"
. "\n"
. "\n"
. "Mobile phone: $_POST[mobilephone]"
. "\n"
. "\n"
. "\n"
. "Postal Code : $_POST[postalcode]"
. "\n"
. "\n"
. "\n";










mysql_connect($server, $username, $password)
or die(" could not connect to the server please contact $adminmail for more information");


mysql_select_db($database)
or die("Could not connect to the database");


if(empty($_POST['firstname']))
{
echo "You did not fill in your Firstname $required";
}




echo "<br>";




if(empty($_POST['surname']))
{
echo "You did not fill in your Surname $required";
}




echo "<br>";




if(empty($_POST['email']))
{
echo "You did not fill in your email $required";
}



echo "<br>";


if(empty($_POST['landphone']))
{
echo "You did not fill in your land phone number $required";
}


echo"<br>";


if(empty($_POST['mobilephone']))
{
echo "You did not fill in your Mobile phone number $required";
}



echo "<br>";


if(empty($_POST['postalcode']))
{
echo "<h4>" ."You did not fill in your Postal code $required" . "</h4>";

}


if (empty($_POST['firstname']) || empty($_POST['surname']) || empty($_POST['email']) || empty($_POST['landphone']) || empty($_POST['mobilephone']) || empty($_POST['postalcode']))
{
}
else {


$sql = "INSERT INTO `larf_users` (`firstname`, `surname`, `email`, `landphone`, `mobilephone`, `postalcode`)
        VALUES (
        '{$_POST[firstname]}',
        '{$_POST[surname]}',
        '{$_POST[email]}',
        '{$_POST[landphone]}',
        '{$_POST[mobilphone]}',
        '{$_POST[postalcode]}')";

mysql_query($sql);

mail($adminmail, "New Registered user", "$adminmessage");



echo "Registration Successfull. You will shortly receive a confirmation mail with your registered details" . "<a href='index.php'> Back to Main Page? </a>";



mail($usermail, "Thank you for registerting at LARF TV", "Welcome to LARF TV $_POST[firstname] $_POST[surname]. Below you will find all the information you used to register with. If any of this information is wrong please let us know so that we can correct this manually." . "\n" . "\n" .  "Thank you and once again Welcome!"
. "\n"
. "\n"
. "\n"
. "Name: $_POST[firstname] $_POST[surname]"
. "\n"
. "\n"
. "\n"
. "User email: $_POST[email]"
. "\n"
. "\n"
. "\n"
. "Landline phone: $_POST[landphone]"
. "\n"
. "\n"
. "\n"
. "Mobile phone: $_POST[mobilephone]"
. "\n"
. "\n"
. "\n"
. "Postal Code : $_POST[postalcode]"
);

}
?>[/code]

anyone have any idea ?

Thank you again!

(edited by a moderator to put in the [nobbc][code][/code][/nobbc] tags)

[kenrbnsn]

Change the
[code]<?php mysql_query($sql); ?>[/code]
to
[code]<?php mysql_query($sql) or die("Problem with the query: $sql<br>" . mysql_error()); ?>[/code]
and see it any error is printed.

Ken

[Imothep]

Problem with the query: INSERT INTO `larf_users` (`firstname`, `surname`, `email`, `landphone`, `mobilephone`, `postalcode`) VALUES ( 'Fredrik', 'Christensen', 'fredrik@pixelpeople.org', '22222222', '', 'SW19 5DH')
Duplicate entry '' for key 1

[kenrbnsn]

So you're you're trying to enter a duplicate "firstname". That doesn't make much sense, since many people have the same firstnames. Take a look at your database design.

Ken

[Imothep]

I found the problem Ken.. I forgot to use INT AUTO_INCREMENT on the userid field. IM sorry to bother you about this, but stupid errors occur all the time for me :P lol

Thanks alot!

[Imothep]

Also mate.. is there a lot of work to do a USER EXISTENCE check? so that users cant register twice ?