newbie..php writing to sql

[drumhrd]

hey I am following a tutorial on how to use a form to write to a sql db...

 

db is created and looks like this

 

mysql> SELECT * from employees;

+----+-------+---------+-----------------------------+-------------------+

| id | first | last    | address                    | position          |

+----+-------+---------+-----------------------------+-------------------+

|  1 | Bob  | Smith  | 128 Here St, Cityname      | Marketing Manager |

|  2 | John  | Roberts | 45 There St , Townville    | Telephonist      |

|  3 | Brad  | Johnson | 1/34 Nowhere Blvd, Snowston | Doorman          |

+----+-------+---------+-----------------------------+-------------------+

3 rows in set (0.00 sec)

 

 

PHP code looks like this

 

 

<html>

<body>

<?php

if ($submit) {

  // process form

  $db = mysql_connect("localhost", "root", "ommited") or die(mysql_error());

  mysql_select_db("mydb",$db)  or die(mysql_error());

  $sql = "INSERT INTO employees (first,last,address,position) VALUES ('$first','$last','$address','$position')"  or die(mysql_error());

  $result = mysql_query($sql)  or die(mysql_error());

  echo "Thank you! Information entered.\n";

} else {

  // display form

  ?>

  <form method="post" action="<?php echo $PHP_SELF ?>">

  First name:<input type="Text" name="first"><br>

  Last name:<input type="Text" name="last"><br>

  Address:<input type="Text" name="address"><br>

  Position:<input type="Text" name="position"><br>

  <input type="Submit" name="submit" value="Enter information">

  </form>

  <?php

} // end if

?>

</body>

</html>

 

 

I cannot find any errors in this logic..nor do I get any error messages back.

 

Can someone please look at this and tell me why it's not working..I input info into the form and hit the "Enter information" button..but it does not put the info into the database.  This code is identical to the tutorial...minus the "omitted" db password.

[Daniel0]

Find a newer tutorial. It seems like the code is relying on what's called "register globals", a deprecated practice that's disabled in recent versions of PHP.

 

Read these chapters of the manual, and then read tutorials:

http://www.php.net/manual/en/langref.php

http://www.php.net/manual/en/security.php

http://www.php.net/manual/en/features.php

 

Don't read the function reference because that's what it is, a reference.

[PFMaBiSmAd]

Edit: a longer version of the above ^^^^

 

The tutorial you found is 7 years out of date. It relies on register_globals to magically populate program variables from the form data. Register_globals were turned off by default in php4.2 in the year 2002 and have been completely eliminated in php6. It is sad that we are still seeing problems with people finding code posted on the Internet or in books that is supposed to teach them how to use php but is so out of data that is fails.

 

All of the form variables $submit, $first, $last, $address, and $position need to be accessed using the corresponding $_POST variable $_POST['submit']...

 

Also, $PHP_SELF should be $_SERVER['PHP_SELF'] or you can in fact leave the action="" parameter empty.

 

If you set error_reporting to E_ALL and set display_errors to ON in your php.ini (stop and start your web server to get any change made to php.ini to take effect), you will get error messages that point out program variables that are no longer being magically populated and need to be set for the correct form $_POST variable.

 

 

[Daniel0]

Actually, error_reporting = E_ALL|E_STRICT would be better for when you're writing code.

 

You'll also need to use mysql_real_escape_string to protect yourself from something called SQL injection.

[drumhrd]

ok..well not surprised my tutorial lead me on the wrong path. 

 

I just got a new book in "learning php and mysql" by michele e davis and jon a phillips.

 

It covers php5 so  will start on this book..thought I could get a head with this tutorial..but I should have started the book first.

 

thanks!