Why does this simple script not write anything to the database?

[ghurty]

Why does this script not write anything to the database?

 

 

Thanks

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>


<p align="left">
WHAT<br>

<select name="type" size="2">
<OPTION VALUE="ONE">ONE
<OPTION VALUE="TWO">TWO
<OPTION VALUE="THREE">THREE
</select>
<br>
WHO<br>
<input name="Who" type="text" value="Who" size="40" maxlength="50" /><br>
WHY<br>
<input name="Why" type="text" value="Why" size="40" maxlength="50" /><br>




<?      
$link = mysql_connect("localhost", "root", "passw0rd")
    or die("Data base connection failed");
mysql_select_db("test123")
    or die("data base open failed");


     if($submit)
     {

	 $sql = "INSERT INTO 'test'  ('type','who','why') VALUES ('$type','$who','$why')";
           $result = mysql_query($sql);
     }

 mysql_close($link);
?>

<form method="post" action="">
<input type="Submit" name="submit" value="Submit">
</form>
<body>
</body>
</html>

[.josh]

unless you have register globals turned on (which you probably don't, and if you do, they should be turned off), you never assign anything to $submit so the condition never evaluates true.  Instead of $submit you should be using $_POST['submit'] same goes with your other form variables.

[KevinM1]

Why does this script not write anything to the database?

 

Short answer: your code is junk.  Neither your HTML nor your PHP is intelligible

 

Long answer: your code is junk, but it can be fixed.  First, since you're posting your data to the same page that's displaying the form, you should attempt to handle the passed-in data first:

<?php
   if(isset($_POST['submit']))
   {
      $dbc = mysql_connect("localhost", /* never use root as the user */, /* never give out the password on a forum */) OR die("Could not connect to the db");
      mysql_select_db("test123") OR die("Could not select correct db");

      $query = "INSERT INTO 'test' ('type', 'who', 'why') VALUES ('{$_POST['type']}', '{$_POST['Who']}', '{$_POST['Why']})";

      mysql_query($query);
   }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
   <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
      <p align="left">WHAT<br />

      <select name="type" size="2">
         <option value="ONE">ONE</option>
         <option value="TWO">TWO</option>
         <option value="THREE">THREE</option>
      </select>
      <br />

      WHO<br />
      <input name="Who" type="text" value="Who" size="40" maxlength="50" />
      <br />

      WHY<br />
      <input name="Why" type="text" value="Why" size="40" maxlength="50" />
      <br />

      <input type="Submit" name="submit" value="Submit">
      </p>
   </form>
</body>

</html>

 

I noticed that you're trying to access form inputs as direct variables (i.e., as $submit rather than $_POST['submit']).  You can't do that unless register_globals is turned on in your php.ini file.  Turning this on is a BAD IDEA as it leads to both a host of security problems and complicates the long-term maintenance of your code.  Access form variables the right way, through the various superglobal arrays ($_POST and $_GET).

 

You should also look into validating and securing incoming data.  You should always treat user supplied data as a security risk, and only accept it after it's been validated.