Jump to content

cant insert data to tables but there are no errors in mysql


edrew04

Recommended Posts

 

i know that i have no errors in the coding knowing also that i have an auto incrementing primary key which was named Patient_ID in my mysql table

please help in what is wrong?


<html>
<head><title>Welcome to Mountain View Hospital</title>
<style type="text/css">
input.field{
width:100%;
height:30px;
font-family:Verdana, Arial, Helvetica, sans-serif;
font-size:18px;
text-align:right;
}
.btn{
	width:40px;
height:40px;
}
  .btn0{
	width:100%;
height:40px;
}
</style>

</head>
<body font face="tahoma" background="mv.jpg">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<div id="insidebox1">
<form name="form1" method="POST" action="patient.php">
<tr><td><p>Patient's name: <input type="text" name="patientname" id="patientname" size="15" maxlength="30" 

value=""/></p></td></tr>
<tr><td><p>Address: <input type="text" name="add" id="add" size="15" maxlength="60" value=""/></p></tr>
<tr><td><p>Birhdate: <input type="text" name="bday" id="bday" size="15" maxlength="10" value="mm/dd/yyyy"/></p></td></tr>
<tr><td><p>Age: <input type="text" name="age" id="age" size="15" maxlength="3" value=""/></p></td></tr>
<tr><td><p>gender: <input type="text" name="sex" id="sex" size="15" maxlength="40" value=""/></p></td></tr>
<tr><td><p><input type="submit" name="btn" id="btn" value="Add Patient"/></p></td></tr>

</form>
</div>
</table>
<?php
include("dbconnect.php");
if (isset($_POST['btn'])) {
mysql_query("INSERT INTO patient (Patient_Name,Address,Birthdate,Age,Gender) VALUES 

('.$_POST[patientname].','.$_POST[add].','.$_POST[bday].','.$_POST[age].','.$_POST[sex].')") or die (mysql_error);
echo "eow";
}

?>
</body>
</html>

Hi edrew04,

 

Your MySQL statement is not making correct use of " and ', here it is correctly formatted:

 

mysql_query("INSERT INTO patient (Patient_Name,Address,Birthdate,Age,Gender) VALUES ('".$_POST['patientname']."','".$_POST['add']."','".$_POST['bday']."','".$_POST['age']."','".$_POST['sex']."')") or die ("".mysql_error());

 

Also, it is never a good idea to put $_POST values directly into your database.  You must validate/sanitise this data before entering it into your Database to protect from MySQL Injection attacks.

 

Please see Daniel's excellent security tutorial at http://www.phpfreaks.com/tutorial/php-security for further information.

 

Hope this helps.

Using "" around your query means that you're $_POST values are being interpreted, but you're also trying to concatenate with the dots (.) within your string.

Upshot is that your values will include the . as part of the value.

 

Are your fields really all strings (VARCHAR2) on the database?

$_POST[patientname] and all your othe rpost vars should be quoted associative indexes $_POST['patientname']

You should be escaping your $_POST vars for security

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.