edrew04 Posted September 25, 2009 Share Posted September 25, 2009 i know that i have no errors in the coding knowing also that i have an auto incrementing primary key which was named Patient_ID in my mysql table please help in what is wrong? <html> <head><title>Welcome to Mountain View Hospital</title> <style type="text/css"> input.field{ width:100%; height:30px; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:18px; text-align:right; } .btn{ width:40px; height:40px; } .btn0{ width:100%; height:40px; } </style> </head> <body font face="tahoma" background="mv.jpg"> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form1" method="POST" action="patient.php"> <tr><td><p>Patient's name: <input type="text" name="patientname" id="patientname" size="15" maxlength="30" value=""/></p></td></tr> <tr><td><p>Address: <input type="text" name="add" id="add" size="15" maxlength="60" value=""/></p></tr> <tr><td><p>Birhdate: <input type="text" name="bday" id="bday" size="15" maxlength="10" value="mm/dd/yyyy"/></p></td></tr> <tr><td><p>Age: <input type="text" name="age" id="age" size="15" maxlength="3" value=""/></p></td></tr> <tr><td><p>gender: <input type="text" name="sex" id="sex" size="15" maxlength="40" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn" id="btn" value="Add Patient"/></p></td></tr> </form> </div> </table> <?php include("dbconnect.php"); if (isset($_POST['btn'])) { mysql_query("INSERT INTO patient (Patient_Name,Address,Birthdate,Age,Gender) VALUES ('.$_POST[patientname].','.$_POST[add].','.$_POST[bday].','.$_POST[age].','.$_POST[sex].')") or die (mysql_error); echo "eow"; } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
ILMV Posted September 25, 2009 Share Posted September 25, 2009 So you get no errors at all? Can you echo your SQL script please and post it here, you also might want to try your SQL in phpMyAdmin, that will usually return an error for you to work from. Quote Link to comment Share on other sites More sharing options...
Bricktop Posted September 25, 2009 Share Posted September 25, 2009 Hi edrew04, Your MySQL statement is not making correct use of " and ', here it is correctly formatted: mysql_query("INSERT INTO patient (Patient_Name,Address,Birthdate,Age,Gender) VALUES ('".$_POST['patientname']."','".$_POST['add']."','".$_POST['bday']."','".$_POST['age']."','".$_POST['sex']."')") or die ("".mysql_error()); Also, it is never a good idea to put $_POST values directly into your database. You must validate/sanitise this data before entering it into your Database to protect from MySQL Injection attacks. Please see Daniel's excellent security tutorial at http://www.phpfreaks.com/tutorial/php-security for further information. Hope this helps. Quote Link to comment Share on other sites More sharing options...
Mark Baker Posted September 25, 2009 Share Posted September 25, 2009 Using "" around your query means that you're $_POST values are being interpreted, but you're also trying to concatenate with the dots (.) within your string. Upshot is that your values will include the . as part of the value. Are your fields really all strings (VARCHAR2) on the database? $_POST[patientname] and all your othe rpost vars should be quoted associative indexes $_POST['patientname'] You should be escaping your $_POST vars for security Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.