PHP Form/Database Help

[rotc_rachel]

Hello everyone,

 

  I am new here and new to PHP and would like to ask for some help!  Below is a php file that takes values entered from a form and enters them into php variables.  Using those variables, I would like to connect to my database and enter the newly entered values.  When I do this, the die() function does not execute but my new values submitted never are entered either (through phpMyAdmin I run an SQL query to SELECT * from my publications database and it does not return the newly entered values from the original html form.)  Below is the code for my php file, any help would be greatly appreciated!

 

Thank you!

 

 

<?php

$pub_id = $_POST['pub_id'];

$title = $_POST['title'];

$author = $_POST['author'];

$year = $_POST['year'];

$journal = $_POST['journal'];

$pages = $POST['pages'];

 

 

 

$dbc = mysqli_connect('localhost', 'root', 'rmr788', 'Publications')

or die('Error connecting to MySQL');

 

$query = "INSERT INTO publications (pub_id, Title, Author, Year, Journal, Pages)" .

"VALUES('$pub_id', '$title', '$author', '$year', '$journal', '$pages')";

 

$result = mysqli_query($dbc,$query)

or die('Error querying database');

 

$mysql_close($dbc);

 

 

?>

 

Also below is the html form code in case that would help solve the issue;

 

<!-- Start of FORM -->

<form method="POST" action="insert_report.php">

<label for="pub_id"><b>Publication <i>ID</i>:</b></label>

<br>

<input type="text" id="pub_id" name="pub_id" />

<br>

<br>

<label for="title"><b>Publication <i>Title:</i></b></label>

<br>

<input type="text" id="title" name="title" />

<br>

<br>

<label for="author"><b>Publication <i>Author</i>:</b></label>

<br>

<input type="text" id="author" name="author" />

<br>

<br>

<label for="year"><b>Publication <i>Year</i>:</b></label>

<br>

<input type="text" id="year" name="year" />

<br>

<br>

<label for="journal"><b>Publication <i>Journal</i>:</b></label>

<br>

<input type="text" id="journal" name="journal" />

<br>

<br>

<label for="pages"><b>Publication <i>Pages</i>:</b></label>

<br>

<input type="text" id="pages" name="pages" />

<br>

<br>

<input type="submit" value="Insert Publication" name="submit" />

 

</form>

<!-- End of FORM -->

[KevinM1]

I'm surprised your not getting an error on your query, as the way its written would actually come out as:

 

INSERT INTO publications (pub_id, Title, Author, Year, Journal, Pages)VALUES('$pub_id', '$title', '$author', '$year', '$journal', '$pages')

 

Note how 'VALUES' is smooshed between the parentheses.  This stems from not putting a space at the beginning of the second line of your query.  Be sure that your db columns' data types match the values you're trying to put in, and that the order is the same as how the db is structured.

 

Other than that, nothing jumps out at me immediately.  That said, two things:

 

1. You should never display your db password on a public forum.

2. The 'die()' function shouldn't be used in error handling, unless it's for debugging purposes only (more on this at: http://www.phpfreaks.com/blog/or-die-must-die).

[rotc_rachel]

Thank you for the help. 

 

I have made the change you suggested;

 

$query = "INSERT INTO publications (pub_id, Title, Author, Year, Journal, Pages) " .

  "VALUES ('$pub_id', '$title', '$author', '$year', '$journal', '$pages')";

 

but it is still not correct.  None of the values I submit on the form make their way to the database.  Do you think it is a connection issue?

 

 

[KevinM1]

Thank you for the help. 

 

I have made the change you suggested;

 

$query = "INSERT INTO publications (pub_id, Title, Author, Year, Journal, Pages) " .

  "VALUES ('$pub_id', '$title', '$author', '$year', '$journal', '$pages')";

 

but it is still not correct.  None of the values I submit on the form make their way to the database.  Do you think it is a connection issue?

 

 

 

That's not what I was suggesting.  For your query, either write this:

 

$query = "INSERT INTO publications (pub_id, Title, Author, Year, Journal, Pages)" .
                        " VALUES ('$pub_id', '$title', '$author', '$year', '$journal', '$pages')";

 

Note the space before VALUES.  The part within the quotes is what matters...that's what you're sending to the db.

 

Or, you can have it all on one line:

 

$query = "INSERT INTO publications (pub_id, Title, Author, Year, Journal, Pages) VALUES ('$pub_id', '$title', '$author', '$year', '$journal', '$pages')";

 

If that doesn't help matters stick the following lines at the top of your script (just after the <?php at the beginning) and try again:

 

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

This will force PHP to display all PHP-related errors and warnings, if there are any.

 

Also, have you tried your insert query through php_myadmin?  It may report an error through there.

[rotc_rachel]

Ok, updated the changes as you said, still returned nothing.  Added the error script and nothing showed either. 

 

When I ran the insert command in phpMyAdmin (just inserting the variables as strings - pub_id, year, and pages defaulted to the value '0' since they are INTs), it worked correctly.

 

:/

[KevinM1]

Ok, updated the changes as you said, still returned nothing.  Added the error script and nothing showed either. 

 

When I ran the insert command in phpMyAdmin (just inserting the variables as strings - pub_id, year, and pages defaulted to the value '0' since they are INTs), it worked correctly.

 

:/

 

In order to save some frustration, can you show me your table's structure?  That is, its column names and attributes.  Also, can you tell me the values you're using in your script when you test this?

[rotc_rachel]

localhost -> Database: publications -> Table: publications

 

 

        pub_id  int(5)   

Title char(50)

Author char(50)

Year int(4)

Journal char(50) l

Pages int(4)

 

In my connection variable ($dbc) I changed the database name to publications, since there is no uppercase on the 'p'.  I am thinking the database and table being the same name was not a smart idea but technically, would it really affect anything? 

 

TO test, I'm running the SQL statement; SELECT * FROM publications

 

When I insert through phpMyAdmin and display the SQL, it shows something like

INSERT INTO publications '.' publications ....

 

 

[rotc_rachel]

Also, would the HTML form field that uses 'text' matter when a database column attribute is an 'INT' for that variable, or should the whole script work but would just default the INTs to '0'? 

[KevinM1]

You haven't given any of your columns a NOT NULL directive, or anything along those lines?

 

You should try changing your table name, so it and the db name aren't the same.  I'm not sure if that could be causing the problems, but it's a good idea just for maintenance's sake.

 

Also, you need to check and filter the input coming into your script.  Just because MySQL does some type conversion/supplies default values for the wrong kinds of data in certain instances doesn't mean that's the right thing to do.  At the very best, it will create nonsense values (like setting the year to 0).  And that's to say nothing of the security risks.

 

Do me a favor, and try to run the following insert query:

 

INSERT INTO publications (pub_id, Title, Author, Year, Journal, Pages) VALUES ('100', 'Test', 'Bubba Gump', '2009', 'Shrimping Made Easy', '658')

[rotc_rachel]

Yeah, I was looking to add more "constraints" to the database, but wanted to make sure it was generally working beforehand.

 

Well I changed the database name so it is different from the table.  I've also changed the YEAR to yr, since I believe YEAR may be a reserved word. 

 

Finally, I added your query and ran through the page and still, nothing.  I'm starting to think it's not even connecting properly to the database but no errors are showing. 

[rotc_rachel]

Also,

 

  I manually inserted values from phpMyAdmin, I transferred the PHP it gave me there to my .php file, changed around only the values.  Saved it, started at the form's original html page, it brought up the php_report page, and still that did not even add anything to the db.  I'm thinking it's some connection problem but I have no idea what it could be. 

[KevinM1]

Also,

 

  I manually inserted values from phpMyAdmin, I transferred the PHP it gave me there to my .php file, changed around only the values.  Saved it, started at the form's original html page, it brought up the php_report page, and still that did not even add anything to the db.  I'm thinking it's some connection problem but I have no idea what it could be. 

 

Hmm...could be, although one of your die() functions should've caught it if it couldn't connect.

[rotc_rachel]

Actually I tried running a simple PHP 'echo' script right after the first <?php tag and nothing displayed.  I don't think my PHP is working but I don't know how that is possible as I am running on WAMP. :/

 

 

EDIT: Figured out the 'just' of it.  Now I'm actually able to execute php code, BUT the "Error querying database" is produced.

[oni-kun]

Actually I tried running a simple PHP 'echo' script right after the first <?php tag and nothing displayed.  I don't think my PHP is working but I don't know how that is possible as I am running on WAMP. :/

 

 

EDIT: Figured out the 'just' of it.  Now I'm actually able to execute php code, BUT the "Error querying database" is produced.

 

Some things are finicky, double check your SQL service and make sure it has the proper versions/functions enabled. You may want to run a few simple test queries in a separate file to test the proper functioning of all aspects of it.

 

I may also recommend the better version "WAMPServer" if you don't already have it, It worked for me when I had problems.

[rotc_rachel]

Thank you so much both for you help.  I had to play around with WAMP and some settings but it is now up and working.  I am sorry if my questions were very beginner, just getting started with PHP and do appreciate the help!