perthmaverick Posted January 11, 2010 Share Posted January 11, 2010 Hi there, sorry, for the long subject line!.. wasn't sure what to write. I am trying to write my first bit of code in order to pass information from html to php and into mysql. It PHP part seems to process okay, but gives me my 'preferred' error/failure message....eg the form part works fine, but it's not sending the information to mysql. The test url is www.yourstocktips.com.au/newrecord.htm I have attached the two (rather basic) files. I must be missing something, but I don't know what! Doing my head in! Thanks, perthmaverick [attachment deleted by admin] Link to comment https://forums.phpfreaks.com/topic/188025-inserting-data-html-form-via-php-then-into-mysql/ Share on other sites More sharing options...
Mchl Posted January 11, 2010 Share Posted January 11, 2010 You have an unnecessary comma at the end of your query after '$_POST[comments]' $sql = "INSERT INTO drill_tracker values ('$_POST[input_date]', '$_POST[shift_type]', '$_POST[prospect_area]', '$_POST[plan_id]', '$_POST[hole_id]', '$_POST[from_m]', '$_POST[to_m]', '$_POST[total_m]', '$_POST[running_total]', '$_POST[geo]', '$_POST[rig_operational]', '$_POST[comments]',)"; Two more things: 1. You should NEVER put $_POST values directly into your query string. Use mysql_real_escape_string to escape them. 2. Use mysql_error to display error messages from MySQL. There's tutorial here: http://www.phpfreaks.com/tutorial/debugging-a-beginners-guide/page1 Link to comment https://forums.phpfreaks.com/topic/188025-inserting-data-html-form-via-php-then-into-mysql/#findComment-992663 Share on other sites More sharing options...
perthmaverick Posted January 11, 2010 Author Share Posted January 11, 2010 Hi Mchl, thank you. I forgot how easy it is to overlook something as simple as a comma. Also, thank you the two notes. I am learning from a tutorial book and it lists $_POST in the string, so I just assumed that was correct. I will research how to incorporate mysql_real_escape_string() Do I use that function instead of $_POST? Thanks. Link to comment https://forums.phpfreaks.com/topic/188025-inserting-data-html-form-via-php-then-into-mysql/#findComment-993195 Share on other sites More sharing options...
Mchl Posted January 11, 2010 Share Posted January 11, 2010 No. You put your $_POST variables into it, and it returns a value that can be considered safe for putting it into a query. Example $password = mysql_real_escape_string($_POST['password']); $username = mysql_real_escape_string($_POST['username']); $sql = "SELECT * FROM users WHERE username = $username AND password = MD5($password)"; Link to comment https://forums.phpfreaks.com/topic/188025-inserting-data-html-form-via-php-then-into-mysql/#findComment-993215 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.