PHP script problem

[Coronach]

I need to be able to add and remove data to/from a MySQL database using two PHP pages (enclosed), but I cannot see what I have done wrong, can anyone look at the scripts and help me sort it out?

 

[attachment deleted by admin]

[Instigate]

On registration_script.php, are you actually inserting into a table called set? Or am I missing something?

 

$sql = "INSERT INTO set firstname ='" . $_POST[txtfirstname] . "',"; 

 

Could you also post your errors?

[TeddyKiller]

What exactly happens? Whats the actual problem.

[PFMaBiSmAd]

Here is a list of problems in your registration_script.php -

 

1) All of the associative array names ($_POST and $_SESSION) need to be enclosed in quotes so that php does not take ~10 times longer to access each variable by attempting to find a defined constant with the name being used, produce a notice error, then assume you meant a quoted name, then find the actual array index name.

 

2) As has already been pointed out, your INSERT query does not reference a table name.

 

3) You are not validating (what happens or should happen if there is no $_SESSION['id'] or if any of the form fields are empty?) or escaping (to prevent sql injection) the external data being put into the INSERT query.

 

4) INSERT queries don't have WHERE clauses, so the first query on the page will fail due to a SQL syntax error. Are you trying to INSERT a new row or UPDATE an existing row?

 

5) Your queries don't have any error checking, error reporting/error logging, or error recovery logic to get them to tell you when they fail, why they failed, or to take an appropriate action when they fail.

 

6) $PHP_SELF was depreciated almost 8 years ago. You should use $_SERVER['PHP_SELF'] (assuming you want the current URL query string to be carried over when the form is submitted) or you should just use an empty string as the action="" attribute to cause the form to submit to the same page.

 

7) You should use isset($_POST['submit']) to prevent an undefined notice message when the page is requested before the form is submitted.

 

You should be developing and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that php will help you by displaying all the errors it detects. You will save a TON of time. Several of the problems listed would have already been exposed so that you could have found and fixed them yourself.

 

Edit: 9) You are also missing the closing } from the else statement. This would be causing a fatal parse error that would be exposed if error_reporting/display_errors were set as suggested in item #8 in this list.

[Coronach]

Thanks guys... you have given me a few things to sort so I will come back when I have worked on the script.