Jump to content


Photo

INSERT DB


  • Please log in to reply
3 replies to this topic

#1 Arsench

Arsench
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 September 2006 - 12:11 PM

HELLO ALL FRIENDS.I HAVE A HTML FORM WITH ONE FIELD FOR NAME AND PHP FILE WHERE WHEN TYPING ANY NAME AND CLICKING SUBMIT THE NAME MUST BE INSERT INTO DB.i CANT DO IT AND CANT UNDERSTAND WHY LOOK THE BOTH CODE HTML

<html>
<body>
<form id="nam" name="form1" method="post" action="nme.php">
Name
<input type="text" name="nm" />
INSERT
<input type="submit" name="Submit" value="Submit" />
</form>
</body>
</html>

AND THE CODE PHP

<?php
$usr = "29594";
$pwd = "password";
$db = "29594";
$host = "localhost";

if ($REQUEST_METHOD=="post") {

mysql_connect ($host,$usr,$pwd);
mysql_select_db($db);


$SQL = " INSERT INTO adb (Nm)";
$SQL .= " VALUES ('$nm')";

$result = mysql_query($SQL);


echo ("New Name Added\n");

}

mysql_close($SQL);
?>
please help me to correct

#2 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 19 September 2006 - 12:14 PM

You are using the post method to parse the data (in your <form method='post')

But you are not calling that value
to call that you need
$nm = $_POST["nm"];

ALSO,
You need to secure this value before doing anything to the DB

<?php
function MakeSafe($str, $make_lower = false){
if($make_lower){
$str = strtolower($str);
}
$str = stripslashes($str);
$str = trim($str);
$str = strip_tags($str);
$str = mysql_real_escape_string($str);
return $str;
}




$usr = "29594";
$pwd = "password";
$db = "29594";
$host = "localhost";

if ($_POST["nm"]) {

mysql_connect ($host,$usr,$pwd);
mysql_select_db($db);
$nm = MakeSafe($_POST["nm"]);

$SQL = " INSERT INTO adb (Nm)";
$SQL .= " VALUES ('$nm')";

$result = mysql_query($SQL);


echo ("New Name Added\n");

}


?>

Tell me the problem, I will try tell you the solution

#3 Arsench

Arsench
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 19 September 2006 - 12:47 PM

thank you very much dear friends realy only you can:)

can advise me if i have not only one field for text but many?for example

<?php
$usr = "29594";
$pwd = "password";
$db = "29594";
$host = "localhost";

if ($_POST["cat, stn, sturl, desc"]) {

$SQL = " INSERT INTO links (category, sitename, siteurl, description);";
$SQL = . "VALUES ('$cat', '$stn','$sturl','$desc') ";
$result = mysql_db_query($db,"$SQL",$cid);

$result = mysql_query($SQL);

echo ("New Link Added\n");

}


?>
are here any error?Im a begginer and dont know many things.thank you again and again

#4 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 19 September 2006 - 02:05 PM

You need to grab the values
$cat = MakeSafe($_POST["cat"]);
$stn = MakeSafe($_POST["stn"]);
ect ect
Tell me the problem, I will try tell you the solution




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users