Jump to content

Calling function on Submit

traedet

By traedet
in PHP Coding Help

 Share

Recommended Posts

traedet Newbie

traedet

Posted
Posted

Hi, I'm in the basic learning phase in PHP and ran into a problem two days ago...

 

I need to make a function that $_POST to MySQL.

I think i have the function working but i cant make the form call the function to submit the data to my Database!

 

This is the function (filename is test.php) :

 

<?php function addlunch() {
$sql="INSERT INTO $tbl_name(vecka, dag, lunch1, lunch2)VALUES('$_POST[vecka]','$_POST[dag]','$_POST[lunch1]','$_POST[lunch2]')";
$result=mysql_query($sql);

mysql_close();
} ?>

 

And now the problem is to call the function to this form:

 

<form action="test.php?addlunch" method="post" name="lunch">
  <input value="<?php echo ($veckonummer); ?>" name="vecka" type="text" /><br />
  <input name="dag" type="text" value="Måndag" /><br />
  <textarea name="lunch1" cols="40"></textarea><br />
  <textarea name="lunch2" cols="40"></textarea>
  <input type="submit" value="Skicka" /><input type="reset" value="Rensa" />
</form>

 

If anyone could take a look at it i would appreciate it!!

Thx!

Link to comment
https://forums.phpfreaks.com/topic/216098-calling-function-on-submit/
Share on other sites
traedet Newbie

traedet

Posted
  • Author
Posted

Here you go:

 

<?php $host="localhost";
$username="XXX"; 
$password="XXX";
$db_name="XXX";
$tbl_name="lunch";

mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");
$result = mysql_query("SELECT * FROM $tbl_name") or die("Can't  connect with table");

?>

Bodhi Gump Newbie

Bodhi Gump

Posted
Posted

I see what's going on. Change the query string to:

$sql="INSERT INTO $tbl_name(`vecka`, `dag`, `lunch1`, `lunch2`)VALUES('".$_POST['vecka']."','".$_POST['dag']."','".$_POST['lunch1']."','".$_POST['lunch2']."')";

Take good look at the quotes ` and '.

jcbones Newbie

jcbones

Posted
Posted

You will have to code the function call on the page reset, as the form cannot call a php function.

 

At the top of your page

 

test.php

if(isset($_GET['addlunch'])) {
addlunch();
}

 

of course you will have to change the form action so that the addlunch parameter is set>

<form action="test.php?addlunch=1" method="post" name="lunch">

 

After this, you will note that it still doesn't work, because your query doesn't have a table name.  Because, $tbl_name is out of scope.  Hard code it.

 

Once you fix this, you will find that because you have failed to use any database sanitation, and are also setting your caller in the URL that this script has great potential to be raped by script kiddies.

 

To fix, you need to at least run your form through mysql_real_escape_string(), and put you a hidden input into the form to trigger your database function.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.