traedet Posted October 17, 2010 Share Posted October 17, 2010 Hi, I'm in the basic learning phase in PHP and ran into a problem two days ago... I need to make a function that $_POST to MySQL. I think i have the function working but i cant make the form call the function to submit the data to my Database! This is the function (filename is test.php) : <?php function addlunch() { $sql="INSERT INTO $tbl_name(vecka, dag, lunch1, lunch2)VALUES('$_POST[vecka]','$_POST[dag]','$_POST[lunch1]','$_POST[lunch2]')"; $result=mysql_query($sql); mysql_close(); } ?> And now the problem is to call the function to this form: <form action="test.php?addlunch" method="post" name="lunch"> <input value="<?php echo ($veckonummer); ?>" name="vecka" type="text" /><br /> <input name="dag" type="text" value="Måndag" /><br /> <textarea name="lunch1" cols="40"></textarea><br /> <textarea name="lunch2" cols="40"></textarea> <input type="submit" value="Skicka" /><input type="reset" value="Rensa" /> </form> If anyone could take a look at it i would appreciate it!! Thx! Quote Link to comment Share on other sites More sharing options...
Bodhi Gump Posted October 17, 2010 Share Posted October 17, 2010 How do you connect with your database? Can you show us the code of that? Quote Link to comment Share on other sites More sharing options...
traedet Posted October 17, 2010 Author Share Posted October 17, 2010 Here you go: <?php $host="localhost"; $username="XXX"; $password="XXX"; $db_name="XXX"; $tbl_name="lunch"; mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $tbl_name") or die("Can't connect with table"); ?> Quote Link to comment Share on other sites More sharing options...
Bodhi Gump Posted October 17, 2010 Share Posted October 17, 2010 I see what's going on. Change the query string to: $sql="INSERT INTO $tbl_name(`vecka`, `dag`, `lunch1`, `lunch2`)VALUES('".$_POST['vecka']."','".$_POST['dag']."','".$_POST['lunch1']."','".$_POST['lunch2']."')"; Take good look at the quotes ` and '. Quote Link to comment Share on other sites More sharing options...
traedet Posted October 17, 2010 Author Share Posted October 17, 2010 Thx for a quick answer! The problem remains tho... I need to call the function from the form. How do i make an action that calls the function? <form action="test.php?addlunch" method="post" name="lunch"> test.php?addlunch is not right is it? Quote Link to comment Share on other sites More sharing options...
jcbones Posted October 18, 2010 Share Posted October 18, 2010 You will have to code the function call on the page reset, as the form cannot call a php function. At the top of your page test.php if(isset($_GET['addlunch'])) { addlunch(); } of course you will have to change the form action so that the addlunch parameter is set> <form action="test.php?addlunch=1" method="post" name="lunch"> After this, you will note that it still doesn't work, because your query doesn't have a table name. Because, $tbl_name is out of scope. Hard code it. Once you fix this, you will find that because you have failed to use any database sanitation, and are also setting your caller in the URL that this script has great potential to be raped by script kiddies. To fix, you need to at least run your form through mysql_real_escape_string(), and put you a hidden input into the form to trigger your database function. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.