CODE NOT WORKING

[satheeshpr]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Dairy Farm Record Management</title>
<link rel="stylesheet" type="text/css" href="C:\Documents and Settings\satheesh\Desktop\dairy_records\styles\styles.css" />
</head>
<body bgcolor="#FFEBCC">
<?php
if ( isset($_POST["submit"])) {
// process form
//$db = mysql_connect("localhost", "root","TWINKLE1");
//mysql_select_db("c1_cattle_history",$db);
//$sql = "INSERT INTO cattle_rec (cattle_name,first_svc,second_svc,third_svc,calving_date,calf_sex,days_in_milk,milk_yld,dry_days,305_days_yld) VALUES
//('$cattle_name,$first_svc,$second_svc,$third_svc,$calving_date,$calf_sex,$days_in_milk,$milk_yld,$dry_days,$days_yld')";
//$result = mysql_query($sql);
require($_SERVER["DOCUMENT_ROOT"]."/dairy_logon.php");
$connection = mysql_connect($db_host, $db_user, $db_password) or die("error connecting");
mysql_select_db("$db_name");
    mysql_query("INSERT INTO cattle_det (cattle_n,first_s,second_s,third_s,calving_d,calf_s,days_m,m_yld,dry_d,d_yld) VALUES
('$_POST[cattle_name]','$_POST[first_svc]','$_POST[second_svc]','$_POST[third_svc]','$_POST[calving_date]','$_POST[calf_sex]','$_POST[days_in_milk]','$_POST[milk_yld]','$_POST[dry_days]','$_POST[days_yld]')");
echo "Cattle Information Updated Successfully !\n";
} else {
// display form
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<table cellpadding="0" cellspacing="0" width="99%">
<tr><td align="center">
<font face="Franklin Gothic Medium" size="6" color="#FF8000">History Sheet</font></td></tr><br/>
<tr><td align="left"><font face="Franklin Gothic Medium" size="4" color="#FF8000">Cattle Name : </font>    <input type="text" size="15" name="cattle_name"></input><br/>
</td></tr><br/>
<table border="2" cellpadding="1" cellspacing="0" id="mytable">
  <tr>

 

The code given above is supposed to retrieve values from a form and update the respective columns in the MySQL database,but everytime I key-in the value and say "Submit" in the form the form is just reset and the values are also getting updated. Please do provide your valuable inputs.

 

Thanks a mil.

Satheesh P R

[cunoodle2]

Few things..

#1.  Do NOT use (<?php echo $_SERVER['PHP_SELF'] ?>).  There are major major security flaws with it.

 

#2.  I think your quotes are off a little here...

mysql_query("INSERT INTO cattle_det (cattle_n,first_s,second_s,third_s,calving_d,calf_s,days_m,m_yld,dry_d,d_yld) VALUES
('$_POST[cattle_name]','$_POST[first_svc]','$_POST[second_svc]','$_POST[third_svc]','$_POST[calving_date]','$_POST[calf_sex]','$_POST[days_in_milk]','$_POST[milk_yld]','$_POST[dry_days]','$_POST[days_yld]')");

 

Instead do this..

$query = "INSERT INTO cattle_det (cattle_n,first_s,second_s,third_s,calving_d,calf_s,days_m,m_yld,dry_d,d_yld) VALUES
('{$_POST['cattle_name']}','{$_POST['first_svc']}','{$_POST['second_svc']}','{$_POST['third_svc']','{$_POST['calving_date']}','{$_POST['calf_sex']}','{$_POST['days_in_milk']}','{$_POST['milk_yld']}','{$_POST['dry_days']}','{$_POST['days_yld']}')"
if (mysql_query($query)
echo "SUCCESS!!\n";
else
echo "FAIL!!\n";

 

Also you really should be doing some variable sanitizing prior to you insert.

[Maq]

Also you really should be doing some variable sanitizing prior to you insert.

Yes, do not use raw POST, GET or any data that could possibly be manipulated by the user, directly in your query.  For sanitation, you can use mysql_real_escape_string.