Jump to content
evx

Form results to database

Recommended Posts

Hi. I have made a application form for a job, I want the results the user enters into the boxes to come out into my database (evxhotel and the table apps). I get no errors and the website works perfectly fine but when I fill the form and submit the page just reloads and when I go to check my database I see that my results of the form are not in the database. I believe that maybe I put the mysql_connect and the mysql_select_db on the wrong lines.

 

BTW, this is only the php script embedded into a html document. The file format and name is form.php. All the tags are correct.

<?php
	$connect = mysql_connect("****", "****", "****") or die(mysql_error());
	
	if(isset($_POST['submit'])){
    $username  = mysql_real_escape_string($_POST['Username']);
    $email  = mysql_real_escape_string($_POST['Email']);
    $firstname  = mysql_real_escape_string($_POST['First']);
    $lastname  = mysql_real_escape_string($_POST['Last']);
    $day  = mysql_real_escape_string($_POST['Day']);
    $month  = mysql_real_escape_string($_POST['Month']);
    $year  = mysql_real_escape_string($_POST['Year']);
    $time  = mysql_real_escape_string($_POST['Time']);
    $position  = mysql_real_escape_string($_POST['Position']);
    $why  = mysql_real_escape_string($_POST['Why']);
    $what  = mysql_real_escape_string($_POST['What']);
    $exp  = mysql_real_escape_string($_POST['Exp']);
    $hours  = mysql_real_escape_string($_POST['Hours']);
    $comments  = mysql_real_escape_string($_POST['Comments']);
			
	
	mysql_select_db($connect, "evxhotel") or die(mysql_error());
	
	$sql = mysql_query ("INSERT INTO apps (username, email, realname, dob, time, position, why, what, exp, hours, comments) VALUES ('".$username."', '".$email."', '".$firstname/$lastname."', '".$day/$month/$year."', '".$time."', '".$position."', '".$why."', '".$what."', '".$exp."', '".$hours.", '".$comments."')", $connect);
	
	
	if($sql) {
        echo "Your applicaton has been added to the database.";
    } else {
        die(mysql_error());
    }
   
}
?>

Whats wrong? Thanks in advance.

Share this post


Link to post
Share on other sites

Couple things wrong in the query string.

This part - '".$firstname/$lastname."', '".$day/$month/$year."', is trying to divide the vars, not put them in the way you are wanting.

Second you have a stray " after the ) for the VALUES portion.

Share this post


Link to post
Share on other sites

Also, simply checking whether $POST_['submit'] is set might not generate proper results. isset($_POST['submit']) might return true even if it is null or in some circumstances even if it is blank. 

 

I find this covers every possible situation:

if(isset($_POST['submit']) && ($_POST['submit']!=null || $_POST['submit']!=''))

You really should check against the value of the submit button, not just whether it is set or not.

Edited by AJinNYC

Share this post


Link to post
Share on other sites

Also bear in mind that the user may submit the form data by pressing the Enter key. In this case it depends on which browser is being used whether the value of the Submit button is posted or not.

Share this post


Link to post
Share on other sites

I would like to advise not even using the isset($_POST['submit']), and instead suggest using the $_SERVER superglobals.

 

if($_SERVER['REQUEST_METHOD'] == 'POST')

 

This is due to what Barand is talking about.

Share this post


Link to post
Share on other sites

Couple things wrong in the query string.

This part - '".$firstname/$lastname."', '".$day/$month/$year."', is trying to divide the vars, not put them in the way you are wanting.

Second you have a stray " after the ) for the VALUES portion.

Thanks I got rid of the ". How am I ment to stop it from dividing the vars and put them together instead? thanks.

 

This is what the html code looks like for the submit button:

<br />
<input type="submit" value="Submit your application" name="submit">
<br />
<br />
</form>
</body>
</html>
Edited by evx

Share this post


Link to post
Share on other sites

Here's my new php code:

<?php
	$connect = mysql_connect("localhost", "root", "abid1221") or die(mysql_error());
	
	if($_SERVER['REQUEST_METHOD'] == 'POST'){
    $username  = mysql_real_escape_string($_POST['Username']);
    $email  = mysql_real_escape_string($_POST['Email']);
    $firstname  = mysql_real_escape_string($_POST['First']);
    $lastname  = mysql_real_escape_string($_POST['Last']);
    $day  = mysql_real_escape_string($_POST['Day']);
    $month  = mysql_real_escape_string($_POST['Month']);
    $year  = mysql_real_escape_string($_POST['Year']);
    $time  = mysql_real_escape_string($_POST['Time']);
    $position  = mysql_real_escape_string($_POST['Position']);
    $why  = mysql_real_escape_string($_POST['Why']);
    $what  = mysql_real_escape_string($_POST['What']);
    $exp  = mysql_real_escape_string($_POST['Exp']);
    $hours  = mysql_real_escape_string($_POST['Hours']);
    $comments  = mysql_real_escape_string($_POST['Comments']);
			
	
	mysql_select_db($connect, "evxhotel") or die(mysql_error());
	
	$sql = mysql_query ($connect, "INSERT INTO apps (username, email, realname, dob, time, position, why, what, exp, hours, comments) VALUES ('".$username."', '".$email."', '".$firstname/$lastname."', '".$day/$month/$year."', '".$time."', '".$position."', '".$why."', '".$what."', '".$exp."', '".$hours.", '".$comments);	
	
	if($sql) {
        echo "Your applicaton has been added to the database.";
    } else {
        die(mysql_error());
    }
   
}
?>

Still; No difference. Im getting lost here :[

Share this post


Link to post
Share on other sites

You are still 'dividing" your text strings --'".$firstname/$lastname."', '".$day/$month/$year."',

 

To join strings use the . (period on your keyboard) -

$firstname = "Fred";
$lastname = "Flintstone"
$fullname = $firstname . " " . $lastname;
echo $fullname; // would display Fred Flintstone (note the space we added between the names
$fulldate = $day . "/" . $month . "/" . $year;

 

Also, you might look into date options for your database; using datetime might end up a better choice depending upon what you anticipate doing with its values.

 

And, it might be a good practice to put your queries into a string, it makes it easier to test if the values are what you expect.

 

And, (lots of ands LOL), you should validate your form data.

Edited by litebearer

Share this post


Link to post
Share on other sites

Dates should be stored in Y-m-d format in databases, column type DATE.

$dbdate = date ('Y-m-d', mktime(0,0,0,$month,$day,$year));

Use the MySQL function CONCAT() for the names, or concatenate using PHP prior to the insert

$name = "$firstname $lastname";

Or consider storing lastname and firstname in separate columns.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.