ricky15 Posted November 14, 2016 Share Posted November 14, 2016 I have this code the form is set to action on itself but when I click the submit button nothing happens no error and no data is inserted into the mysql <html> <head> </head> <title>stock</title> <body> <form action="st.php" method="post"> <input name="code" type="text" > <input name="name" type="text"> <input name="submit" type="submit" > </form> <?php if(isset($_POST['submit'])){ $link = mysql_connect("localhost","root",""); if(!$link){ die("cant connect" . mysql_error()); } mysql_select_db("test",$link); $sql= "INSERT INTO stock (sid,stcode,stname) VALUES ('','$_POST ','$_POST[name]')"; mysql_query($sql,$link); mysql_close($link);}?></body></html> Quote Link to comment Share on other sites More sharing options...
benanamen Posted November 14, 2016 Share Posted November 14, 2016 Your code is complete junk. Obsolete, Insecure, and has been completely removed from php. You need to use PDO. https://phpdelusions.net/pdo Quote Link to comment Share on other sites More sharing options...
ginerjm Posted November 14, 2016 Share Posted November 14, 2016 And just what is this syntax: $_POST I've never seen that. Is it valid? If you turned on php error checking you might see some errors here. Quote Link to comment Share on other sites More sharing options...
Barand Posted November 14, 2016 Share Posted November 14, 2016 I suspect that is the result of putting a forum code tag in the middle of the code Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted November 15, 2016 Share Posted November 15, 2016 (edited) In addition to checking for PHP errors, as suggested by ginerjm, you may also need to see if MySQL is throwing errors. To see if the query failed, for example, you could use the following: $sql= "INSERT INTO stock (sid,stcode,stname) VALUES ('','$_POST[code]','$_POST[name]')"; mysql_query($sql,$link) or die(mysql_error()); And just to clarify what benanamen mentioned, the mysql_* functions were removed in PHP 7.0. So your code needs to be updated in the very near future. More information about the alternatives can be found here:http://php.net/manual/en/mysqlinfo.api.choosing.php As for the security aspect, use caution when dealing with data that users can tamper with, such as the information collected in an HTML form. The code posted, for example, is susceptible to SQL injection attacks. To protect yourself, with the old mysql_* functions, you can use the mysql_real_escape_string() function. More information can be found here: http://php.net/manual/en/function.mysql-real-escape-string.php When switching to PDO (or MySQLi), you will want to look into prepared statements. Edited November 15, 2016 by cyberRobot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.