[solved] php + mysql = confusion!

ardyandkari · January 13, 2007

ok, here's the problem...

i have created a php page that works...sort of... i dont think that the problem is in the php, but even if it isnt, ill post it here too:

[code]<?
$hostname="mysql.someserver.net";
$username="pass";
$password="word";
$dbname="dbname";
$usertable="a table";
$first=$_POST['name'];
$last=$_POST['type'];
$phone=$_POST['phone'];
$mobile=$_POST['city'];
$fax=$_POST['county'];
$email=$_POST['email'];
$web=$_POST['web'];
$description=$_POST['description'];

mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect to database! Please try again later.");
mysql_select_db($dbname);

$query = "INSERT INTO customers VALUES ('$name','$type','$phone','$city','$county','$email','$web','description')";
$result = mysql_query($query) or die(mysql_error());

mysql_close();
?>[/code]

the problem i am having is when i use the php file it places a row in the mysql db, but it is blank.......
any idea what is going on?

Barand · January 13, 2007

If you open this file without posting data to from a form then all fields will be blank.

Use
[code]<?php

if (isset($_POST['first'])) {

/// your code here

}

?>
[/code]

ardyandkari · January 13, 2007

when testing the form i just put in gibberish into the fields.

i thought that the script should have put the randomness into the rows on the db, but it didnt...

using phpadmin (i think thats what it is...) i tried to manually input some data in another db...it didnt come up with anything...
then i changed something (i dont remember, i think it had something to do with ascii) and it placed the data into the table...

i was just toying around with the db because it was my first time.

thanks for the input.

ardyandkari · January 14, 2007

*bump*

Philip · January 14, 2007

Look at http://www.tizag.com/mysqlTutorial/mysqlinsert.php for more info.

You aren't telling it where to send the values to.

ardyandkari · January 14, 2007

changed to
[code]$query = "INSERT INTO db (name, type, phone, city, county, email, web, description) VALUES ('$name', '$type', '$phone', '$city', '$county', '$email', '$web', '$description')";
$result = mysql_query($query) or die(mysql_error());
[/code]
still doesnt place values into db....

also tried this
[code]$query = "INSERT INTO db ('name', 'type', 'phone', 'city', 'county', 'email', 'web', 'description') VALUES ('$name', '$type', '$phone', '$city', '$county', '$email', '$web', '$description')";
$result = mysql_query($query) or die(mysql_error());
[/code]

Barand · January 14, 2007

The first looks OK except you are inserting into db. Shouldn't the table name be customers?. The second is wrong - never put quotes round col names.

ardyandkari · January 14, 2007

the first i edited for no real reason...

i tried the second and it errored out....

maybe i should be putting the =CHAR in the code...

fenway · January 14, 2007

But you're not getting any error from the first?

ardyandkari · January 14, 2007

nope...no error. it creates a row, and doesnt put any info into it...

Philip · January 14, 2007

Try this first, please tell us the results:
[code]
<?php
$query = "INSERT INTO db (name, type, phone, city, county, email, web, description) VALUES ('$name', '$type', '$phone', '$city', '$county', '$email', '$web', '$description')";
$result = mysql_query($query) or die(mysql_error());
echo $query;
?>[/code]

If it shows something like [quote]INSERT INTO db (name, type, phone, city, county, email, web, description) VALUES ('', '', '', '', '', '', '', '')[/quote] Try this next one:

[code]
<?php
$query = "INSERT INTO `db` (name, type, phone, city, county, email, web, description) VALUES ('".$name."', '".$type."', '".$phone."', '".$city."', '".$county."', '".$email."', '".$web."', '".$description."')";
$result = mysql_query($query) or die(mysql_error());
echo $query;
?>[/code]

ardyandkari · January 15, 2007

first one echoed INSERT INTO customers (name, type, phone, city, county, email, web, description) VALUES ('', '', '', '', '', '', '', '')

the second returns this error:
Duplicate entry '' for key 1

i changed the second to this:
[code]VALUES ('.$name.', '.$type.', '.$phone.', '.$city.', '.$county.', '.$email.', '.$web.', '.$description.')";
$result = mysql_query($query) or die(mysql_error());[/code]

and it echoed this:
INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('..', '..', '..', '..', '..', '..', '..', '..')

for some reason it isnt finding the variables....

btherl · January 15, 2007

The variable names you are using here

[code=php:0]$first=$_POST['name'];
$last=$_POST['type'];
$phone=$_POST['phone'];
$mobile=$_POST['city'];
$fax=$_POST['county'];
$email=$_POST['email'];
$web=$_POST['web'];
$description=$_POST['description'];[/code]

don't match the variable names you are using here:

[code=php:0]$query = "INSERT INTO customers VALUES ('$name','$type','$phone','$city','$county','$email','$web','description')";[/code]

If you say [code=php:0]$first = $_POST['name'][/code] then you must use [code=php:0]$first[/code] in your query, not [code=php:0]$name[/code]

ardyandkari · January 15, 2007

yea, i noticed that last night and changed it...

it didnt help...

thanks though...

Philip · January 15, 2007

When using a variable in double quotes, you have to either "bla blah". $bear ." blah" it. You have to end the quote, have a continuation (the period) and then show your variable.

...or use curly braces " blah blah {$bear} blah"

ardyandkari · January 15, 2007

used this
[code]$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ({$name}, {$type}, {$phone}, {$city}, {$county}, {$email}, {$web}, {$description})";
[/code]

got this
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , )' at line 1

used this
[code]$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('{$name}', '{$type}', '{$phone}', '{$city}', '{$county}', '{$email}', '{$web}', '{$description}')";
[/code]

got this
INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('', '', '', '', '', '', '', '')
still inserting blanks...

Barand · January 16, 2007

In the form that calls this script, is the method GET or POST?

ardyandkari · January 16, 2007

[code] <p align="left"><form action="../insert.php" method="post">
<p>Company Name:
<input type="text" name="name">
<br>
Company Type:
<input type="text" name="type">
<br>Phone:
<input type="text" name="phone">
<br>
City:
<input type="text" name="city">
<br>
County:

<input type="text" name="county">
<br>

E-mail:
<input type="text" name="email">
<br>
Web:
<input type="text" name="web">
<br>
Company Description:
<textarea name="description" cols="50">Type your description here!</textarea>
<br>
<input type="Submit">
</form></p>
[/code]

btherl · January 16, 2007

Can you post your entire script again, after you fixed the variable names at the start? That should have fixed things.

ardyandkari · January 16, 2007

the form:
[code]
Input your information</h1>
<p align="left"><form action="../insert.php" method="post">
<p>Company Name:
<input type="text" name="name">
<br>
Company Type:
<input type="text" name="type">
<br>Phone:
<input type="text" name="phone">
<br>
City:
<input type="text" name="city">
<br>
County:
<input type="text" name="county">
<br>

E-mail:
<input type="text" name="email">
<br>
Web:
<input type="text" name="web">
<br>
Company Description:
<textarea name="description" cols="50">Type your description here!</textarea>
<br>
<input type="Submit">
[/code]

the script:
[code]<?
$hostname="mysql.someserver.net";
$username="pass";
$password="word";
$dbname="database";
$usertable="table";
$name=$_POST['"name"'];
$type=$_POST['"type"'];
$phone=$_POST['"phone"'];
$city=$_POST['"city"'];
$county=$_POST['"county"'];
$email=$_POST['"email"'];
$web=$_POST['"web"'];
$description=$_POST['"description"'];

mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect to database! Please try again later.");
mysql_select_db($dbname);
$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('{$name}', '{$type}', '{$phone}', '{$city}', '{$county}', '{$email}', '{$web}', '{$description}')";
$result = mysql_query($query) or die(mysql_error());
echo $query;mysql_close();
[/code]

on the mysql forum this guy said that the variables were being lost somewhere and i could echo somewhere earlier, but i dont know where...all that i have is the query and the result...should i echo the result also? or would that do nothing....ill try before you say anything...

by the way, thanks for all of the help.

ardyandkari · January 16, 2007

ok i dont know what i did...

i thought that i had tried all combinations of everything, but i was just adding and deleting and it came up...

i will post the code.

the form i didnt change at all...

the script:
[code]<?
$hostname="mysql.someserver.net";
$username="pass";
$password="word";
$dbname="database";
$usertable="table";
$name=$_POST['name'];
$type=$_POST['type'];
$phone=$_POST['phone'];
$city=$_POST['city'];
$county=$_POST['county'];
$email=$_POST['email'];
$web=$_POST['web'];
$description=$_POST['description'];

mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect to database! Please try again later.");
mysql_select_db($dbname);
$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('{$name}', '{$type}', '{$phone}', '{$city}', '{$county}', '{$email}', '{$web}', '{$description}')";
$result = mysql_query($query) or die(mysql_error());
echo $query;mysql_close();
?>
[/code]
please tell me what i did.....

thanks again for all of the help! ;D

ardyandkari · January 16, 2007

also, i am planning to password protect the entire directory that the form resides in with .htaccess... i am using this to allow my prospective clients to upload their information themselves. that way i wouldnt have to really do anything.

the question i have in regards to this is: should i put some code in there to prevent an injection attack? they will all be customers of mine, and it will be password protected.

another question...can i use a list/menu box instead of the normal text box?

fenway · January 16, 2007

Injection attacks can be prevented by proper quoting, most DB wrapper do this for you.

ardyandkari · January 16, 2007

[quote author=fenway link=topic=122238.msg506275#msg506275 date=1168972948]
Injection attacks can be prevented by proper quoting, most DB wrapper do this for you.
[/quote]

huh? db wrapper??? quoting???

dar....me dumm clod

fenway · January 16, 2007

Do you see how your values are quoted? This is good.

Sign In

[solved] php + mysql = confusion!

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information