PHP Insert Question

klycette

Would someone be able to point me in the direction of a good tutorial on inserting into a mySQL database where the form handling is performed on the same page as the form itself? I've tried a few things, but I always get a message saying that my variable is undefined in the insert statement.

Also, what are the pros and cons of using $variable over $HTTP_POST_VARS['variable']? I've heard that the POST version is more secure and runs faster, but most people seem to use $variable when dealing with forms.

Thanks in advance.

barand

You have basically 2 choices for submitting forms

method="get" or
method="post"

the get method puts the values from the form into a querystring appended to the URL,, such as

http ://www.domain.com?item1=avalue&item2=another

PROS : you can see what you are sending (good for testing), page easily refreshed
CONS: everyone else can see what you send and limited in length of query string

The post method sends the data embedded in a message to the action page and you can't see whats sent and no limit to length.

When it comes to processing the form, older version of php use $HTTP_GET_VARS and $HTTP_POST_VARS arays to access the data sent by the respective methods. Later version use $GET and $POST arrays.

Also in earlier versions a setting called "register_globals" was set ON by default. This caused php to automatically create a variable for each item sent.

So you only needed $variable and not $HTTP_POST_VARS['variable']. The has adverse security implications so now the setting is OFF by default and to access the variables you use

$variable = $_POST['variable'] etc.

As for form processing, something like this

<?php
// get form items
$accountnumber = $_POST['accountnumber'];
$name = $_POST['name']


if ($accountnumber) {
    $db = mysql_connect("localhost", "root");
    mysql_select_db("tablename",$db);
    $result = mysql_query("INSERT INTO tablename(account, name) VALUES ('$accountnumber','$name')");
    if ($result) {
        echo "Record added<br>";
    } else {
        echo "Record NOT added<br>";
    }
} else {
        echo "<p>Please enter an details</p>";
}

?>

<html>
<body>

<FORM  action="<?=$_SERVER[PHP_SELF]?>" method="POST">
Account : <INPUT TYPE="TEXT"  name="accountnumber" value="" size="5" maxlength="5"><BR />
Name : <INPUT TYPE="TEXT"  name="name" value="" size="50" maxlength="50"><BR />
<INPUT TYPE="SUBMIT"  name="submit" value="Submit">
</FORM>


</body>
</html>

Gets the post items
Form action calls itself
If items were sent, insert (may want to validate first)

hth