Why wont this work?!?

loktar

Ok after 3 days of messing with PHP and MySQL im getting very annoyed can someone tell me why in the heck this script wont work? It just keeps inserting blank fields into my database the variables arent being passed.

Heres the html form.

<html>
<head>
</head>
<center>
<form method="GET" action="script.php">
<input type="hidden" name="id" value="null">
<table>
<tr><td align="left">Name</td>
<td><input type="text" name="name"></td>
</tr>
<tr><td align="left">Telephone</td>
<td><input type="text" name="telephone" size="20"></td>
</tr>
<tr><td align="left">Birthday</td>
<td><input type="text" name="birthday" size="20"></td>
</tr>
<tr><td colspan="2">
<p align="center">
<input type="submit" value="Enter record">
</td>
</tr>
</table>
</form>
</center>
</html>

Heres the script.php

<?
$DBhost = "localhost";
$DBuser = "root";
$DBpass = "blahblah";
$DBName = "bomb";
$table = "details";

mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");

@mysql_select_db("$DBName") or die("Unable to select database $DBName");

$sqlquery = "INSERT INTO $table VALUES('$id','$name','$telephone','$birthday')";

$results = mysql_query($sqlquery);

mysql_close();

print "<html><body><center>";
print "<p>You have just entered this record<p>";
print "Name : $name<br>";
print "Telephone : $telephone<br>";
print "Birthday :$birthday";
print "</body></html>";
?>

I have also tried the post method instead of get still dosent work. Hope someone can please help is there some kind of setting in PHP 5 or something maybe in the ini?

paulnaj

Hi loktar,

I think it's probably the old predefined variables problem. :queasy: That is, refer to variables sent to the script.php page as $GET['id'], $GET['name'], etc ... NOT just $id, $name, etc.

Hope that helps.

By the way, do yourself a large favour 😉 and test the values sent from outside the page before you insert/update/delete entries in your database. It's a good idea to get this test going BEFORE any other code. Don't assume that variables sent have good values.

Not only does this make your code more secure, it'll also help to find annoying bugs.

For example, had you put ...

if(!isset($id) || $id == ''){ // or something similar
die("id is empty or zero-length!");
}

... before the line ...

$sqlquery = "INSERT INTO $table VALUES('$id','$name','$telephone','$birthday')";

... then you would have found out that $id was empty, or whatever.

Of course, more than one test is needed!!

Paul 🙂