Form Results Not Being Written To Database Table

lynncrystal

Hello,

I am brand new to PHP and am working on a website coded by someone else. I am attempting to get form results to be written to a table (tblform) in a database. Although I am not getting any error messages when I test and complete the form online, the form contents appear to be going into a black hole of sorts, since they aren't being written as a database record.

Any assistance you can offer would be greatly appreciated, and I apologize in advance if the problem is something obvious that my lack of experience is causing me to miss! Thank you -- Lynn

Here is the code for the form:

And here is the php code:

<?php # Script 8.5 - handle_submit_url.php
$message = '<font color="red">The following errors occurred:<br />';
$problem = FALSE;
if (!eregi ("^[[:alpha:].' -]{3,50}$", stripslashes(trim($POST['name'])))) {
$problem = TRUE;
$name = $POST['name'];
$message .= '<p>Please enter a valid name.</p>';
}
if (!eregi ("^{[[:alnum:]][a-z0-9.-]@[a-z0-9.-]+.[a-z]{2,4}$",} stripslashes(trim($POST['email'])))) {
$problem = TRUE;
$email= $POST['email'];
$message .= '<p>Please enter a valid email address.</p>';
}
if (!eregi ("^[[:alnum:].' -]{2,50}$", stripslashes(trim($POST['address'])))) {
$problem = TRUE;
$email= $POST['address'];
$message .= '<p>Please enter a valid address.</p>';
}
if (!eregi ("^[[:alpha:].' -]{2,40}$", stripslashes(trim($POST['city'])))) {
$problem = TRUE;
$name = $POST['city'];
$message .= '<p>Please enter a valid city.</p>';
}
if (!eregi ("^[[:alpha:].' -]{2,2}$", stripslashes(trim($POST['state'])))) {
$problem = TRUE;
$name = $POST['state'];
$message .= '<p>Please enter a valid state.</p>';
}
if (!eregi ("^[[:digit:].' -]{5,5}$", stripslashes(trim($POST['zip'])))) {
$problem = TRUE;
$email= $POST['zip'];
$message .= '<p>Please enter a valid zip code.</p>';
}
if (!eregi ("^[[:alpha:].' -]{3,40}$", stripslashes(trim($POST['country'])))) {
$problem = TRUE;
$name = $POST['country'];
$message .= '<p>Please enter a valid country.</p>';
} /else {
$email = eregi_replace ("^{[[:alnum:]][a-z0-9}.-]@[a-z0-9.-]+.[a-z]{2,4}$", '<a href="mailto:\0">Email</a>',stripslashes(trim($_POST['email'])));
}/
// validate text area here

if (!$problem) {

$dbuser="******";
$dbpass="";
$dbname="******";

$table="tblform";
$chandle = mysql_connect("MySQLHost", $dbuser, $dbpass)
or die("Connection Failure to Database");
mysql_select_db($dbname, $chandle) or die ($dbname . " Database not found. " . $dbuser);
$sqlquery="INSERT INTO $table VALUES('$POST[name]','$POST[age]','$POST[email]','$POST[address]','$POST[city]','$POST[state]','$POST[zip]','$POST[country]')";
mysql_db_query($dbname, $query1) or die("Failed Query of " . $query1);
echo '<h2> Thank you for signing up! </h2>';
} else {

echo $message;
echo '</font><p>Please go back and try again.</p>';

}

drew010

the problem appears to be that the query is created as

$sqlquery="INSERT INTO $table VALUES('$_POST[name]','$_POST[age]','$_POST[email]','$_POST[address]','$_POST[city]','$_POST[state]','$_POST[zip]','$_POST[country]')";

however, the variable that is being used is not correct

mysql_db_query($dbname, $query1) or die("Failed Query of " . $query1);

you will notice that $query1 is being used, but the actual query is stored in $sqlquery.

another small note, if warnings were turned on, there would be a bunch of warnings about undefined constants in the query because of how the post values are used. the best way to formulate that query would be like this:

$sqlquery = sprintf("INSERT INTO `%s` 
                     VALUES('%s','%s','%s','%s','%s','%s','%s','%s'", 
                     $table, $_POST['name'], $_POST['age'], $_POST['email'], $_POST['address'], $_POST['city'], $_POST['state'], $_POST['zip'], $_POST['country']);

lynncrystal

Drew,

First off, thanks for taking the time to respond to my post.
I appreciate your help!

I went back in and changed $query1 to $sqlinquiry, which made perfect sense to me once you pointed it out 🙂 and pasted in the proper formatting of the query you were kind enough to provide me with. But now, when I test the form, I receive the following error message:

Failed Query of INSERT INTO tblform VALUES('Lynn Crystal','','lynn@main.com','742 Main Street','Main Field','NJ','07410','USA'

I notice in the error message above that there is a quotation mark after the name value that appears to be incorrect, but when I look at the code, I don't see an instance where there's a quotation mark rather than an apostrophe.

I have to leave on business until Wednesday, so I'm going to print out my code and some php documentation to study while I'm away -- hopefully, I'll be a bit more well-versed when I get back!

Thanks again, Drew.

Best,
Lynn