entering data into database via an html form

ssidellq

Hi... This is my second post, but today's my first day posting... Hi everyone:-)

I'm trying to learn php so that I can create a webpage that allows users to type their info into a form and when they press submit the form gets entered into my database...

I've tried two ways. Making an html script that calls a php script in the form action (I'm having errors with that as posted on the Coding messageboard) and also making one script that has html and php in it.

My first question... if I do one script that contains php and html, do I name it form.html or form.php? (Sorry if this is a dumb question, but none of the resources I've used online spell this step out :-( )

My other questions... when the below code is called form.html I can enter information on the code, but when I press Submit it takes me to an invalid page - I believe this is due to the php_self command in the form action statement.

Also, "// If the form has been submitted ?< " shows before my first field when I load the page.

I'm learning that I have a problem with knowing when to put single quotes and where to put double quotes... is there anywhere where I have the wrong quote?

Can anyone try to help me out, and let me know what I'm doing wrong? I've tried like 4 different php_help statements and none seem to work.

My code:
<html>

<body>

// If the form has been submitted
<?
$ip = getenv('REMOTE_ADDR');
$time = date('D M j');

if(isset($_POST['commented']))
{

// Tell the user it has been submitted (optional)
echo('Your comment has been posted.');

// Set Mysql Variables
$host = 'host';
$user = 'user';
$pass = 'pass';
$db = 'dbname';
$table = 'Student Users';

// Set global variables to easier names
$first = $POST['StudentUsers_firstName'];
$last = $POST['StudentUsers_lastName'];
$school = $POST['StudentUsers_school'];
$gradyear = $POST['StudentUsers_year'];
$gpa = $POST['StudentUsers_gpa'];
$address = $POST['StudentUsers_address'];
$city = $POST['StudentUsers_city'];
$state = $POST['StudentUsers_state'];
$zip = $_POST['StudentUsers_zip'];

// Connect to Mysql, select the correct database, and run the query which adds the data gathered from the form into the database
mysql_connect($host,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
$add_all = "INSERT INTO $table values('$first','$last','$school','$gradyear','$gpa','$address','$city','$state','$zip)";
mysql_query($add_all) or die(mysql_error());
}
else
{

// If the form has not been submitted, display it!
?>

First name:<input type="Text" name="StudentUsers_firstName"><br>

Last name:<input type="Text" name="StudentUsers_lastName"><br>

College:<input type="Text" name="StudentUsers_school"><br>

Graduation year:<input type="Text" name="StudentUsers_year"><br>

GPA:<input type="Text" name="StudentUsers_gpa"><br>

Address:<input type="Text" name="StudentUsers_address"><br>

City:<input type="Text" name="StudentUsers_city"><br>

State:<input type="Text" name="StudentUsers_state"><br>

Zip:<input type="Text" name="StudentUsers_zip"><br>

</html>

</body>

Rodney_H_

Hi, welcome to PHPBuilder.com.

Please use the [ PHP ] <?PHP / code here / [ / PHP ] PHP bb-code tags for displaying your code. The color syntax highlighting makes it easier on the eyes.

The first thing is that if the PHP code is in your html page, you should use a PHP file extension. SO, "form.php" and not "form.html" (unless your server can parse html files for PHP code...)

Also, the commented code was printing on the page because it was not in a PHP block of code.

Another thing, use the full "<?php" php-opening-tags, and not the shortened version "<?" so your code will port to an environment where short-tags have not been enabled.

Oh, and the form action, $_SERVER['PHP_SELF'] , needs to be echoed by PHP, so that is why you were getting the page not found error after submitting the form...

Other than, that, the code looks OK.

I suggest you:

a) Validate user input to make sure the code if filled out prior to entering it into your database (you can use http://us2.php.net/empty for example)

b) you escape the data prior to insertion (for instance http://us2.php.net/mysql_real_escape_string)

Here is the basics, however, that should work.

<?php
// if the form has been submitted, process data:
if(isset($_POST['_submit-check']))
{

// Set Mysql Variables
$host = 'host';
$user = 'user';
$pass = 'pass';
$db = 'dbname';
$table = 'student_users'; // check name of table!


// connect to mysql
$mysql = mysql_connect($host, $user, $pass) 
		 or die(mysql_error());

// select db
$db = mysql_select_db($db) 
	  or die(mysql_error());

// create the query string
$query = "INSERT INTO $table 
		  VALUES(
		  '".mysql_real_escape_string($_POST['firstName'])."',
		  '".mysql_real_escape_string($_POST['lastName'])."',
		  '".mysql_real_escape_string($_POST['school'])."',
		  '".mysql_real_escape_string($_POST['year'])."',
		  '".mysql_real_escape_string($_POST['gpa'])."',
		  '".mysql_real_escape_string($_POST['address'])."',
		  '".mysql_real_escape_string($_POST['city'])."',
		  '".mysql_real_escape_string($_POST['state'])."',
		  '".mysql_real_escape_string($_POST['zip'])."'
		  )";

// execute the query
$result = mysql_query($query) 
		  or die(mysql_error());

if(mysql_affected_rows() == 0)
{
	echo 'Error. Please try again.';
}
else
{
	echo 'Thanks. Data saved in db.';
}
}

// else display the form:
else
{
?>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

First name: <input type="text" name="firstName" /><br />

Last name: <input type="text" name="lastName" /><br />

College: <input type="text" name="school" /><br />

Graduation year: <input type="text" name="year" /><br />

GPA: <input type="text" name="gpa" /><br />

Address: <input type="text" name="address" /><br />

City: <input type="text" name="city" /><br />

State: <input type="text" name="state" /><br />

Zip: <input type="text" name="zip" /><br />

<input type="hidden" name="_submit-check" value="1" />

<input type="submit" value="Post your comment" />

</form>
<?php
}
?>

ssidellq

Rodney H.,

Thanks a lot for the advice!!!