[RESOLVED] Adding to database from browser

MitchEvans

I want to be able to press a button from my webpage that will allow users to add details to my database.

The text will read "add details".

Any ideas?

void_function

<form action="scriptthataddsdetails.php" method="post">
// form elements here that contain the details
<input type="submit" value="Add details">
</form>

MitchEvans

It's the code for the addnewdetails.php that i don't understand, what would go in there?

void_function

Well, assuming that your form elements containing the data are named, those names become keys in the $POST superglobal, if form's method is POST, or in $GET superglobal if form's method is GET. Then you clear potential SQL injection threat with type-casting integers and escaping strings, and insert in your database. The most basic example:

The form:

<form action="thescript.php" method="post">
<input type="text" name="some_string_data">
<input type="text" name="some_integer_data">
</form>

thescript.php:

// Connect to db
$db= mysql_connect ('server', 'username', 'password');
mysql_select_db ('database_name', $db);

// Get data from form elements with names some_string_data and some_integer_data
$some_string= mysql_real_escape_string ($_POST['some_string_data']);
$some_integer= (int) $_POST['some_integer_data'];

// Insert into the database
$res= mysql_query ("INSERT INTO table_name (fieldname1, fieldname2) VALUES ('$some_string', $some_integer)");

Of course, your database tables should be created according to what data it should store, in this case fieldname1 should be field containing strings (CHAR, VARCHAR or TEXT), and fieldname2 should be a numeric field (for example, TINYINT, SMALLINT, INT, ...).

Hope this helps.

MitchEvans

Yes that looks good! I just want to know now how I can add the details where the id in my database =1 etc.

void_function

$res= mysql_query ("UPDATE TABLE tablename SET fieldname1='$some_string_data', fieldname2=$some_integer_data WHERE id=$id");

The above assumes you have a variable $id with the ID of the row, and that your table contains the field "id" that is primary_key of the table.

MitchEvans

How do i get this to work then:

<FORM method="post">
<P>
<LABEL for="operational_type">New Requirement Type: </LABEL>
<INPUT type="text" id="operational_type"><BR>
<INPUT type="submit" value="Add New Type">
</P>
</FORM>

$connection = mysql_connect($dbhost, $dbusername, $dbpass) or die (mysql_error());
$SelectedDB = mysql_select_db($dbname,$connection);
// Get data from form elements with names some_string_data and some_integer_data
$some_string= mysql_real_escape_string ($_POST['operational_type']);
// Insert into the database
$res= mysql_query ("INSERT INTO require (require_txt) VALUES ('$some_string') WHERE rtid=1");

void_function

Change <INPUT type="text" id="operational_type"> into <INPUT type="text" name="operational_type"> unless you need the id attribute of the tag, in which case just add name="operational_type". $_POST var contains keys according to the 'name' attribute of form elements.

MitchEvans

Okay so I think i've got all the code there, its just where it all goes, any chance you could just re-arrange it so it works? Would be so greatful!!!

void_function

You must realize that HTTP works on the request-response basis. You have a page with the form, and when someone clicks the submit button, the script named in form's action attribute is called, so naturally you would place the PHP code that parses input values and inserts them into the db into that script.

So, if your form declaration (present in the client's browser) starts with:

the script 'thescript.php' on the server will be contacted with all the necessary values passed to it. The script then inserts values into db, and responds with a message or routes to another URL.