Im new to PHP and need yor help

jayinhalifax

im trying to update a data base table with 2 variables , (a customers first name and their email address) attached is a copy of the php script.

The php page is returned with the correct details showing the name and email address that the customer entered via text fields from the pre page but the database is not updated.

can anyone help....(In new to php...)

thorpe

There is nothing attached to your post. Just post the relevent code within [ php ] [ / php ] tags. (no spaces)

ClarkF1

Try:

<?php 
// Inserts first name and email address intot the b_request table 


$connect = mysql_connect("localhost", "username", "password") or die ("Wrong password, jerk.");
mysql_select_db ("db_name") or die(mysql_error());


$query = "INSERT INTO B_request (`name`, `email`) VALUES ('".mysql_real_escape_string($_POST['name'])."', '".mysql_real_escape_string($_POST['Email'])."')"; 
$result = mysql_query($query) or die('Error:'.mysql_error()); 	
?>

mysql_real_escape_string() protects you against SQL injection.

You may also want to make sure the email address is a valid one before inserting it into the database. There are plenty of threads on form validation here.

Post any error message you get.

pradee

I think your broblem is solved by the previous answer, but you can have it this way too.


$connect = mysql_connect("localhost", "username", "password") or die ("Sorry, the connection failed.");
mysql_select_db ("db_name") or die(mysql_error());


$query = "INSERT INTO B_request (`name`, `email`) VALUES ('$_POST[name]', '$_POST[Email]')"; 
$result = mysql_query($query);

Piranha

pradee wrote:

I think your broblem is solved by the previous answer, but you can have it this way too.


$connect = mysql_connect("localhost", "username", "password") or die ("Sorry, the connection failed.");
mysql_select_db ("db_name") or die(mysql_error());


$query = "INSERT INTO B_request (`name`, `email`) VALUES ('$_POST[name]', '$_POST[Email]')"; 
$result = mysql_query($query);

But you can't have it this way without risking problems with your database. You should use mysql_real_escape_string to make sure that the database is as safe as possible.

pradee

Yeah, true. You are talking about SQL Injection Attacks. Thanks for reminding me.