mysql insert

etoast

Hello
I am pretty sure I am doing something really dumb here.

But I cannot for the life of me see what it is.
It is a simple mysql insert but nothing is going into the db.
Both form and PHP query are on the same page.
The result I get is the error and the print out of values,
all of which look correct.
The first one 'plot' is generated from a google map.
The mysql_connect.php file looks fine.
I'm stuck and would really appreciate any comments.
Thank you!

<?php
require_once ('mysql_connect.php');
  if ($HTTP_POST_VARS['submit']) {
$plot=$HTTP_POST_VARS['plot'];
$agency=$HTTP_POST_VARS['agency'];
$houseID=$HTTP_POST_VARS['houseID'];
$named=$HTTP_POST_VARS['named'];
$described=$HTTP_POST_VARS['described'];
$sleeps=$HTTP_POST_VARS['sleeps'];
$linkz=$HTTP_POST_VARS['linkz'];
     $query ="INSERT INTO cottagemap (plot, agency, houseID, named, described, sleeps, linkz)";
     $query.=" VALUES ('$plot','$agency','$houseID','$named','$described','$sleeps','$linkz')";
     $result=mysql_query($query);
     if ($result) {
echo "<span style=\"font-weight:600; color:rgb(73,68,177);\">ok, new house added!</span>";
} else {
echo "<strong>ERROR: unable to post.</strong>";
echo "$houseID -- $named -- $agency -- $plot -- $sleeps -- $linkz -- $described";
  }
}
 ?>

and the form...

<form method="POST" action="whatever.php">
<input type="hidden" name="plot" id="output" />
<input name="agency">
<input name="houseID">
<input name="named">
<textarea name="described"></textarea>
<select name="sleeps">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option></select>
<input name="linkz" value="http://">
<input type="submit" name="submit" value="submit">
</form>

Piranha

You should use $_POST['value'] instead of $HTTP_POST VARS['value']. The second way is depreciated.
What happens when you output $query, does it look like it should? Try to use it in a database handler, such as phpmyadmin or sqlyog to see more clearly what the problem is.
Use this: $result=mysql_query($query) or die(mysql_error); Then you will get the error on the screen (but probably not as detailed as in point 2).
You should really search for "sql injection" and "database injection" (the same thing) to get to know how to protect the database. It is no idea to continue to develop until you know that since it requires changes for EVERY query.

[edit] Since it is posted in the newbies forum I will give you an idea of how the code could look like:

$linkz=$_POST['linkz'];
     $query ="INSERT INTO table (linkz) VALUES ('$linkz')";
echo $query;
     $result=mysql_query($query) or die(mysql_error);

But don't forget to add protection for sql injection as well.[/edit]

etoast

thank you.
the output to the page I get now is:

INSERT INTO table (plot, agency, houseID, named, described, sleeps, linkz) VALUES ('52.241256,-0.878906','3','44','blue','blah','4','http://')mysql_error

is it something to do with the comma in the 'plot' value perhaps?

Piranha

Of course it would be good to see the errors that you receive since we have no idea what is outputted on your screen.

NogDog

You're missing the "()" at the end of "mysql_error()", so "mysql_error" is being treated as a self-defined constant.

     $query ="INSERT INTO cottagemap (plot, agency, houseID, named, described, sleeps, linkz)";
     $query.=" VALUES ('$plot','$agency','$houseID','$named','$described','$sleeps','$linkz')";
     $result=mysql_query($query) or die("Query failed [$query]: " . mysql_error());

Opimus

I'll post here for the sake of thread's completeness😃

First about what etoast is using in his code

$query ="INSERT INTO cottagemap (plot, agency, houseID, named, described, sleeps, linkz)";
     $query.=" VALUES ('$plot','$agency','$houseID','$named','$described','$sleeps','$linkz')";

This $query. (with a dot) is a way of concatenation? So he is like continuing the query although he could do it in one line? Or is there any reason to this?

My galling problem with (simple:rolleyes: ) insert statement: It is a simple mysql insert but nothing is going into the db. (like etoast said).

<html>
<head>
 <title>feedback</title>
</head>

<body>
<?php
	if (!$_POST['user'] || !$_POST['email'] || !$_POST['comments']) {
		?>
<h2>Fill in</h2>
<br />
Please fill in all field.
<br />
<a href="feedback.html">Go back</a>
		<?php
		exit;
	}
	$user = addslashes($_POST['user']);
	$email = addslashes($_POST['email']);
	$comments = addslashes($_POST['comments']);

$db = mysql_connect("localhost", "root");
mysql_select_db("sample", $db);

$addfeedback = "INSERT INTO feedback (user, email, spam, comments)
	VALUES ('.$user.', '.$email.', '.$spam.', '.$comments.')";
$result = mysql_query($feedback); 
?>
<h2>Thank you</h2>
<br />
We have added your comment to our database.
</body>
</html>

I get the Thank you We have added your comment to our database. but that has to do something with that this is just a plain HTML always output no matter what PHP does (or doesn't)?

I'm suspecting the exit; statement (although it is put into the if clause).

The tutorial says to put another double quotes into query like this:

$addfeedback = "INSERT INTO feedback (user, email, spam, comments)
		VALUES ('".$user."', '".$email."', '".$spam."', '".$comments."')";

saying that some problems could arrise regarding the different PHP configurations.

Is this still a thing (the tutorial is outdated you see) with "new" (PHP5?) PHP? Won't work with just ' or with ' and " together.

NogDog

One thing you need to get into the habit of doing is never assuming anything worked if there is any possibility it might have failed:

//
    $db = mysql_connect("localhost", "root") or die("DB Connection failed"); 
    mysql_select_db("sample", $db) or die("DB select failed");

// no need for the concatenation "." characters withing the double-quoted string:
$addfeedback = "INSERT INTO feedback (user, email, spam, comments)
    VALUES ('$user', '$email', '$spam', '$comments')";
$result = mysql_query($feedback) or die("Query failed: " . mysql_error());

Opimus

MySQL returns: Query failed: Query was empty. I have removed all dots from query and put in all the or die as you've told me to.

Is it possible that the first if statement performs the exit; command?

<?php
if (!$_POST['user'] || !$_POST['email'] || !$_POST['comments']) {
        ?>
<h2>Fill in</h2>
<br />
Please fill in all field.
<br />
<a href="feedback.html">Go back</a>
        <?php
        exit;
    }

Opimus

$addfeedback = "INSERT INTO feedback (user, email, spam, comments)
VALUES ('.$user.', '.$email.', '.$spam.', '.$comments.')";
$result = mysql_query($feedback);:rolleyes::o