prblms in a basic script

blackhawk08

so i have this code, and its giving me all sorts of errors. Poke holes in it so i can resolve the errors....

<html>
<head>
<title>add info into sql</title>
</head>
<body>

<?php
include 'dbconnect.php';
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$age = $_POST['age'];
}
$query = "INSERT INTO Person('FirstName', 'LastName', 'Age')";
mysql_query($query) or die('Error, Insert query failed');

mysql_Close($conn)

?>

<form method="post">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Firstname</td>
<td><input name="Firstname" type="text" id="firstname"></td>
</tr>
<tr>
<td width="100">lastname</td>
<td><input name="lastname" type="text" id="lastname"></td>
</tr>
<tr>
<td width="100">age</td>
<td><input name="age" type="text" id="age"></td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td><input name="add" type="submit" id="add" value="Add New Info"></td>
</tr>
</table>
</form>
</body>
</html>

ignore the connection stuff, im not getting any errors there

dagon

http://dev.mysql.com/doc/refman/5.0/en/insert.html

YAOMK

You have problems in your INSERT syntax as noted by dagon. More specifically you are missing the VALUES clause as well as it respective values. Also you shouldn't place in quotes the names of the columns.

$query = "INSERT INTO Person('FirstName', 'LastName', 'Age')";

should be:

$query = "INSERT INTO Person (FirstName, LastName, Age) VALUES ('$firstname','$lastname','$age')";

blackhawk08

This is my new code,

<html>
<head>
<title>add info into sql</title>
</head>
<body>

<?php


include 'dbconnect.php';
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$Age = $_POST['Age'];

$query = "INSERT INTO Person(FirstName, LastName, Age) Values ('$FirstName', '$LastName', '$Age')";
mysql_query($query) or die('Error, Insert query failed');

mysql_Close($conn)

?>

<form method="POST">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Firstname</td>
<td><input name="FirstName" type="text" id="firstName"></td>
</tr>
<tr>
<td width="100">lastname</td>
<td><input name="lastName" type="text" id="lastName"></td>
</tr>
<tr>
<td width="100">age</td>
<td><input name="Age" type="text" id="Age"></td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td><input name="add" type="submit" id="add" value="Add New Info"></td>
</tr>
</table>
</form>
</body>
</html>

and this is my error

Notice: Undefined index: FirstName in C:\Web\Apache\Apache2\htdocs\anothertest.php on line 11

Notice: Undefined index: LastName in C:\Web\Apache\Apache2\htdocs\anothertest.php on line 12

Notice: Undefined index: Age in C:\Web\Apache\Apache2\htdocs\anothertest.php on line 13
Error, Insert query failed

YAOMK

Notices are not errors per se. You can ignore them switching the constant for the error_reporting() function, from E_ALL to E_ERROR or something as forgiving.

In regards to your insert statement, you are missing the link as the second parameter to mysql_query($query, LINK WITH CONNECTION GOES HERE). Also try adding a line like this after you run your query so that you can see any mysql error for debugging:

echo mysql_errno($link) . ": " . mysql_error($link). "\n";

blackhawk08

can you please ellaborate on what i should have in the "link with connection goes here"?

blackhawk08

my latest code is this:

<html>
<head>
<title>add info into sql</title>
</head>
<body>

<?php


include 'dbconnect.php';
@$FirstName = $_POST['FirstName'];
@$LastName = $_POST['LastName'];
@$Age = $_POST['Age'];
@mysql_query($query) or die('Error, Insert query failed');
@$query = "INSERT INTO Person(FirstName, LastName, Age) Values ('$FirstName', '$LastName', '$Age')";

echo mysql_errno($link) . ": " . mysql_error($link). "\n"; 
mysql_Close($conn)

?>

<form method="POST">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Firstname</td>
<td><input name="FirstName" type="text" id="firstName"></td>
</tr>
<tr>
<td width="100">lastname</td>
<td><input name="lastName" type="text" id="lastName"></td>
</tr>
<tr>
<td width="100">age</td>
<td><input name="Age" type="text" id="Age"></td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td><input name="add" type="submit" id="add" value="Add New Info"></td>
</tr>
</table>
</form>
</body>
</html>

bradgrafelman

Which is quite inefficient and just plain... bad (no offense) to do. What you need to realize is that PHP doesn't know what a form is - it's going to run each line every time the script is run, regardless of whether or not the user has even seen the form yet.

What you need to do, then, is tell PHP to only run the INSERT query and all of that code if the user has submitted the form. One way to do this is to wrap the code that relies on form submission in code such as:

if(!empty($_POST)) {
    // $_POST contains data - process it here
}

Better yet, though, you should make sure the data you need is there as well:

if(!empty($_POST)) {
    $FirstName = (isset($_POST['FirstName']) ? $_POST['FirstName'] : '');
    // etc.
}

That way you won't cause warnings if one or more variables aren't there.

Another important piece of advice is this: you should never place user-supplied data directly into a SQL query else you're leaving yourself vulnerable to SQL injection attacks. To protect yourself (and prevent the user from accidentally breaking your query), you must use a function such as [man]mysql_real_escape_string/man on all user supplied data before it's placed into a SQL query.

YAOMK

I suggested ignoring Notices so that he could solve errors first! I strongly suggest you pick up a book or a tutorial and study the basics of how to connect to a database.

From the php manual:

mysql_query

(PHP 4, PHP 5, PECL mysql:1.0)

mysql_query — Send a MySQL query
Description
resource mysql_query ( string $query [, resource $link_identifier] )

mysql_query() sends an unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified link_identifier.
Parameters

query
A SQL query

The query string should not end with a semicolon. 
link_identifier
The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated. [/QUOTE]
In short you should have followed these steps:

1- Connect to the db:
$connection = mysql_connect("localhost","root","")
2-Select a db:
$db = mysql_select_db("dbName", $connection)
3-Run query
 $result = mysql_query($query)
4-Close db connection
mysql_close($connection);