[RESOLVED] Inserting data into MySQL from FORM, best practice?

stroix

I have 3 files, step1.html, step2.php and process.php, I have provided the code to all these below and is running at www.myasvn.org/_/ur/step1.html

As of now I have a "process.php" which the form uses to insert the submitted information into a MySQL database.

1) Should I keep it as it is; separate, or should I include it within the step2.php code.

With it being separate right now, I am running into some issues of not having all of the fields filled in since some of them are not being shown. It is giving me this error when running locally:

2) How can I make the fields required in the form and still have some that will not be filled when the form is not shown?

3) Is there a better way to insert data into MySQL from what I am doing? Just seems a bit strange to do 3 querys.

Notice: Undefined index: company in /Web Directory/ur/process.php on line 14

Notice: Undefined index: workphone in /Web Directory/ur/process.php on line 14
1 record added

step1.html:

<form id="form1" name="form1" method="post" action="step2.php">
  <p>
    <input type="radio" name="group1" value="personal">
    Personal Information
    <br>
  <input type="radio" name="group1" value="work" checked> 
  Work Information</p>
  <p>
    <label>
    <input type="submit" name="submit" id="submit" value="continue..." />
    </label>
    <br>
    </p>
</form>

step2.php:

<?php

$group1 = $_POST['group1'];

if ($group1 == "personal"){

print<<<HERE

   <form id="form1" name="form1" method="post" action="process.php">
     <p><strong>Personal Information</strong></p>
     <p>Full Name: 
       <label>

   <input type="text" name="name" id="name" />
   </label>
 </p>
 <p>Cell Phone: 
   <label>
   <input type="text" name="cellphone" id="cellphone" />
   </label>
 </p>

HERE;

} else if ($group1 == "work") {

print<<<HERE
   <form id="form1" name="form1" method="post" action="process.php">
     <p><strong> Work Information</strong></p>
     <p>Company Name: 
       <label>
       <input type="text" name="company" id="company" />
       </label>
     </p>

 <p>Work Phone: 
   <label>

   <input type="text" name="workphone" id="workphone" />
   </label>
 </p>

HERE;

}
?>

  <hr />
  <p><strong>Other Information</strong></p>
  <p>Your message:</p>
  <p>
    <label>

<textarea name="message" id="message" cols="45" rows="5"></textarea>
</label>
  </p>
  <p>&nbsp;</p>
  <p>
    <label>
    <input type="submit" name="submit" id="submit" value="Submit" />
    </label>

  </p>
</form>

process.php:

<?php

// 1. Create a database connection
$connection = mysql_connect("x", "x", "x");
if (!$connection) {
	die("Database connection failed: " . mysql_error());
}

// 2. Select a database to use
$db_select = mysql_select_db('ur', $connection);

mysql_query("INSERT INTO personal (name, cellphone) VALUES ('$_POST[name]', '$_POST[cellphone]')");

mysql_query("INSERT INTO work (company, workphone) VALUES ('$_POST[company]', '$_POST[workphone]')");

mysql_query("INSERT INTO message (message) VALUES ('$_POST[message]')");

echo "1 record added";

mysql_close($connection)
?>

Thank for your support and advice.

daredevil14

Hello there...

1) Firstly, why don't you put step1 and step2 together as html pages and process.php alone... that'd be better... and if you wanted to put process.php within step1+step2 then don't forget to write the following :

if  ( isset($_POST["submit"]) )
  {
  /*
  Insert our data to MySQL
  */
  }

2) As for your problems, it seems that you have a problem with the variables because sometimes : "company" and "workphone" are not defined ( because of the choice of the radio form ) and you continue to insert them so a problem would be generated... the solution of this is :

if ( !empty($_POST["company"]) )
  {
  // Insert it...
  }

and so on...

3) About making the fields - or some fields - required... is quite easy... all you have to do - with php if you want - is to include at the begining of the process page :

if ( empty($_POST["our-required-field"]) )
  {
  header("location: form.php?msg=This Field Is Required"):
  // or
  // echo "This Field Is Required";
  }

please note that at the form.php page, u should write :

if ( isset($_GET["msg"]) )
  {
  echo $_GET["msg"];
  }

but hey do you know some basics of Javascript ? if so, why don't you make the fields required with it ? this would definitely be faster and more dynamic... ex :

<script type="text/javascript">
function check()
elem = document.getElementById("required-field").value.length;
  {
  if ( elem == 0 )
    {
    alert("Missing Data In This Required Field!!");
    elem.focus();
    return;
    }
  }
</script>

<!-- consider the button below, a submit button of the form -->
<input type="text" name="required-field" id="required-field" />
<input type="button" name="submit" onclick="check()" />

4) finally, u are missing alot my friend... it is very dangerous to insert your POSTed data directly to your MySQL, due to SQL injections problems... i.e : it's wrong to insert the following :

<?php 
$sql = "INSERT INTO tbl(name) VALUES ('$_POST[name]')"; 
?>

instead, the following should be done :

<?php

if ( get_magic_quotes_gpc() )
  {
  $name = htmlentities(mysql_real_escape_string(stripslashes($_POST["name"]), $dbconnection));
  }
  else
  {
  $name = htmlentities(mysql_real_escape_string($_POST["name"], $dbconnection));
  }

// then :

$sql = "INSERT INTO tbl(name) VALUES ($name)";

?>

Good luck...

stroix

Well let me just say that you are simply awesome!

Thank you, I will do exactly what you have suggested. However I am still unsure of how to put step1.html and step2.php together, I would like to... just not sure how. I will keep process.php separate unless the php communty strongly feels that it should be combined with step1/step2.

So thanks once again! If you have some time, please provide an example of combining step1 and step2. I will definitely start working on your other suggestions now. =)

stroix

Can someone offer a suggestion on how to go about combining step1.html and step2.php? I played around a bit but I am definitely not getting the results I am looking for.

What would you do to combine the two steps? Thanks!

stroix

Figured it out, thanks guys!