Can't find my error

dmcglone

Hi Everyone, I put together this little db insert and I can't figure out where it's going wrong. Everything works except it is inserting blank records and not the contents of the filled out form. Here's the code. It seems I'm missing something, like aImissed a step or something, but I followed a previous example except I had to change the sql to INSERT instead of UPDATE, could it be failing because I am not adding the auto increment field? If so would that be done by inserting a NULL in the sql statement?

<?php

function input_form(){

$conn = my_conn();

mysql_select_db("students", $conn);

$insert = "INSERT INTO students";
$insert .= "First = '" . $POST['First'] . "', ";
$insert .= "Middle = '" . $POST['Middle'] . "', ";
$insert .= "Last = '" . $POST['Last'] . "',";
$insert .= "Birthdate = '" . $POST['Birthdate'] . "',";
$insert .= "Address = '" . $POST['Address'] . "',";
$insert .= "City = '" . $POST['City'] . "',";
$insert .= "State = '" . $POST['State'] . "',";
$insert .= "Zip = '" . $POST['Zip'] . "',";
$insert .= "Country = '" . $POST['Country'] . "',";
$insert .= "EMail = '" . $POST['EMail'] . "'";

$result = mysql_query($insert, $conn);
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
echo

"<form action='$_SERVER[PHP_SELF]' method='post'>
First Name: <input type='text' name='First' size='25' maxlength='25' />

Initial: <input type='text' name='Middle' size='1' maxlength='1' />

Last Name: <input type='text' name='Last' size='25' maxlength='50' />

Birthdate: <input type='text' name='Birthdate' size='25' maxlength='50' />

Address: <input type='text' name='Address' size='25' maxlength='50' />

City: <input type='text' name='City' size='25' maxlength='50' />

State: <input type='text' name='State' size='25' maxlength='50' />

Zip: <input type='text' name='Zip' size='25' maxlength='50' />

Country: <input type='text' name='Country' size='25' maxlength='50' />

E-Mail: <input type='text' name='EMail' size='25' maxlength='50' />

<input type='submit' name='Submit' value='Register' />";

}
?>

Thanks,
David M.

coldwerturkey

you may want to read up a bit more on basic mysql, http://dev.mysql.com/doc/refman/5.1/en/

insets work as follows

INSERT INTO table (column, column, column) VALUES ('value', 'value', 'value')

& updates like so

UPDATE table SET column = 'value', column = 'value', column = 'value' WHERE ..

you can't interchange them.

additionally, a great man once told me that you can't trust anyone on the internet, and should be escaping the data you're inserting into your database with mysql_real_escape_string()

also, how are you calling to that function? Maybe its just me but its kinda a weird way to write it. If you're still having blank entries being entered its likely because the query is on the same page as the process without some sort of check. take a look at what I've done below and see what you can take from it,

<?php
if (isset($_POST['First'])) {
	$conn = my_conn();
	mysql_select_db("students", $conn);

$first 	= mysql_real_escape_string($_POST['First']);
$middle 	= mysql_real_escape_string($_POST['Middle']);
$last 	= mysql_real_escape_string($_POST['last']);
$bith 	= mysql_real_escape_string($_POST['Birthday']);
$address	= mysql_real_escape_string($_POST['Address']);
$city		= mysql_real_escape_string($_POST['City']);
$state	= mysql_real_escape_string($_POST['State']);
$zip		= mysql_real_escape_string($_POST['Zip']);
$country	= mysql_real_escape_string($_POST['Country']);
$email	= mysql_real_escape_string($_POST['EMail']);

$insert = "INSERT INTO 
students
(First, Middle, Last, Birthdate, Address, City, State, Zip, Country, EMail)
VALUES
('{$first}', '{$middle}', '{$last}', '{$bith}', '{$address}', '{$city}', '{$state}', '{$zip}', '{$country}', '{$email}')";

mysql_query($insert) or die (mysql_error());
}

echo  "<form action='{$_SERVER['PHP_SELF']}' method='post'>
First Name: <input type='text' name='First' size='25' maxlength='25' />
Initial: <input type='text' name='Middle' size='1' maxlength='1' />
Last Name: <input type='text' name='Last' size='25' maxlength='50' />
Birthdate: <input type='text' name='Birthdate' size='25' maxlength='50' />
Address: <input type='text' name='Address' size='25' maxlength='50' />
City: <input type='text' name='City' size='25' maxlength='50' />
State: <input type='text' name='State' size='25' maxlength='50' />
Zip: <input type='text' name='Zip' size='25' maxlength='50' />
Country: <input type='text' name='Country' size='25' maxlength='50' />
E-Mail: <input type='text' name='EMail' size='25' maxlength='50' />
<input type='submit' name='Submit' value='Register' />";
?>

djjjozsi

if i were you, i would make one function to
print the form,
one function to check all the required fields
and one function to write the elements into the database.
and these functions filled with data with array,
not predefined strings.

todays i were make a video tutorial about this issue (how to make clever functions),
i could then send you the url 🙂

hello,jjozsi

dmcglone

coldwerturkey;10898273 wrote:
you may want to read up a bit more on basic mysql, http://dev.mysql.com/doc/refman/5.1/en/

insets work as follows

INSERT INTO table (column, column, column) VALUES ('value', 'value', 'value')

& updates like so

UPDATE table SET column = 'value', column = 'value', column = 'value' WHERE ..

you can't interchange them.

OK, I understand this.

additionally, a great man once told me that you can't trust anyone on the internet, and should be escaping the data you're inserting into your database with mysql_real_escape_string()

I'll keep this in mind, and start making it a habit.

also, how are you calling to that function? Maybe its just me but its kinda a weird way to write it. If you're still having blank entries being entered its likely because the query is on the same page as the process without some sort of check. take a look at what I've done below and see what you can take from it,

I'm calling the function from another page by adding the function name wherever needed. Is this bad practice?

if (isset($_POST['First'])) {

Sometimes it's hard to decipher from requirement and style when learning. I see from the line above you are checking to see if at least the First name field is filled out, did you write this line above from preference or was it required?

Finally, in the code below, I see you changed $First to $first (lower case) was this preference also? In my code I was making sure all the first letters were upper case just to try and make sure everything was good and to try and prevent confusion. I'm starting to see my technique is actually more confusing than I thought.

$conn = my_conn();
mysql_select_db("students", $conn);
$first 	= mysql_real_escape_string($_POST['First']);
$middle 	= mysql_real_escape_string($_POST['Middle']);
$last 	= mysql_real_escape_string($_POST['last']);
$bith 	= mysql_real_escape_string($_POST['Birthday']);
$address	= mysql_real_escape_string($_POST['Address']);
$city		= mysql_real_escape_string($_POST['City']);
$state	= mysql_real_escape_string($_POST['State']);
$zip		= mysql_real_escape_string($_POST['Zip']);
$country	= mysql_real_escape_string($_POST['Country']);
$email	= mysql_real_escape_string($_POST['EMail']);

$insert = "INSERT INTO 
students
(First, Middle, Last, Birthdate, Address, City, State, Zip, Country, EMail)
VALUES
('{$first}', '{$middle}', '{$last}', '{$bith}', '{$address}', '{$city}', '{$state}', '{$zip}', '{$country}', '{$email}')";

mysql_query($insert) or die (mysql_error());
}

echo "<form action='{$_SERVER['PHP_SELF']}' method='post'>
First Name: <input type='text' name='First' size='25' maxlength='25' />
Initial: <input type='text' name='Middle' size='1' maxlength='1' />
Last Name: <input type='text' name='Last' size='25' maxlength='50' />
Birthdate: <input type='text' name='Birthdate' size='25' maxlength='50' />
Address: <input type='text' name='Address' size='25' maxlength='50' />
City: <input type='text' name='City' size='25' maxlength='50' />
State: <input type='text' name='State' size='25' maxlength='50' />
Zip: <input type='text' name='Zip' size='25' maxlength='50' />
Country: <input type='text' name='Country' size='25' maxlength='50' />
E-Mail: <input type='text' name='EMail' size='25' maxlength='50' />
<input type='submit' name='Submit' value='Register' />";
?>
[/code]

dmcglone

djjjozsi;10898300 wrote:
if i were you, i would make one function to
print the form,
one function to check all the required fields
and one function to write the elements into the database.
and these functions filled with data with array,
not predefined strings.

todays i were make a video tutorial about this issue (how to make clever functions),
i could then send you the url 🙂

hello,jjozsi

That would be nice. Let me know if you do I'd appreciate it and it would be a great help to me and others.

dmcglone

Ah! Ha! After writing my replies, I came to the realisation that I did not define my variables like you did below. Am I thinking correct?

This is the way I see how your code as written in steps:

check to see if form is filled out with isset.
connect to db
assign the form elements to variables so the information that is entered into each text box can be stored for insertion into db.
insert into db.

I think the logic behind all this is harder to grasp than the actual coding. Like step #3. (provided I got the logic correct) 😕

<?php
if (isset($_POST['First'])) {
$conn = my_conn();
mysql_select_db("students", $conn);

$first 	= mysql_real_escape_string($_POST['First']);
$middle 	= mysql_real_escape_string($_POST['Middle']);
$last 	= mysql_real_escape_string($_POST['last']);
$bith 	= mysql_real_escape_string($_POST['Birthday']);
$address	= mysql_real_escape_string($_POST['Address']);
$city		= mysql_real_escape_string($_POST['City']);
$state	= mysql_real_escape_string($_POST['State']);
$zip		= mysql_real_escape_string($_POST['Zip']);
$country	= mysql_real_escape_string($_POST['Country']);
$email	= mysql_real_escape_string($_POST['EMail']);

coldwerturkey

I was just showing you an example how i would do it. & My way is not the best way, especially considering thats only a snippet of your site & it may interrupt the flow.

the lower case was just a preference.

with checking the isset($_POST['First']), without it, the query may run every time the page loads, in which case you'll get undefined variable errors and blank entries entered into to database.

turning everything in to a variable was done (besides to escape them) shorten the name for another step which is verifying all the required post data, ie;

<?php 
if (isset($_POST['First'])) { 
    $conn = my_conn(); 
    mysql_select_db("students", $conn); 

$first     = mysql_real_escape_string($_POST['First']); 
$middle     = mysql_real_escape_string($_POST['Middle']); 
$last     = mysql_real_escape_string($_POST['last']); 
$bith     = mysql_real_escape_string($_POST['Birthday']); 
$address    = mysql_real_escape_string($_POST['Address']); 
$city        = mysql_real_escape_string($_POST['City']); 
$state    = mysql_real_escape_string($_POST['State']); 
$zip        = mysql_real_escape_string($_POST['Zip']); 
$country    = mysql_real_escape_string($_POST['Country']); 
$email    = mysql_real_escape_string($_POST['EMail']); 

$error = 0;
$errormessage = '';

//check
if (empty($first) || empty($last)) {
	$error = 1;
	$errormessage .= "Please enter all required information<br />\n";
}
if(!strstr($email,"@" || !strstr($email,".")) {
	$error = 1;
	$errormessage .= "Please use a valid email address<br />\n";
}
//etc..

if ($error == 1) {
	echo "<strong>There was an error submitting your form,</strong><br />\n";
	echo $errormessage;
} else {
	$insert = "INSERT INTO 
	students 
	(First, Middle, Last, Birthdate, Address, City, State, Zip, Country, EMail) 
	VALUES 
	('{$first}', '{$middle}', '{$last}', '{$bith}', '{$address}', '{$city}', '{$state}', '{$zip}', '{$country}', '{$email}')"; 

	mysql_query($insert) or die (mysql_error()); 

	echo "Thank you {$first}"; //or whatever
}
} else {
	echo  "<form action='{$_SERVER['PHP_SELF']}' method='post'> 
	First Name: <input type='text' name='First' size='25' maxlength='25' /> 
	Initial: <input type='text' name='Middle' size='1' maxlength='1' /> 
	Last Name: <input type='text' name='Last' size='25' maxlength='50' /> 
	Birthdate: <input type='text' name='Birthdate' size='25' maxlength='50' /> 
	Address: <input type='text' name='Address' size='25' maxlength='50' /> 
	City: <input type='text' name='City' size='25' maxlength='50' /> 
	State: <input type='text' name='State' size='25' maxlength='50' /> 
	Zip: <input type='text' name='Zip' size='25' maxlength='50' /> 
	Country: <input type='text' name='Country' size='25' maxlength='50' /> 
	E-Mail: <input type='text' name='EMail' size='25' maxlength='50' /> 
	<input type='submit' name='Submit' value='Register' />"; 
}
?>

additionally, putting the form in an else statement from the if isset() hides the form once submitted,

dmcglone

Cool, Got it. I'm learning slowly but surely 🙂