Hi im trying to make something like guestbook but adding messages dont work. I cant add them to my table and read them. Can someone help me and correct my errors im am begginer in php . this are my errors :

Notice: Undefined variable: name in C:\xampp\htdocs\addguestbook.php on line 17

Notice: Undefined variable: email in C:\xampp\htdocs\addguestbook.php on line 17

Notice: Undefined variable: comment in C:\xampp\htdocs\addguestbook.php on line 17
Successful

 <?php
    $host="localhost"; // Host name
    $username="user"; // Mysql username
    $password="pass"; // Mysql password
    $db_name="bai2011_cba_pl"; // Database name
    $tbl_name="guestbook"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server ");
mysql_select_db("$db_name")or die("cannot select DB");

$datetime=date("y-m-d h:i:s"); //date time




$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

//check if query successful
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}

else {
echo "ERROR";
}

mysql_close();
?>

this is my table :

guestbook
id int(4) NOT NULL auto_increment,
name varchar(65) NOT NULL default '',
email varchar(65) NOT NULL default '',
comment longtext NOT NULL,
datetime varchar(65) NOT NULL default '',
PRIMARY KEY (id)
)ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

    Welcome to PHPBuilder! When posting PHP code, please use the board's [noparse]

    ..

    [/noparse] bbcode tags (not the generic CODE tags) as they make your code much easier to read and analyze.

    As for your problem... Where do you define the variables $name, $email, and $comment?

      they should be taken from the form . User fills all fileds in this form :

      table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>Test Sign Guestbook </strong></td>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="form1" name="form1" method="post" action="addguestbook.php">
<td>
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td>
</tr>
</table>

      shoud i include somehow this php file to my previous code 🙂 or make one file with them both???

        That's just an HTML form; that has nothing to do with actually defining a variable in a PHP script.

        See the following man page on how to access external data (e.g. from a form): [man]variables.external[/man].

        Also note that user-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data with a function such as [man]mysql_real_escape_string/man (for string data) or use prepared statements. See this man page for more info: [man]security.database.sql-injection[/man].

          9 days later

          Hi !

          You can write $_POST [xxxxx] for each variabel when you want insert information to database.

          please change in addguestbook.php with this line:

          $sql="INSERT INTO $tbl_name(name, email, comment, datetime)
          VALUES('$POST[name]', '$POST[email]', '$_POST[comment]', '$datetime')";

          Good luck !

            @: Using external data directly in a SQL query is what the last part of my post warns NOT to do. Doing so is just opening up huge security exploits as well as errors.

            EDIT: And that's not to mention the errors you'll possibly be generating by not verifying that the external data exists before attempting to use them.

              Write a Reply...