help me..

faizdead

i juz started using php..n i have encountered this problem by this code..

<HTML>
<HEAD><TITLE>Insert Student</TITLE></HEAD>
<BODY>
<?php
$studentName = $POST["name"];
$studentIC = $POST["ic"];
$studentMatric = $_POST["matric"];
$studentMatric = strtoupper($matric);
require_once ("dbconn.php");
$sql = ("insert into Student(name, ic, matric) " .
"values(studentName, studentIC, studentMatric)" );
$query = mysql_query( $sql );
if (!$query) die("SQL query error encountered: ".mysql_error() );
mysql_close($conn);
?>
<B> Insertion was successfull</B>
<BR><BR>
<a href="view_student.php">Click here to list the table</a>
</BODY>
</HTML>

then this message come out in my browser..what is the problem actually..i really new in this..

Notice: Undefined index: name in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 5

Notice: Undefined index: ic in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 6

Notice: Undefined index: matric in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 7

Notice: Undefined variable: matric in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 8
SQL query error encountered: Unknown column 'studentName' in 'field list'

traq

Please wrap your code in [noparse]

...

[/noparse] tags to make it more readable.

You have several other problems, but the error messages you got are a good place to start.

Notice: Undefined index: name in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 5
Notice: Undefined index: ic in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 6
Notice: Undefined index: matric in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 7
Notice: Undefined variable: matric in /sda3/users/scsv1223/mibnmiy/public_html/izzat yong/insert_student.php on line 8

Where are these values supposed to be coming from? Typically, $_POST variables come from a form submission. Do you intend to reach this page via a form submission? If so, you need to check that the form was actually submitted before trying to do anything with the values.

$sql = ("insert into Student(name, ic, matric) " . 
"values(studentName, studentIC, studentMatric)" );

this will always throw an error. Plain text values in SQL need to be delimited by single quotes ( ' ). Beyond that, you're using plain text where you probably meant to use variables:

SQL query error encountered: Unknown column 'studentName' in 'field list'

because the text in the VALUES list is unquoted, MySQL thought you were trying to specify a column name.

$sql = "INSERT INTO `Student`(`name`,`ic`,`matric`)
VALUES( '$studentName','$studentIC','$studentMatric' )";

(It's also good practice to delimit table and column names with backticks ( ` ), to be sure they won't conflict with any reserved words.)

The bigger problem is that you are taking user-supplied data and putting it directly into an SQL query.

At best, this will create errors; at worst, someone will hack your database.

always sanitize user input using the appropriate escape functions (e.g., [man]mysql_real_escape_string/man or the equivalent functions for other extensions).

// BAD !!!
$value = $_POST['value'];

//  good  :)
$value = mysql_real_escape_string( $_POST['value'] );

On a side note, if you're just learning, you should not be learning to use the mysql extension. It is no longer under development and is scheduled to be depreciated in the long term. [man]mysqli[/man] or [man]PDO[/man] are recommended instead: read more about choosing.