homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

how do i do a request form in php

 4:50 pm on Dec 4, 2002 (gmt 0)

hello i need to do a script that takes a word or phrase from a form and i dont know how to do!

this dont work

<FORM METHOD="post" ACTION="video.php">

<INPUT TYPE="text" NAME="namn">
<input type="text" name="nummer">
<input type="text" name="tid">
<INPUT TYPE="submit" VALUE="Lägg till">
<input type="reset" value"Rensa">

$open = mysql_connect("localhost", "root");
$dbinfo = mysql_db_query("video", "insert video1 (namn, nummer, tid) values ('$this->namn', '$this->nummer', '$this->tid')");
vill du kolla i video boken så klicka <a href="sokvideo.php">här</a><br>
eller vill du lägga till en ny film klicka då <a href="videobok.php">här</a>

this file name is video.php i dont know how to write the action in the form tag!

i want to make the form like variables so i can serch in the databas later in another form by writing in the text are.

annybody who knows what i do wrong?



 4:54 pm on Dec 4, 2002 (gmt 0)


You'll find form vars in the $_POST [php.net] super global array.



 4:59 pm on Dec 4, 2002 (gmt 0)

the set up you have there will only work if register_globals is set to on. It is posting to itself, which is fine, though I usually use two seperate files.

$iq = "insert video1 (namn, nummer, tid) values ('",$HTTP_POST_VARS[namn],"', '",$HTTP_POST_VARS[nummer],"','", $HTTP_POST_VARS[tid],"')";

$dbinfo = mysql_db_query("video",$iq);

I think got all of the quotes right.


 5:39 pm on Dec 4, 2002 (gmt 0)

It is posting to itself, which is fine, though I usually use two seperate files.

Personally, I find the "self-processing" form approach to be a great way to organize my thoughts and my code. In fact, I have a pet project web app that is basically a several thousand line self-processing form. (It doesn't have to use or even load anywhere near all of the code for any given request/)

It is important to understand what you are doing when you write them, though. This page, for example, will display the form again when it is submitted. Unless I'm missing something, there will be no indication to the person submitting the form that anything happened. That's almost certainly a bad thing.


 7:00 pm on Dec 4, 2002 (gmt 0)

another thing to be very careful of when posting to the same page is what happens when someone refreshes the page.

If you are passing vars to it then it may insert double rows, send double emails or whatever the form does. If it is a seperate processing script it is easier to make sure it only does what is requested and steer away from weird behaviours.

There is a lot more error checking and possible problems with posting to self.


 7:27 pm on Dec 4, 2002 (gmt 0)

Any form submission that isn't idempotent should have some check for duplicate submissions to deal with refresh. It's not an issue specific to self-processing forms. In fact, the contact form on one of my domains has separate processing and still suffers the duplicate e-mail problem. I just don't worry about it in that case because I'd rather put up with the occasional double-submit than add enough complexity to the script to notice duplicates.

The extra care needed to make self-processing work right is real. I find the mental organization useful rather than off-putting, though.


 7:35 pm on Dec 4, 2002 (gmt 0)

>>I find the mental organization useful

I guess part of the reason I do them seperately is the way it sorts in my head. It makes more sense to me that way.

I still think it is much easier to make mistakes when self processing, especially for people who are newer to scripting than if they are seperate. I guess I just see it happen more with self processed scripts.

I was recently working with an open source cms type app and it was all self processed and it wreaked havoc. I had to rewrite large chunks of it to get it to work. Supposedly this is the best free solution in its particular market too.

Purely, in my experience.


 9:12 pm on Dec 4, 2002 (gmt 0)

i am yhe only one who is gonna use this and it is all my video tapes så i kan find witch tape they are on so it don do anny thing that the form is apears again


 9:56 pm on Dec 4, 2002 (gmt 0)

hello i cant get it to work

is teher some one who can help me and make the hole file så it works write all the scirpt whwn you are finished pleas so i can get it working

i need this


 9:57 pm on Dec 4, 2002 (gmt 0)

you can split it up like you want so it will be easyer for you and i can learn it



 10:06 pm on Dec 4, 2002 (gmt 0)

are you getting a specific error that you can tell us? If we know exactly how it isn't working it would be easier to give you an answer.


 10:18 pm on Dec 4, 2002 (gmt 0)

i have change very mutch så i cant tell you wat the error message is becaus it is o many different mesages but if you make a database "video" whit table "video1" and columns "namn, nummer, tid" (they are char (50)) and an id that are pimary key and counts self
than you can try to fix the file


 10:21 pm on Dec 4, 2002 (gmt 0)

the problem is that i cant write anything in to my database when i try to things hapend

1. i get nothing in my database

2. the results from the database is always whatever i write
namn =namn nummer=nummer tid=tid

i cant find the real problem inthe script i think i have tried evertihng but probably not


 10:37 pm on Dec 4, 2002 (gmt 0)

Splitting up form generation and form processing makes it a lot harder to generate the form again if there are errors in the supplied data. You do show any error messages on the same page the form in on and where any values the user already supplied are preset, don´t you.

Having the whole generation and error checking in one file is so much nicer. The actual processing of data might be moved to a different file.

This is the structure of a form processing script. The form is contained in a template. The form processing script is included into the actual page. This way the form does not bother you when you edit the actual page where it is contained. You can edit the processing script separately. The layout of the form is separated from the processing code.

if (posted) { 
check for errors
if (errors == 0) {
process data
let user know everything was ok
} else {
format error message
show form



 10:57 pm on Dec 4, 2002 (gmt 0)

well let's go through this piece by piece and see if we can see what is going on. Your form as posted above is fine and I will use it as is.

I will try to make it step by step, trying not to do too more than one thing in each line.

Your form will post the information entered into the associative array [php.net] $HTTP_POST_VARS ($_POST [php.net] can be used for versions after, and including, 4.1.0) you will need to access the values in that array so that you can construct your query.

We will take the values out of the post array and put them into other variables. We will access the values by using the name/index in single quotes.

$namn = $HTTP_POST_VARS['namn'];
$nummer = $HTTP_POST_VARS['nummer'];
$tid = $HTTP_POST_VARS['tid'];

now we need to build our insert [mysql.com] query $iq

$iq = "insert into video1 values ('" . $namn . "','" . $nummer . "','" . $tid . "');
for this particular method of insert you need to make sure your columns are in the right order

now connect to the mysql server
$connection = mysql_connect("localhost","username","password") or die (mysql_error());

this makes sure that if it doesn't connect that it gives us the error message to help figure out why.

select the the db and then run the query
mysql_select_db ("video") or die (mysql_error());

mysql_query($iq) or die (mysql_error());

then close the connection
mysql_close ($connection);

the mysql functions [php.net]

that pretty much says it all. If you get any errors then you can deal with them as they arise.


 11:02 pm on Dec 4, 2002 (gmt 0)

In addition to Adam´s detailed howto you might want to consider this:

A user might insert malicious SQL code into your form. This is solved by escaping backslashes, null-bytes and single quotes with the addslashes function. If magic_quotes_gpc is on then PHP will automatically escape those characters in all data from GET and POST actions and from COOKIEs.


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved