| Insert Into using if else-if statement
|
Amy Ra Ra Ra
msg:4474412 | 12:18 am on Jul 11, 2012 (gmt 0) |
<!--
With this form I don't get an error when click on submit, but when I log onto my server to see if the info was submitted into my database its not showing up, please help:
-->
<?php
$email = $_POST['email'];
$persons_name = $_POST['name'];
$phone = $_POST['phone'];
$website_address = $_POST['websiteaddress'];
$query = "INSERT INTO free_estimate_c (email, name, phone, website_address )" .
"VALUES ('$email', '$persons_name', '$phone', '$website_address')";
$dbc = mysqli_connect('hostloacation', 'username, 'password', 'databasename')
or die('Error connecting to MySQL server.')
if ((empty($email))&&(empty($name))&&(empty($phone))&&(empty($website_address))){
echo "Fill in your information and we will contact you shortly";
?>
<form action="while_statement.php" method="post">
<label for="name">Name: </label><br />
<input type="text" id="name" size="60" name="name" value="<?php echo $persons_name; ?>" />
<br />
<br />
<label for="email">Email:</label><br />
<input type="text" id="email name="email" value="<?php echo $email; ?>" />
<br />
<br />
<label for="phone">Phone:</label><br />
<input type="text" id="phone" name="phone" value="<?php echo $phone; ?>" />
<br />
<br />
<label for="websiteaddress">Web Site Address:</label><br />
<input type="text" id="websiteaddress" name="websiteaddress" value="<?php echo $website_address; ?>" />
<br />
<br />
<input type="submit" value="submit" name="submit"/>
</form>
<?php
//closing first if statment
}
//if all fields are filled in insert form info into database
else if ((!empty($persons_name))&&(!empty($email))&&(!empty($phone))&&(!empty($website_address))){
mysqli_query ($dbc, $query);
}
?>
|
rocknbil
msg:4474658 | 3:59 pm on Jul 11, 2012 (gmt 0) |
You're not filtering input, this is dangerous . . . anyway find out what's wrong like so.
mysqli_query ($dbc, $query) or die("cannot insert data: " . mysqli_error());
Not sure if "name" is reserved or not. Start with backticks (not quotes)
$query = "INSERT INTO free_estimate_c (`email`, `name`, `phone`, `website_address` ) VALUES ('$email', '$persons_name', '$phone', '$website_address')";
First note that concatenation is not necessary, the entire string is delimited by " "
At the very least, use the escape string functions. This does not cleanse your data, but makes it safe for database inserts. You can still get a mysql injection, but now it might actually insert. :-) Now you'll need concatenation to add the function output.
$query = "INSERT INTO free_estimate_c
(`email`, `name`, `phone`, `website_address`)
VALUES (" .
'" . mysqli_real_escape_string ($email) . "',
'" . mysqli_real_escape_string ($persons_name) . "',
'" . mysqli_real_escape_string ($phone) . "',
'" . mysqli_real_escape_string ($website_address) .
"')";
Note that this must come AFTER you open the database connection or it will error. Move it below where you open the connection.
I'd also change this:
if ((empty($email))&&(empty($name))&&(empty($phone))&&(empty($website_address))){
echo "Fill in your information and we will contact you shortly";
This means "if everything is empty." You want OR here (or the symbolic or, || ) for any required fields. If it's all fields,
if (empty($email) or empty($name) or empty($phone) or empty($website_address)){
echo "<p>Fill in your information and we will contact you shortly</p>";
You also had superfluous ()'s
echo empty($variable); // will echo true or false, 1 or 0, depending
echo (empty($variable)); // same thing, more points to encounter errors in typos
|
Amy Ra Ra Ra
msg:4475172 | 11:20 pm on Jul 12, 2012 (gmt 0) |
rocknbil it didn't work, so I did the following and it still did not work, please help me:
<?php
$email = $_POST['email'];
$persons_name = $_POST['name'];
$phone = $_POST['phone'];
$website_address = $_POST['websiteaddress'];
$dbc = mysqli_connect('host', 'username', 'password', 'databasename')
or die('Error connecting to MySQL server.');
/*
Rocknbill I added the backwards single quote as you said.
I didn't understand why you put in the single and double quotes that you did ealier so I did the following, shoudn't this work just fine?
*/
$query = "INSERT INTO free_estimate_c (`email`, `name`, `phone`, `website_address`)" .
"VALUES ('$email', '$persons_name', '$phone', '$website_address')";
// I used or instead of and as you said to do
if (empty($email) or empty($persons_name) or empty($phone) or empty($website_address)){
echo "<p>Fill in your information</p>";
}
else if ((!empty($persons_name))&&(!empty($email))&&(!empty($phone))&&(!empty($website_address))){
mysqli_query ($query, $dbc);
}
?>
//this is my html page
<form action="while_statement.php" method="post">
Name: <br />
<input type="text" id="name" size="60" name="name" /><br /><br />
Email: <br />
<input type="text" id="email name="email" />
<br /><br />
Phone:<br />
<input type="text" id="phone" name="phone" /><br /><br />
Web Site Address:<br />
<input type="text" id="websiteaddress" name="websiteaddress" />
<br /><br /><input type="submit" value="submit" name="submit"/>
</form>
|
Amy Ra Ra Ra
msg:4475488 | 8:05 pm on Jul 13, 2012 (gmt 0) |
Ok so no one wants to reply and why is that, is that because people here are not experienced enough, I assume that's the case? I'm new here and so it sure would be nice if someone would reply to my plea and help me using layman terms.
|
Amy Ra Ra Ra
msg:4475489 | 8:07 pm on Jul 13, 2012 (gmt 0) |
rocknbill is there another way I can write this code because what you wrote did not work for me:
$query = "INSERT INTO free_estimate_c
(`email`, `name`, `phone`, `website_address`)
VALUES (" .
'" . mysqli_real_escape_string ($email) . "',
'" . mysqli_real_escape_string ($persons_name) . "',
'" . mysqli_real_escape_string ($phone) . "',
'" . mysqli_real_escape_string ($website_address) .
"')";
|
johnhh
msg:4475701 | 10:30 pm on Jul 14, 2012 (gmt 0) |
People here give their time for free, and come from many countries using different local keyboards.
$query = "INSERT INTO free_estimate_c (email,name,phone,website_address)
VALUES ('".mysqli_real_escape_string ($email)."','".mysqli_real_escape_string($persons_name)."','".mysqli_real_escape_string($phone)."','".mysqli_real_escape_string($website_address)."')";
all on one line.
assuming email,name,phone,website_address are your field names and they are all strings. Every string value must start with a ' and end with a ' separated by a , . The number of values must also equal the number of fields declared.
A quick look at [w3schools.com...] may help you.
|
Amy Ra Ra Ra
msg:4476275 | 2:00 am on Jul 17, 2012 (gmt 0) |
johnhh it still didn't work. This is the way it was looking when I uploaded it:
//html part
<form method="post" action="free_estimate_c.php">
<label for="name"> Name</label>
<br />
<input type="text" id="name" size="35" name="name" />
<br />
<br />
<label for="email">E-mail </label>
<br />
<input type="text" id="email" size="35" name="email" />
<br />
<br />
<label for="phone">Phone</label>
<br />
<input type="text" id="phone" size="35" name="phone" />
<br />
<br />
<label for="websiteaddress">Web Site Address (if applicable)</label>
<br />
<input type="text" id="websiteaddress" size="60" name="websiteaddress" />
<br />
<br />
<input type="submit" value="Submit Form" name="submit" />
</form>
// php part
<?php
$name = $_POST ['name'];
$email = $_POST ['email'];
$phone_number = $_POST ['phone'];
$website_address = $_POST ['websiteaddress'];
$dbc = mysqli_connect('hostresource.com', 'username', 'pass!', 'dbname')
or die('Error connecting to MySQL server.');
$query = "INSERT INTO free_estimate_c (email,name,phone,website_address)
VALUES ('".mysqli_real_escape_string ($email)."','".mysqli_real_escape_string($name)."','".mysqli_real_escape_string($phone_number)."','".mysqli_real_escape_string($website_address)."')";
$result = mysqli_query($dbc, $query)
or die('Error querying database.');
if ($result)
{
echo "Your request for an estimate has been received. We will look over your information and get in touch with you shortly. Thank you.";
}
?>
|
johnhh
msg:4476898 | 9:39 pm on Jul 18, 2012 (gmt 0) |
And the error message is ? View your Apache error logs to find out.
Then you do basic debug.
give $name and other variables a value
$name="test@example.com";
or echo the values to make sure there are values
echo "name=".$name;
Remove the mysqli_real_escape_string function calls and see what happens.
The php code looks OK to me, although I would give the form a name and id
<form method="post" name="inputform" id="inputform" action="free_estimate_c.php">
|
|
|
