homepage Welcome to WebmasterWorld Guest from 54.226.191.80
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Insert Into using if else-if statement
Amy Ra Ra Ra




msg:4474412
 12:18 am on Jul 11, 2012 (gmt 0)

<!--
With this form I don't get an error when click on submit, but when I log onto my server to see if the info was submitted into my database its not showing up, please help:
-->

<?php
$email = $_POST['email'];
$persons_name = $_POST['name'];
$phone = $_POST['phone'];
$website_address = $_POST['websiteaddress'];

$query = "INSERT INTO free_estimate_c (email, name, phone, website_address )" .
"VALUES ('$email', '$persons_name', '$phone', '$website_address')";

$dbc = mysqli_connect('hostloacation', 'username, 'password', 'databasename')
or die('Error connecting to MySQL server.')

if ((empty($email))&&(empty($name))&&(empty($phone))&&(empty($website_address))){
echo "Fill in your information and we will contact you shortly";
?>

<form action="while_statement.php" method="post">
<label for="name">Name: </label><br />
<input type="text" id="name" size="60" name="name" value="<?php echo $persons_name; ?>" />
<br />
<br />
<label for="email">Email:</label><br />
<input type="text" id="email name="email" value="<?php echo $email; ?>" />
<br />
<br />
<label for="phone">Phone:</label><br />
<input type="text" id="phone" name="phone" value="<?php echo $phone; ?>" />
<br />
<br />
<label for="websiteaddress">Web Site Address:</label><br />
<input type="text" id="websiteaddress" name="websiteaddress" value="<?php echo $website_address; ?>" />
<br />
<br />
<input type="submit" value="submit" name="submit"/>
</form>
<?php
//closing first if statment
}
//if all fields are filled in insert form info into database
else if ((!empty($persons_name))&&(!empty($email))&&(!empty($phone))&&(!empty($website_address))){
mysqli_query ($dbc, $query);
}
?>

 

rocknbil




msg:4474658
 3:59 pm on Jul 11, 2012 (gmt 0)

You're not filtering input, this is dangerous . . . anyway find out what's wrong like so.

mysqli_query ($dbc, $query) or die("cannot insert data: " . mysqli_error());

Not sure if "name" is reserved or not. Start with backticks (not quotes)

$query = "INSERT INTO free_estimate_c (`email`, `name`, `phone`, `website_address` ) VALUES ('$email', '$persons_name', '$phone', '$website_address')";

First note that concatenation is not necessary, the entire string is delimited by " "

At the very least, use the escape string functions. This does not cleanse your data, but makes it safe for database inserts. You can still get a mysql injection, but now it might actually insert. :-) Now you'll need concatenation to add the function output.

$query = "INSERT INTO free_estimate_c
(`email`, `name`, `phone`, `website_address`)
VALUES (" .
'" . mysqli_real_escape_string ($email) . "',
'" . mysqli_real_escape_string ($persons_name) . "',
'" . mysqli_real_escape_string ($phone) . "',
'" . mysqli_real_escape_string ($website_address) .
"')";

Note that this must come AFTER you open the database connection or it will error. Move it below where you open the connection.

I'd also change this:

if ((empty($email))&&(empty($name))&&(empty($phone))&&(empty($website_address))){
echo "Fill in your information and we will contact you shortly";

This means "if everything is empty." You want OR here (or the symbolic or, || ) for any required fields. If it's all fields,

if (empty($email) or empty($name) or empty($phone) or empty($website_address)){
echo "<p>Fill in your information and we will contact you shortly</p>";

You also had superfluous ()'s

echo empty($variable); // will echo true or false, 1 or 0, depending
echo (empty($variable)); // same thing, more points to encounter errors in typos

Amy Ra Ra Ra




msg:4475172
 11:20 pm on Jul 12, 2012 (gmt 0)

rocknbil it didn't work, so I did the following and it still did not work, please help me:

<?php
$email = $_POST['email'];
$persons_name = $_POST['name'];
$phone = $_POST['phone'];
$website_address = $_POST['websiteaddress'];

$dbc = mysqli_connect('host', 'username', 'password', 'databasename')
or die('Error connecting to MySQL server.');


/*
Rocknbill I added the backwards single quote as you said.
I didn't understand why you put in the single and double quotes that you did ealier so I did the following, shoudn't this work just fine?
*/

$query = "INSERT INTO free_estimate_c (`email`, `name`, `phone`, `website_address`)" .
"VALUES ('$email', '$persons_name', '$phone', '$website_address')";


// I used or instead of and as you said to do

if (empty($email) or empty($persons_name) or empty($phone) or empty($website_address)){
echo "<p>Fill in your information</p>";
}

else if ((!empty($persons_name))&&(!empty($email))&&(!empty($phone))&&(!empty($website_address))){
mysqli_query ($query, $dbc);
}
?>

//this is my html page

<form action="while_statement.php" method="post">
Name: <br />
<input type="text" id="name" size="60" name="name" /><br /><br />
Email: <br />
<input type="text" id="email name="email" />
<br /><br />
Phone:<br />
<input type="text" id="phone" name="phone" /><br /><br />
Web Site Address:<br />
<input type="text" id="websiteaddress" name="websiteaddress" />
<br /><br /><input type="submit" value="submit" name="submit"/>
</form>

Amy Ra Ra Ra




msg:4475488
 8:05 pm on Jul 13, 2012 (gmt 0)

Ok so no one wants to reply and why is that, is that because people here are not experienced enough, I assume that's the case? I'm new here and so it sure would be nice if someone would reply to my plea and help me using layman terms.

Amy Ra Ra Ra




msg:4475489
 8:07 pm on Jul 13, 2012 (gmt 0)

rocknbill is there another way I can write this code because what you wrote did not work for me:

$query = "INSERT INTO free_estimate_c
(`email`, `name`, `phone`, `website_address`)
VALUES (" .
'" . mysqli_real_escape_string ($email) . "',
'" . mysqli_real_escape_string ($persons_name) . "',
'" . mysqli_real_escape_string ($phone) . "',
'" . mysqli_real_escape_string ($website_address) .
"')";

johnhh




msg:4475701
 10:30 pm on Jul 14, 2012 (gmt 0)

People here give their time for free, and come from many countries using different local keyboards.

$query = "INSERT INTO free_estimate_c (email,name,phone,website_address)
VALUES ('".mysqli_real_escape_string ($email)."','".mysqli_real_escape_string($persons_name)."','".mysqli_real_escape_string($phone)."','".mysqli_real_escape_string($website_address)."')";

all on one line.

assuming email,name,phone,website_address are your field names and they are all strings. Every string value must start with a ' and end with a ' separated by a , . The number of values must also equal the number of fields declared.

A quick look at [w3schools.com...] may help you.

Amy Ra Ra Ra




msg:4476275
 2:00 am on Jul 17, 2012 (gmt 0)

johnhh it still didn't work. This is the way it was looking when I uploaded it:

//html part
<form method="post" action="free_estimate_c.php">
<label for="name"> Name</label>
<br />
<input type="text" id="name" size="35" name="name" />
<br />
<br />
<label for="email">E-mail </label>
<br />
<input type="text" id="email" size="35" name="email" />
<br />
<br />
<label for="phone">Phone</label>
<br />
<input type="text" id="phone" size="35" name="phone" />
<br />
<br />
<label for="websiteaddress">Web Site Address (if applicable)</label>
<br />
<input type="text" id="websiteaddress" size="60" name="websiteaddress" />
<br />
<br />
<input type="submit" value="Submit Form" name="submit" />
</form>

// php part

<?php

$name = $_POST ['name'];
$email = $_POST ['email'];
$phone_number = $_POST ['phone'];
$website_address = $_POST ['websiteaddress'];

$dbc = mysqli_connect('hostresource.com', 'username', 'pass!', 'dbname')
or die('Error connecting to MySQL server.');

$query = "INSERT INTO free_estimate_c (email,name,phone,website_address)
VALUES ('".mysqli_real_escape_string ($email)."','".mysqli_real_escape_string($name)."','".mysqli_real_escape_string($phone_number)."','".mysqli_real_escape_string($website_address)."')";

$result = mysqli_query($dbc, $query)
or die('Error querying database.');

if ($result)
{
echo "Your request for an estimate has been received. We will look over your information and get in touch with you shortly. Thank you.";
}
?>

johnhh




msg:4476898
 9:39 pm on Jul 18, 2012 (gmt 0)

And the error message is ? View your Apache error logs to find out.

Then you do basic debug.

give $name and other variables a value

$name="test@example.com";

or echo the values to make sure there are values

echo "name=".$name;

Remove the mysqli_real_escape_string function calls and see what happens.

The php code looks OK to me, although I would give the form a name and id

<form method="post" name="inputform" id="inputform" action="free_estimate_c.php">

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved