help needed with mysql - Databases forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

help needed with mysql

help

malcolmcroucher

5:13 pm on Nov 29, 2007 (gmt 0)

10+ Year Member

okay .

so i have a form with the following on it :

I amnot even getting anything in the database . I have tried arrays , serialization ect can any one help me?Please

<html>
<head>
<title>hello</title>
</head>
<body>

<form action="add_contact.php" method="post">
Name: <input type="text" name="name"/>
Address1: <input type="text" name="Address1"/>
Address2: <input type="text" name="Address2"/>
Address3: <input type="text" name="Address3"/>
suburb: <input type="text" name="Suburb"/>
City: <input type="text" name="City"/>
Area: <input type="text" name="Area"/>
Province: <input type="text" name="Province"/>
Country: <input type="text" name="Country"/>
Tel: <input type="number" name="Tel"/>
Rooms: <input type="number" name="Rooms"/>
Description: <input type="text" name="Description"/>
POBox: <input type="number" name="POBox"/>

<input type="Submit"/>
</form>

</body>
</html>

I have the php form as the following :

<?php
$DBhost="localhost";
$DBpass= "";
$DBName = "hotel";
$table = "hotel_detail";
$DBuser="root";

$name=$_post['name'];
$address1=$_post['address1'];
$address2=$_post['address2'];
$address3=$_post['address3'];
$suburb=$_post['suburb'];
$city=$_post['city'];
$area=$_post['area'];
$province=$_post['province'];
$country=$_post['country'];
$tel=$_post['tel'];
$rooms=$_post['rooms'];
$description=$_post['description'];
$pobox=$_post['pobox'];

$dbh = mysql_connect($DBhost,$DBuser) or die("Unable to connect to database");
Echo "connected to mysql";
$db_selected = mysql_select_db('Hotel',$dbh) or die(mysql_error());
Echo "dbase selected";

Mysql_query("INSERT INTO Hotel_detail (name,address1,address2,address3,suburb,city,area,

province,country,tel,rooms,description,pobox) VALUES ($name,$address1,$address2,$address3

,$suburb,$city,$area,$province,$country,$tel,$rooms,$description,$pobox)") ;

Echo "dbase selected data entered";

?>

malcolmcroucher

6:01 pm on Nov 29, 2007 (gmt 0)

10+ Year Member

sorry mistake :

It adds an entry to the database but the entry is blank ... any suggestions would be appreciated!

ysql_query("INSERT INTO Hotel_detail (name,address1,address2,address3,suburb,city,area,

province,country,tel,rooms,description,pobox) VALUES ('$name','$address1','$address2','$address3

','$suburb','$city','$area','$province','$country','$tel','$rooms','$description','$pobox')",$dbh) ;

ZydoSEO

6:47 pm on Nov 29, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I don't know PhP (LOL) but based on examples I've seen it looks to me like your problem may be related to quoting. I doubt I'd get this correct but it may need to be something like this:

mysql_query("INSERT INTO Hotel_detail (name,address1,address2,address3,suburb,city,area,province,country,tel,rooms,description,pobox) VALUES ('".$name."','".$address1."','".$address2."','".$address3."','".$suburb."','".$city."','".$area."','".$province."','".$country."','".$tel."','".$rooms."','".$description."','".$pobox."')",$dbh) ;

I'm guessing it's NOT substituting $name, for instance, in your INSERT statement with the VALUE of the $name variable.

[edited by: ZydoSEO at 7:06 pm (utc) on Nov. 29, 2007]

rocknbil

7:14 pm on Nov 29, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Your second one should have worked, it doesn't matter whether you use single or double quotes. First be sure the data is actually being stored in those variables. Right after this,

....
$description=$_post['description'];
$pobox=$_post['pobox'];

Do this

echo "name $name adr.1 $address1 city $city";

Just pick a few you know you're submitting, if one works they all should work. If you don't see the values printing to the screen you know there's something wrong with how you're reading the data input, not inserting it into the DB.

malcolmcroucher

8:39 pm on Nov 29, 2007 (gmt 0)

10+ Year Member

ok so its not registering the data .
so it is not reading the data so i have to do something there

not to sure what but will give it a bash.

piznac

9:45 pm on Nov 29, 2007 (gmt 0)

10+ Year Member

Is it possible becuase you have "<input type="text" name="Address1"/>" capatalized A ,.. then are pulling it as:
$address1=$_post['address1'];

piznac

10:05 pm on Nov 29, 2007 (gmt 0)

10+ Year Member

Also you might want to clean that data before putting it in your db,.. sql injection can be a b****

rocknbil

12:52 am on Nov 30, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

^ ^ ^ This is absolutely correct, and do not ignore the previous post - once you get this working you need to Google for SQL injection and apply methods to prevent it. Best that you learn about this early on in your programming.

you have....name="Address1"...then are pulling it as....['address1']

<smacks head> Also correct, we should have caught this . . . . . LOL . . . forest from the trees . . .

mjwalshe

11:04 am on Nov 30, 2007 (gmt 0)

10+ Year Member

re yr mysql

$country=$_post['country'];
$tel=$_post['tel'];
$rooms=$_post['rooms'];
$description=$_post['description'];
$pobox=$_post['pobox'];

You need to asemble the sql in a string first

$sql = "("INSERT INTO Hotel_detail (name,address1,address2,address3,suburb,city,area,province,country,tel,rooms,description,pobox) VALUES (" ;
# now add all ther terms in

$sql = $sql ."'".$name."', "
..
..
# then finish the it off
$sql = $sql .")";
#
you can then easaly echo the sql string and check it in the MYSql Query browser and a copy of the database

malcolmcroucher

12:46 pm on Nov 30, 2007 (gmt 0)

10+ Year Member

i retried it , taking off all numbers in field names and declaration and it seems to work.

so i changed address1 to addressA .

has ayone come up with that problem before?