You've got a few problems with your code, both in the form and in the processing.

1. Your closing form tag is before the input fields. Put all your form code, up to and including the Submit button, before the closing form tag.

2. The tag for your Submit button is missing the closing right angle bracket.

3. You are submitting the form using method="post" but attempting to access the submitted form values using GET

4. Your GET syntax is wrong. Use

$name = $_GET['name'];

5. Actually, use

$name=$_POST['name']

to match your form's submit method.

6. Actually, use

$name=mysql_real_escape_string($_POST['name']);

for security purposes. Don't ever insert user input directly into your db without running it through a function to sanitize the data.

7. It doesn't appear that you have any code to actually connect to the database.

8. You're creating a SQL insert statement, but you're not actually executing it, and your SQL syntax is wrong. It should be something like:

mysql_query("INSERT INTO tablename ( name ) VALUES ( '$name' ) ") or die("mysql_error());

There's more... checking to make sure that $name has some value, so that you don't add a bunch of empty records to the db, returning the user to the form if they submit it without entering something in the name field, and so forth. But let's see what you can come up with for your next attempt before going into more detail.

Sonjay,

THANKS. I really appreciate it. I'm going to take a look at this tomorrow & see if I can get it working.

Thanks again

KP

2nd try @ form :

<body>

<form action="http://www.example.com/44.php" method="post">
Name:<input type="text" name="name" value="" />
<input type="submit" />
</form>

</body>

2nd try @ script:

<?php
if (!empty($name=mysql_real_escape_string($_POST['name'])));
mysql_query("INSERT INTO tablename ( name ) VALUES ( '$name' ) ") or die("mysql_error());
?>

Better?

Thanks,

KP

[edited by: eelixduppy at 9:30 pm (utc) on Nov. 15, 2007]
[edit reason] exemplified [/edit]

The following things are considered to be empty:
"" (an empty string)
0 (0 as an integer)
"0" (0 as a string)
NULL
FALSE
array() (an empty array)
var $var; (a variable declared, but without a value in a class)

So if you may have people entering 0 then you cant use empty to test this string. So that may or may not be a problem.

So Could I say

If not empty AND not equal to zero

or is there a good way to eliminate everything except text?

kp

You may well be better using a regular expression to check...however you do then need to know the rough format that you are expecting.

preg_match('%[\w]+%');
would take care of a-z, A-Z, 0-9 and _ as characters. There would need to be at least 1 of them for this to work. If you are planning on allowing other punctuation then you may need different rules.
So empty is a good check, but not if you are thinking of allowing someone to enter a single 0...however this may not actually be an issue to you.
If you are going to go down the regex rout then you may well end up with a few different patterns to check against. So you have one for 'normal' text, then one for email addresses, one for numbers, etc.

preg_match [uk.php.net]('%[a-z]+%i');
Will only allow a-z and A-Z, at least once

[edited by: PHP_Chimp at 10:02 pm (utc) on Nov. 15, 2007]

Let's say I run the form page, input my name and submit.

The php script should GET the info and dump it into my database...

How can I check & see if it is actually there?

KP

I tried this script:

<?php
if (!empty($name = mysql_real_escape_string($_POST['name'])));
mysql_query("INSERT INTO tablename ( name ) VALUES ( '$name' ) ") or die("mysql_error());
?>

and got this error:

Parse error: syntax error, unexpected '=', expecting ')' in /home/wkpride/public_html/44.php on line 11

Try -

<?php
if (!empty($_POST['name'])) {
$name = mysql_real_escape_string($_POST['name']);
mysql_query("INSERT INTO tablename ( name ) VALUES ( '$name' ) ") or die("mysql_error());
}
else {
echo 'fill in the form';
}
?>

To get the info back out of the database have a look at mysql_fetch_array [uk.php.net] as there are a lot of examples there for you to try.

[edited by: PHP_Chimp at 10:33 pm (utc) on Nov. 15, 2007]

Here is the last try of the night.. Will try again in the morning.

It appears that there isn't a proper ending to the script?

Here is script:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<?php
$name=mysql_real_escape_string($_POST['name']);

$dbh=mysql_connect ("localhost", "wkpride_name", "<PASSWORD HERE>") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("wkpride_name");

if (!empty($_POST['name'])) {
$name = mysql_real_escape_string($_POST['name']);
mysql_query("INSERT INTO tablename ( name ) VALUES ( '$name' ) ") or die("mysql_error());
}
else {
echo 'fill in the form';
}
?>

And the error is:

Parse error: syntax error, unexpected $end in /home/wkpride/public_html/45.php on line 26

There is nothing on or below line 26,

Thanks everyone!

kp

First off, is your table actually named tablename? You need to put the name of your database table there.

Next (and I should have said it this way in my initial response), it often helps to build your SQL query as a variable, because then you easily echo it to the screen to see what you're actually doing.

Like this:

<?php
// assign a variable to your entire query
$myquery = "INSERT INTO tablename ( name ) VALUES ( '$name' ) ";
// now echo it to the screen and see if it makes sense
echo $myquery;
// now execute the query
mysql_query($myquery) or die(mysql_error()); 
?>

The error message you're getting is probably due to the extraneous double quote in the "mysql error()" call.

Also -- and this is very useful, particularly when you're learning -- you can echo bits and pieces to the screen to see what's happening in your script and where it's stumbling, like so:

<?php
// This tells you what POST values are actually being submitted
echo 'POST: ';
print_r($_POST);
$name=mysql_real_escape_string($_POST['name']);
// this tells you if $name is getting the value properly:
echo '<br>name: '.$name;
?>

And so forth. Of course, you would remove all of those echo statements before going live. But it can give you a very good idea of what variables and values you're dealing with, how far your script is getting before it stumbles, and exactly where it is stumbling.

Do you have phpMyAdmin or any other graphical interface to access your database? If not, you'll have to learn to use the mysql command line syntax to see what's actually being into the database.

Progress!

I was watching Shrek the third and decided to "print" values after each step... Funny, that was your advice.

Anyhow. The form was fine. Next I asked php to put the name into $name and print it out... with:
$name =$_POST['name'];
echo $name
This worked on the first try....

I decided to the mysql_real_escape_string statement - Didn't like that.

I figured out that I needed to login to mysql before that statement. Finally I got it working with:

<?php
$dbh=mysql_connect ("localhost", "wkpride_name", "password") or die ('I cannot connect to the database because: ' . mysql_error());
$name=mysql_real_escape_string($_POST['name']);
echo $name;
?>

Now I'll work on passing the name to the database...

I do have phpMyAdmin - If I open the database - it is showing zero records. I guess my goal is to change that to a one.

THANKS! so much!
I'm determined to figure it out........KP

Hey!

I think it's adding data... just not sure. Here is the code:

<?php
$dbh=mysql_connect ("localhost", "wkpride_name", "password") or die ('I cannot connect to the database because: ' . mysql_error());
if (!empty($_POST['name']))
{
$name=mysql_real_escape_string($_POST['name']);
echo $name;
mysql_select_db("wkpride_name",$dbh);
sql$= "INSERT INTO test (name) VALUES ('$name')";
echo sql$
}
else
echo "enter name";
?>

sql$ prints "record added"
But when I go to phpMyAdmin and select the database, it shows no records... So I'm not sure.

I guess I could write code to get the database records and print them out?

KP

You're getting there! Your sql statement looks correct, but all it consists of is a variable. Now you need to execute that actual MySQL query. Put this line immediately after the echo $sql line:

mysql_query($sql) or die(mysql_error());

Oh, and it should $sql, not sql$.

Hmmmm... Well, I'm not sure it's dumping data yet.

This is the output:

dyjyjdyINSERT INTO test (name) VALUES ('dyjyjdy')No database selected

My code now reads:

<?php
$dbh=mysql_connect ("localhost", "wkpride_name", "password") or die ('I cannot connect to the database because: ' . mysql_error());
if (!empty($_POST['name']))
{
$name=mysql_real_escape_string($_POST['name']);
echo $name;
mysql_select_db("wkpride_name",$dbh);
$sql="INSERT INTO test (name) VALUES ('$name')";
echo $sql;
mysql_query($sql) or die(mysql_error());
}
else
echo "enter name";
?>

Looks like to me that the line
$sql="INSERT INTO test (name) VALUES ('$name')"; is making $sql into a string variable - instead of a definition of an action...

because when I echo it... It just prints out the text (except for putting a value in $name.

Still no records in the table... I think I'm stuck.

KP

[edited by: wkpride at 8:50 pm (utc) on Nov. 16, 2007]

Do you have different databases under your user name, or are you using 1 database with different schemas?
As if you are using schemas then you would need to refer to the table using schema.name to get to the correct place.

<?php
$dbh = mysql_connect("localhost", "wkpride_name", "password") or die ('I cannot connect to the database because: ' . mysql_error());
if (!empty($_POST['name'])) {
$name = mysql_real_escape_string($_POST['name']);
echo $name;
//mysql_select_db("wkpride_name", $dbh);
$sql = "INSERT INTO test (name) VALUES ('$name')";
echo $sql;
mysql_query($sql) or die(mysql_error());
}
else {
echo "enter name";
}
?>

The rest of your code looks fine. $sql should be turned into a string as this is what is passed over to the database and the database will read and interpret this string.
The mysql_select_db [uk2.php.net] function requires the name of the database you are connecting to as the first argument. In your example you are using the same value for the select_db as you are for the username call in the connect function. Is this just because you have been changing the names for the forum, or are you using the username as the database name for real?

Well, I wasn't sure how to write the login, so I copied other database scripts that I have in MySql account.

HEY! Thats it.

mysql_connect("localhost", "wkpride_name",

I should have been using my username............

Excellent. Now I guess I'll have to work on getting the info out of the database....

This stuff is too cool.

kp

Yeah, I remember how utterly cool it felt when I first successfully dumped form data into a database, and then successfully pulled it out and displayed it on a page. You suddenly feel like the database god!

I recommend that you bookmark [php.net...] -- it's the source for php functions and syntax, particularly the parts relating to MySQL.