Welcome to WebmasterWorld Guest from 54.167.185.18

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Insert Into using if else-if statement

   
12:18 am on Jul 11, 2012 (gmt 0)



<!--
With this form I don't get an error when click on submit, but when I log onto my server to see if the info was submitted into my database its not showing up, please help:
-->

<?php
$email = $_POST['email'];
$persons_name = $_POST['name'];
$phone = $_POST['phone'];
$website_address = $_POST['websiteaddress'];

$query = "INSERT INTO free_estimate_c (email, name, phone, website_address )" .
"VALUES ('$email', '$persons_name', '$phone', '$website_address')";

$dbc = mysqli_connect('hostloacation', 'username, 'password', 'databasename')
or die('Error connecting to MySQL server.')

if ((empty($email))&&(empty($name))&&(empty($phone))&&(empty($website_address))){
echo "Fill in your information and we will contact you shortly";
?>

<form action="while_statement.php" method="post">
<label for="name">Name: </label><br />
<input type="text" id="name" size="60" name="name" value="<?php echo $persons_name; ?>" />
<br />
<br />
<label for="email">Email:</label><br />
<input type="text" id="email name="email" value="<?php echo $email; ?>" />
<br />
<br />
<label for="phone">Phone:</label><br />
<input type="text" id="phone" name="phone" value="<?php echo $phone; ?>" />
<br />
<br />
<label for="websiteaddress">Web Site Address:</label><br />
<input type="text" id="websiteaddress" name="websiteaddress" value="<?php echo $website_address; ?>" />
<br />
<br />
<input type="submit" value="submit" name="submit"/>
</form>
<?php
//closing first if statment
}
//if all fields are filled in insert form info into database
else if ((!empty($persons_name))&&(!empty($email))&&(!empty($phone))&&(!empty($website_address))){
mysqli_query ($dbc, $query);
}
?>
3:59 pm on Jul 11, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You're not filtering input, this is dangerous . . . anyway find out what's wrong like so.

mysqli_query ($dbc, $query) or die("cannot insert data: " . mysqli_error());

Not sure if "name" is reserved or not. Start with backticks (not quotes)

$query = "INSERT INTO free_estimate_c (`email`, `name`, `phone`, `website_address` ) VALUES ('$email', '$persons_name', '$phone', '$website_address')";

First note that concatenation is not necessary, the entire string is delimited by " "

At the very least, use the escape string functions. This does not cleanse your data, but makes it safe for database inserts. You can still get a mysql injection, but now it might actually insert. :-) Now you'll need concatenation to add the function output.

$query = "INSERT INTO free_estimate_c
(`email`, `name`, `phone`, `website_address`)
VALUES (" .
'" . mysqli_real_escape_string ($email) . "',
'" . mysqli_real_escape_string ($persons_name) . "',
'" . mysqli_real_escape_string ($phone) . "',
'" . mysqli_real_escape_string ($website_address) .
"')";

Note that this must come AFTER you open the database connection or it will error. Move it below where you open the connection.

I'd also change this:

if ((empty($email))&&(empty($name))&&(empty($phone))&&(empty($website_address))){
echo "Fill in your information and we will contact you shortly";

This means "if everything is empty." You want OR here (or the symbolic or, || ) for any required fields. If it's all fields,

if (empty($email) or empty($name) or empty($phone) or empty($website_address)){
echo "<p>Fill in your information and we will contact you shortly</p>";

You also had superfluous ()'s

echo empty($variable); // will echo true or false, 1 or 0, depending
echo (empty($variable)); // same thing, more points to encounter errors in typos
11:20 pm on Jul 12, 2012 (gmt 0)



rocknbil it didn't work, so I did the following and it still did not work, please help me:

<?php
$email = $_POST['email'];
$persons_name = $_POST['name'];
$phone = $_POST['phone'];
$website_address = $_POST['websiteaddress'];

$dbc = mysqli_connect('host', 'username', 'password', 'databasename')
or die('Error connecting to MySQL server.');


/*
Rocknbill I added the backwards single quote as you said.
I didn't understand why you put in the single and double quotes that you did ealier so I did the following, shoudn't this work just fine?
*/

$query = "INSERT INTO free_estimate_c (`email`, `name`, `phone`, `website_address`)" .
"VALUES ('$email', '$persons_name', '$phone', '$website_address')";


// I used or instead of and as you said to do

if (empty($email) or empty($persons_name) or empty($phone) or empty($website_address)){
echo "<p>Fill in your information</p>";
}

else if ((!empty($persons_name))&&(!empty($email))&&(!empty($phone))&&(!empty($website_address))){
mysqli_query ($query, $dbc);
}
?>

//this is my html page

<form action="while_statement.php" method="post">
Name: <br />
<input type="text" id="name" size="60" name="name" /><br /><br />
Email: <br />
<input type="text" id="email name="email" />
<br /><br />
Phone:<br />
<input type="text" id="phone" name="phone" /><br /><br />
Web Site Address:<br />
<input type="text" id="websiteaddress" name="websiteaddress" />
<br /><br /><input type="submit" value="submit" name="submit"/>
</form>
8:05 pm on Jul 13, 2012 (gmt 0)



Ok so no one wants to reply and why is that, is that because people here are not experienced enough, I assume that's the case? I'm new here and so it sure would be nice if someone would reply to my plea and help me using layman terms.
8:07 pm on Jul 13, 2012 (gmt 0)



rocknbill is there another way I can write this code because what you wrote did not work for me:

$query = "INSERT INTO free_estimate_c
(`email`, `name`, `phone`, `website_address`)
VALUES (" .
'" . mysqli_real_escape_string ($email) . "',
'" . mysqli_real_escape_string ($persons_name) . "',
'" . mysqli_real_escape_string ($phone) . "',
'" . mysqli_real_escape_string ($website_address) .
"')";
10:30 pm on Jul 14, 2012 (gmt 0)

10+ Year Member



People here give their time for free, and come from many countries using different local keyboards.

$query = "INSERT INTO free_estimate_c (email,name,phone,website_address)
VALUES ('".mysqli_real_escape_string ($email)."','".mysqli_real_escape_string($persons_name)."','".mysqli_real_escape_string($phone)."','".mysqli_real_escape_string($website_address)."')";

all on one line.

assuming email,name,phone,website_address are your field names and they are all strings. Every string value must start with a ' and end with a ' separated by a , . The number of values must also equal the number of fields declared.

A quick look at [w3schools.com...] may help you.
2:00 am on Jul 17, 2012 (gmt 0)



johnhh it still didn't work. This is the way it was looking when I uploaded it:

//html part
<form method="post" action="free_estimate_c.php">
<label for="name"> Name</label>
<br />
<input type="text" id="name" size="35" name="name" />
<br />
<br />
<label for="email">E-mail </label>
<br />
<input type="text" id="email" size="35" name="email" />
<br />
<br />
<label for="phone">Phone</label>
<br />
<input type="text" id="phone" size="35" name="phone" />
<br />
<br />
<label for="websiteaddress">Web Site Address (if applicable)</label>
<br />
<input type="text" id="websiteaddress" size="60" name="websiteaddress" />
<br />
<br />
<input type="submit" value="Submit Form" name="submit" />
</form>

// php part

<?php

$name = $_POST ['name'];
$email = $_POST ['email'];
$phone_number = $_POST ['phone'];
$website_address = $_POST ['websiteaddress'];

$dbc = mysqli_connect('hostresource.com', 'username', 'pass!', 'dbname')
or die('Error connecting to MySQL server.');

$query = "INSERT INTO free_estimate_c (email,name,phone,website_address)
VALUES ('".mysqli_real_escape_string ($email)."','".mysqli_real_escape_string($name)."','".mysqli_real_escape_string($phone_number)."','".mysqli_real_escape_string($website_address)."')";

$result = mysqli_query($dbc, $query)
or die('Error querying database.');

if ($result)
{
echo "Your request for an estimate has been received. We will look over your information and get in touch with you shortly. Thank you.";
}
?>
9:39 pm on Jul 18, 2012 (gmt 0)

10+ Year Member



And the error message is ? View your Apache error logs to find out.

Then you do basic debug.

give $name and other variables a value

$name="test@example.com";

or echo the values to make sure there are values

echo "name=".$name;

Remove the mysqli_real_escape_string function calls and see what happens.

The php code looks OK to me, although I would give the form a name and id

<form method="post" name="inputform" id="inputform" action="free_estimate_c.php">