inserting record into mysql db using php – PHP

  php

Q(Question):

Hello – beginner here…
I’m trying to insert records into a mysql db that are entered from an
html form. I’m not getting any errors, but the insert isn’t working.
Am I missing something obvious? Thanks for any assistance…

Here is my code:
<?php
// Connect to MySQL
$cn = mysql_connect("localhost", "root", "something");
// Select the database
mysql_select_db("employees_lgr", $cn);

$first = $_REQUEST[‘first’];
$last = $_REQUEST[‘last’];
$address = $_REQUEST[‘address’];
$position = $_REQUEST[‘position’];

$strIns = "Insert into employees_lgr(first, last, address,
position ) values ";
$strIns .= "(‘$first’,’$last’,’$address’,’$position’ )";

$result = mysql_query($strIns, $cn);

if ($result)
print ("employee inserted into database \n");

?>

A(Answer):

Skygal wrote:

Hello – beginner here…
I’m trying to insert records into a mysql db that are entered from an
html form. I’m not getting any errors, but the insert isn’t working.
Am I missing something obvious? Thanks for any assistance…

Here is my code:
<?php
// Connect to MySQL
$cn = mysql_connect("localhost", "root", "something");
// Select the database
mysql_select_db("employees_lgr", $cn);

$first = $_REQUEST[‘first’];
$last = $_REQUEST[‘last’];
$address = $_REQUEST[‘address’];
$position = $_REQUEST[‘position’];

$strIns = "Insert into employees_lgr(first, last, address,
position ) values ";
$strIns .= "(‘$first’,’$last’,’$address’,’$position’ )";

$result = mysql_query($strIns, $cn);

if ($result)
print ("employee inserted into database \n");

?>

And if $result is false, what do you do?

Hint: mysql_error().


==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

A(Answer):

Skygal escribió:

I’m trying to insert records into a mysql db that are entered from an
html form. I’m not getting any errors, but the insert isn’t working.
Am I missing something obvious? Thanks for any assistance…

Here is my code:
<?php
// Connect to MySQL
$cn = mysql_connect("localhost", "root", "something");
// Select the database
mysql_select_db("employees_lgr", $cn);

You don’t do any error checking at all. Your script will proceed till
the end even if you can’t connect to the database in the first line.
Read the manual entries for every function you use and check their
return values.

$first = $_REQUEST[‘first’];
$last = $_REQUEST[‘last’];
$address = $_REQUEST[‘address’];
$position = $_REQUEST[‘position’];

$strIns = "Insert into employees_lgr(first, last, address,
position ) values ";
$strIns .= "(‘$first’,’$last’,’$address’,’$position’ )";

$result = mysql_query($strIns, $cn);

It looks like Pat O’Hara is not allowed to work at your company ;-P


http://alvaro.es – Álvaro G. Vicario – Burgos, Spain
— Mi sitio sobre programación web: http://bits.demogracia.com
— Mi web de humor al baño María: http://www.demogracia.com

A(Answer):

Skygal wrote:

Hello – beginner here…
I’m trying to insert records into a mysql db that are entered from an
html form. I’m not getting any errors, but the insert isn’t working.
Am I missing something obvious? Thanks for any assistance…

Make sure you do your own Error checking at every stage an error can
occur. This will help you debug any errors. SQL functions will not throw
you an error automatically if the ‘syntax’ is correct, so you have to
check yourself.

>
Here is my code:
<?php
// Connect to MySQL
$cn = mysql_connect("localhost", "root", "something");

Start here and check to MAKE SURE your DB is connected.

CODE:
if(!$cn) {
echo "Error connecting to DB";
exit();
}

// Select the database
mysql_select_db("employees_lgr", $cn);

$first = $_REQUEST[‘first’];
$last = $_REQUEST[‘last’];
$address = $_REQUEST[‘address’];
$position = $_REQUEST[‘position’];

OT: Try not to use the $_REQUEST Super Global, use $_POST or $_GET

CODE HINT:
$first = $_POST[‘first’];

But what you have will work for now.

>
$strIns = "Insert into employees_lgr(first, last, address,
position ) values ";
$strIns .= "(‘$first’,’$last’,’$address’,’$position’ )";

OT: Clean up your $strIns creation to make it easier to read and update.

CODE HINT:
$strIns = "INSERT INTO employees_lgr (
first,
last,
address,
position)
VALUES (
‘$first’,
‘$last’,
‘$address’,
‘$position’)";

This is purely for readability then functionality.
But they way you are doing it will work.

>
$result = mysql_query($strIns, $cn);

Second error check, ensure your query succeeded.

CODE:
if(!$result) {
echo "Error in query: ".$strIns;
}

>
if ($result)
print ("employee inserted into database \n");

?>

Then come back if you are still having problems.

Good Luck
Scotty

A(Answer):

On Oct 8, 10:02*pm, Skygal <skygal.li…@gmail.comwrote:

Hello – beginner here…
I’m trying to insert records into a mysql db that are entered from an
html form. *I’m not getting any errors, but the insert isn’t working.
Am I missing something obvious? *Thanks for any assistance…

Thanks to everyone for responding! Not long after I posted I too
thought of error checking and have at least found out that I have
successfully connected, but am not getting the database open. So I’ll
review your suggestions and see what I can fix.

Back at cha later…

A(Answer):

On Oct 8, 10:02*pm, Skygal <skygal.li…@gmail.comwrote:

Hello – beginner here…
I’m trying to insert records into a mysql db that are entered from an
html form. *I’m not getting any errors, but the insert isn’t working.
Am I missing something obvious? *Thanks for any assistance…

I had the wrong db name. That’s all it was. Geez.

Thanks, everyone! I’ll keep note of your suggestions – they weren’t
for naught!

A(Answer):

Skygal wrote:

Hello – beginner here…
I’m trying to insert records into a mysql db that are entered from an
html form. I’m not getting any errors, but the insert isn’t working.
Am I missing something obvious? Thanks for any assistance…

Here is my code:
<?php
// Connect to MySQL
$cn = mysql_connect("localhost", "root", "something");
// Select the database
mysql_select_db("employees_lgr", $cn);

$first = $_REQUEST[‘first’];
$last = $_REQUEST[‘last’];
$address = $_REQUEST[‘address’];
$position = $_REQUEST[‘position’];

In addition to the suggestions of everyone else, you don’t seem to
escape the user input. Unless escaped, your users could inadvertently
cause SQL errors, or a malicious user could potentially inject harmful
SQL.

Use mysql_real_escape_string() on string data, intval() for int data,
floatval() for floats, etc. The MySQLi extension and PDO allows use of
prepared statements for sanitizing SQL data.

$strIns = "Insert into employees_lgr(first, last, address,
position ) values ";
$strIns .= "(‘$first’,’$last’,’$address’,’$position’ )";

$result = mysql_query($strIns, $cn);

if ($result)
print ("employee inserted into database \n");

?>


Curtis

LEAVE A COMMENT