Solved

form post (adding record to mysql) 200points

Posted on 2002-05-02
8
240 Views
Last Modified: 2006-11-17
Hi everybody,

I don't undurstand why this is not working;
I have 2 files
one is adddata.htm
this is content of this file

<html>
<form method="post" action="addrec.php">
surname:<input type="text" name="surname"><br>
<input type="submit" name="submit" value="enter information">
</body>
</html>

and I got the file addrec.php
this is content

<HTML>
<?PHP
$db = mysql_connect ("localhost", "root", "");
mysql_select_db("datahouse",$db);
$sql= "INSERT into occurence (surname) values ('$surname')";
$result = mysql_query($sql);
echo "thanks for entering";

?>
</HTML>

The problem is that it adds a records in the database but with the field surname BLANK
I also added some echo in the file addrec.php
something in this nature
echo "$surname"
echo $surname
echo 'surname'

all return blanks  am new to php
help needed


0
Comment
Question by:jerbell
  • 4
  • 3
8 Comments
 

Author Comment

by:jerbell
ID: 6987731
just wanted to add:
I just install php on my linux
I know part of php is working as echo works
and Phpinfo command.
was just wondering if it could be compiled option that i missed in order for post to work;
0
 
LVL 32

Expert Comment

by:Batalf
ID: 6987745
It seems strange.

First of all, try to add the </form> tag in your addata.htm-file:

<html>
<form method="post" action="addrec.php">
surname:<input type="text" name="surname"><br>
<input type="submit" name="submit" value="enter information">
</form>
</body>
</html>

Other than that, everything seems OK to me.

But one thing I also will recommend is to use only one file for this task, a file like this:
<html>
<body>
<?PHP
$db = mysql_connect ("localhost", "root", "");
mysql_select_db("datahouse",$db);

// Form has been submitted?
if($submit)
{
  $sql= "INSERT into occurence (surname) values('$surname')";
  // Try echo $sql if it doesn't work
  $result = mysql_query($sql);
  echo "thanks for entering";
}
else
{
?>

<form method="post" action="<? echo $PHP_SELF; ?>">
surname:<input type="text" name="surname"><br>
<input type="submit" name="submit" value="enter information">
</form>
<?
}
?>
</body>
</html>
0
 

Author Comment

by:jerbell
ID: 6987805
I tried </form>
still getting same blank field in database

can I just do an echo to see the value pass to addrec.php?
what would be the syntax

Could it be because I have php version 4.2.0
and am using php files instead of php4
could it be an optin in the php.ini or along that nature?
0
 
LVL 7

Expert Comment

by:axis_img
ID: 6987911
Hi jerbell...

You are exactly right... The problem is that you are using PHP4.2, and form variables are no longer global by default in this new version.

Just to prove this fact, try adjusting your addrec.php file to this and see if it works.

<HTML>
<?PHP
$db = mysql_connect ("localhost", "root", "");
mysql_select_db("datahouse",$db);
$sql= "INSERT into occurence (surname) values ('" . $_POST['surname'] . "')";
$result = mysql_query($sql);
echo "thanks for entering";

?>
</HTML>


I will follow up with a post containing a detailed explanation for you, but this should get you started.

Regards,
Barry
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 7

Accepted Solution

by:
axis_img earned 200 total points
ID: 6987921
The problem is that in PHP 4.2, Register Globals is automatically defaulted to OFF. This means that variables that were normally in the global space such as form fields that were submitted via GET and/or POST are no longer in the global space by default. For example, your text field named "surname" would normally be placed into the global scope for your PHP scripts under the variable name $surname. This is no longer true in PHP4.2, since the register_globals line in PHP's config file is automatically defaulted to "Off".

PHP Announcement: http://www.php.net/release_4_2_0.php

You can still force the old default behavior by changing the php.ini file and set the value for register_globals to "On". This will allow you to access the variables as they are named in the forms; in your case, $surname.

Documentation: http://www.php.net/manual/en/configuration.php#ini.register-globals

Even without setting register_globals to On, you could still access the variable as:

$_POST["surname"];


$_POST is the same thing as $HTTP_POST_VARS (which is now deprecated, by the way). It contains all of
the fields that were posted to the script. There are others such as $_GET, $_ENV, $GLOBALS, etc. For
the full list of predefined variables, look here:

http://www.php.net/manual/en/reserved.variables.php

The one good thing about the new $_POST array, $_GET array, etc. is that they are considered "Super Globals", which means that you do not need to make them global within function calls. For instance, this works fine:

function dummy_function() {
     print($_POST['surname']);
}


In earlier versions, you would have to do this:

function dummy_function() {
global $surname;

     print($surname);
}


Anyway, hope this helps a little. Let me know if you have any further problems.
0
 

Author Comment

by:jerbell
ID: 6989385
that was it!!!
Batalf sugested putting all in one file!
Is it security reason or just saving from creating another page?
Or is it performance?
thanks all
0
 
LVL 7

Expert Comment

by:axis_img
ID: 6989925
Hi jerbell...

I normally put it all in one page as well. It is not really a security issue really. The reason I do it is for error checking. When they submit a form and do not fill in a field properly, it is better to show them the form again, rather than saying "Click here to go back to the form and fix the problem". Here is a small example of how I use this method:


<?
$error_fields = array();

// $active will only be 1 if the form was submitted
// which means we need to start processing the form
if($_POST["active"] == 1) {

  // They didn't fill in the field properly
  if($_POST["field1"] == "") {
    $error_fields["field1"] = "This field is empty!";
  }

  // No errors found, do everything and redirect to confirm page
  if($error_found == false) {
    // insert into database, email it somewhere, etc.
    header("Location: http://www.domain.com/thanks.php");
    exit;
  }
}

?>
<html>
<head>
<title>Form</title>
</head>
<body>

<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<input type="hidden" name="active" value="1">

<? if($error_fields["field1"] != "") print($error_fields["field1"] . "<br>");?>
<input type="text" name="field1" value="<?=$_POST['field1']?>"><br>

<input type="submit" value="Submit">
</form>

</body>
</html>



So this works in the following way:

The first time this page is pulled up, $_POST['active'] is not set, so the check at the top of the page fails and does not try to handle the form. It simply skips it and continues on to display the form.

Once they submit the form (it submits to itself), the hidden field named "active" is set to 1. The check at the top of the page to see if the form was submitted is now true, so it checks the field(s). If there was an error for any of the fields, I put it into the error array. Once all of the fields are checked, you simply check to see if there are any fields in the error array. If no, then the form was submitted properly. You can insert the info into the db, mail it out... whatever it is you need. Then you simply redirect them to a thank you page and the script is exited.

If there was an error though, then it skips over the section that does any mailing or db updates and just displays the form again. As an added help, I normally have a single PHP line above each form field that basically just checks to see if that form field is in the error array. If it is, then print out the error message that is held for that field in the array. I also set the value of the form fields to the value submitted. This is much friendlier to the user, as they do not have to keep going back to enter things into the form if they make mistakes. It is automatically displayed for them again.


Anyway... that is just a quick (small) example. Hope you find some use for it in the future.

Regards,
Barry
0
 
LVL 7

Expert Comment

by:axis_img
ID: 6989928
oops.. one small error I forgot to fix on that last post...

if($error_found == false) {

should be:

if(sizeof($error_fields) == 0) {
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now