3

I am trying to submit an HTML <form> and have the input and select information entered into a MySQL database table. My code is entering the <input type="text"> data into the table, but it is not entering the data in the <select>.

This is the <form> I have been using:

<form enctype="multipart/form-data" action="send.php" method="post">
    <select name="gender">
        <option value="Male"> Male</option>
        <option value="Female">Female</option>
    </select>
    <input type="text" name="name">
    <input type="submit" value="Add">
</form>

And this is the PHP I've been using to enter the form into the table: 

<?php
$gender=$_POST['gender']; // This is the select/dropdown
$name=$_POST['name'];  // This is the text input

mysql_connect("", "", "") or die(mysql_error()) ; 
mysql_select_db("") or die(mysql_error()) ; 

mysql_query("INSERT INTO `table1` VALUES ('$gender', '$name')") ; 
?>
Improve this question
2
  • 7
    See: Exploits of a Mom. Commented Jul 15, 2011 at 19:05
  • 1
    Haha, the cartoon Joe linked to is great. Anywho, do not insert $_POST (or any user-entered data) directly into a mysql statement. That opens some big security holes. Look into the method mysql_real_escape_string. It's not perfect, but is a start. That aside, more information is needed to understand why your data isn't getting into the table. Is mysql throwing any errors? Use print_r to make sure you are capturing data from the form correctly. Commented Jul 15, 2011 at 19:17

4 Answers 4

Reset to default
2
  • try to print your form results
  • try to print your SQL statement instead of executing
  • check the statement by eye
  • copy the statement and try to execute in at the server manually.
  • add the log=query.log option in the [mysqld] section of MySQL server configuration file (probably my.cnf), restart the server and look into query.log for recent queries -- do they reach the server?
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Hmmm...If that doesn't work try:

mysql_query("INSERT INTO table1 VALUES ('".$gender."','".$name."');");
Improve this answer

1 Comment

you should avoid using concatenation in queries
0

Try:

mysql_query("INSERT INTO `table1` (genderCol,nameCol) VALUES ('{$gender}','{$name}')");

Though, as @Joe Stefanelli stated, you should really be sanitizing input -- never trust the user. Take a look at using prepared statements

Improve this answer

Comments

0

Your can try 

<?php
$gender=$_POST['gender']; 
$name=$_POST['name']; 

mysql_connect("", "", "") or die(mysql_error()) ; 
mysql_select_db("") or die(mysql_error()) ; 

mysql_query("INSERT INTO `table1` SET `fieldgender`='{$gender}', `fieldname`='{$name}'") ; 
?>

With fieldgender And fieldname is colums in your mysql table1

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.