0

Edit 4: The main issue has been resolved - turned out the problem was a couple of my typos. (Post, <) Thank you! The data now gets entered into my database ok. I'll still consider the other tips you are giving me. Very good first experience with stackoverflow.

Edit 1: OK, I forgot to capitalize $_POST. Now I am getting an error "Column count doesn't match value count at row 1"
Edit 2: I removed ID and added exit();. Now, I have the error message "Column 'Name' cannot be null". I am not sure how/where to add the escape string.
Edit 3: I am following Damien's instructions, and I have this as my output: "Connected to MySQL string(8) "TestName" string(16) "Test Description" string(3) "567" string(6) "234567" string(13) "[email protected]" string(8) "TestPass" Column 'Name' cannot be null" - so still the same error.

Original Question:
I am rather new to using MySQL and PHP. I am using MAMP for my server, and have set up a few PHP files, according to instructions I have been given. Right now, the main goal is to be able to set up a user database, and the form in question should create a new user, with username, password, etc.

When I have filled out the form and press submit, it gives the error message for an incomplete form, instead of sending the data like I want it too. (I am not really sure about how sending data to my database works, either.)

Here is the form (I think it's in HTML):

<form action="create.php" method="post">
 Name:  <input type="text" name="inputName" value="" /><br>
 Description: <input type="text" name="inputDesc" value=""/>
  <br/>
 Phone Number :  (<input type="text" name="inputPArea" value="" />)
- <input type="text" name ="inputPBody" value="" /><br>
 Email: <input type="text" name="inputEmail" value=""/><br>
 Password: <input type="password" name="inputPass" value=""/>

  <input type="submit" name="submit" />

Here is the if/else statement for the error message:

if(!$_Post['submit']){
    echo "please fill out the form";
    header('Location:demo.php');

    }

else {
     mysql_query( "INSERT INTO people (`ID`,`Name`,`Description`,`Area Code`,`Phone Body`,`Email`,`Password`)
               VALUES(NULL<'$name','$desc','$area','$pbody','$email','$pass') ") or die(mysql_error()) ;

echo "User has been added!";
header('Location: demo.php');

     }

Please help! Thank you. It would be nice if you could help me understand how submitting stuff to my database works.

(There is a lot of other PHP stuff, of course. Tell me if you need any of it.)

Improve this question
8
  • 1
    You have the right idea - just make sure it's $_POST and to check, use if (isset($_POST['submit']) And don't forget the get the values of all your inputs too - from your $_POST superglobal. You have to extract them from that first (I recommened using mysql_real_escape_string() on them before assigning them to variable that you put into a query. I'd suggest prepared statements, but you should master this concept first. Commented Jun 15, 2011 at 19:33
  • 1
    Lots of concerns here... Commented Jun 15, 2011 at 19:33
  • Thank you kinakuta - I feel silly now. Commented Jun 15, 2011 at 19:35
  • Now I have an error message: "Column count doesn't match value count at row 1" Commented Jun 15, 2011 at 19:36
  • I don't understand most of what kinakuta is saying... Commented Jun 15, 2011 at 19:38

2 Answers 2

Reset to default
2 
$name = mysql_real_escape_string($_POST['inputName']);
$desc = mysql_real_escape_string($_POST['inputDesc']);
$area = mysql_real_escape_string($_POST['inputPArea']);
$pbody= mysql_real_escape_string($_POST['inputPBody']);
$email = mysql_real_escape_string($_POST['inputEmail']);
$pass = mysql_real_escape_string($_POST['inputPass']);

You access them through the superglobal $_POST array (since you used 'post' as the form method), properly sanitized (you should use PDO and prepared statements though, they'll make your code even safer). ID, if it is set as Auto Increment, is not needed in your query.

mysql_query( "INSERT INTO people (`Name`,`Description`,`Area Code`,`Phone Body`,`Email`,`Password`) VALUES('$name','$desc','$area','$pbody','$email','$pass') ") or die (mysql_error());

Suggestions: Also, consider adding exit(); after your header redirection, to avoid accidental display of the code.
You should also check if $_POSTs are set if(isset($_POST['postname'])) if you don't want (or can't accept) empty values (even if you're doing a client-side validation for that. Always rely on server-side validation, as client-side can be easily avoided)

Warning on mysql_real_escape_string:

A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I have removed 'ID', and added exit();. Now I get the error message: "Column 'Name' cannot be null"
I'm not really sure where to put the escape thing. Should I replace my existing "$name = $_POST['inputName'];" etc. ?
@Xheia..well, is it empty? do a var_dump($var) for each of your vars to see if they actually contain something...and check your code, sometimes it's just a wrong-spelled word here or there.. Oh, yes, you definitely should escape. After you connect to the DB, escape, and then query
@Xheia: mysql_real_escape_string needs a connection in order to work. Be sure to connect to the db before using it. I updated my answer.
I didn't see that you removed the " Null< " as well as the ID - that was another of my typos.
|
0

In your else statement, add:

$name = $_POST['inputName'];
$desc = $_POST['inputDesc'];
$pbody = $_POST['inputPBody'];
$email = $_POST['inputEmail'];
$pass = $_POST['inputPass'];

Consider SQL Injection.

Improve this answer

2 Comments

@Xheia: split your query line into 2 parts: $sql = "INSERT ..."; mysql_query($sql) or die('query: ' . $sql . '//' . mysql_error());. This way you have the generated query in a string which you can output to check for errors. Separating them like this is VERY handy for debugging.
I only somewhat understand Marc B. - I don't think I'll do this right now, but I'll consider it if I need more debugging.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.