7 Replies - 856 Views - Last Post: 13 February 2013 - 09:07 PM Rate Topic: -----

#1 c9-adams  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 98
  • Joined: 12-December 11

Inserting data into database

Posted 13 February 2013 - 07:41 AM

Hi guys,

I am creating a form that enters data into the database however this is not happening. When I submit the form, no data is being entered into the database.

Here is what I have tried:


<!Doctype html>
<head>
<title>
Thankyou!
</title>
</head>
<body>
<?php
include "config2.php";
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$nationality = $_POST['nationality'];
$studentid = $_POST['stid'];
$department = $_POST['department'];
$course = $_POST['course'];
$email = $_POST['email'];
$address = $_POST['address'];
$number = $_POST['number'];
$gender = $_POST['gender'];
$ageonarrival = $_POST['age-on-arrival'];
$admissionstatus = $_POST['status'];
$reason = $_POST['reason'];
$change = $_POST['date'];
$first = $_POST['first'];
$progress = $_POST['progression'];
$intake = $_POST['intake-date'];
$progressto = $_POST['progress-to'];
#database connectivity

    
$insert = 'INSERT into student-contact (Forename, Surname, Nationality Name, Student id, FET Department, Course, Email, Address, Number, Gender, Age On Arrival, Admission Status, Enrolment Admission Status Reason, Enrolment Admission Status Date Of Change, First Course Booking Course, Progression Route, Progression Intake Date, Progressing to) VALUES ("'.$fname.'" , "'.$lname.'" , "'.$nationality.'" , "'.$studentid.'" , "'.$department.'" , "'.$course.'" ,"'.$email.'" , "'.$address.'" , "'.$number.'" , "'.$gender.'" , "'.$ageonarrival.'" , "'.$admissionstatus.'", "'.$reason.'" , "'.$change.'" , "'.$first.'" , "'.$progress.'" , "'.$intake.'" , "'.$progressto.'")';
$query = mysql_query("SELECT * FROM student-contact WHERE Forename='$fname'");
#insert data from mysql table
if(mysql_num_rows($query) != 0)
{
echo"<meta http-equiv='refresh' content='0;url=exists.php'>";
}
else
{
//proceed with code here
}
if (empty($studentid)) {
    header("Location: exists.php");
}
#navigate the user to the exist page which tells the user that there has been a fault
mysql_query($insert);
echo("<h1>You have successfully added $fname to the student record system.</h1>");
echo("<p>The details which you have sent to us are the following:</p>");
echo("<p>Forename: $fname</p>");
echo("<p>Surname: $lname</p>");
echo("<p>Nationality: $nationality</p>");
echo("<p>Student ID: $studentid</p>");
echo("<p>Department: $department</p>");
echo("<p>Course: $course</p>");
echo("<p>Email: $email</p>");
echo("<p>Address: $address</p>");
echo("<p>Contact number: $number</p>");
echo("<p>Gender: $gender</p>");
echo("<p>Age on arrival: $ageonarrival</p>");
echo("<p>Admission Status: $admissionstatus</p>");
echo("<p>Enrolment Admission Status Reason: $reason</p>");
echo("<p>Enrolment Admission Status Date Of Change: $status</p>");
echo("<p>First Booking Course: $first</p>");
echo("<p>Progression route: $progress</p>");
echo("<p>Progression Intake Date: $intake</p>");
echo("<p>Progressing to: $progressto</p>");
?>
<!--  The users details are displayed to show what data the user has sent to the system -->
</body>
</html>




Is This A Good Question/Topic? 0
  • +

Replies To: Inserting data into database

#2 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3576
  • View blog
  • Posts: 10,441
  • Joined: 08-June 10

Re: Inserting data into database

Posted 13 February 2013 - 08:10 AM

list of issues:
- does not work on initial load (no POST data available) (not an issue if that’s purely a processing script)
- if data in $_POST array do not exist, Notices are emitted (unknown offset/index)
- no validation/sanitisation of user data
- no measures against SQL Injection
- use of the deprecated mysql extension
- no check, whether the mysql calls actually succeed
- no exit after location header

and the most important:
- no error checks at all

and a minor one:
- using HTML reload where a PHP include would suffice
- using HTTP reload where a PHP include would suffice

PS. the reason why it doesn’t insert is because the SQL is malformed (i.e. field names do not allow spaces)

This post has been edited by Dormilich: 13 February 2013 - 08:09 AM

Was This Post Helpful? 0
  • +
  • -

#3 c9-adams  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 98
  • Joined: 12-December 11

Re: Inserting data into database

Posted 13 February 2013 - 08:25 AM

I have got rid of the spaces in the field names however this is having no impact still.
Was This Post Helpful? 0
  • +
  • -

#4 noorahmad  Icon User is offline

  • Untitled
  • member icon

Reputation: 209
  • View blog
  • Posts: 2,290
  • Joined: 12-March 09

Re: Inserting data into database

Posted 13 February 2013 - 09:29 AM

Try to check what is the problem with your query by adding dir() function after mysql_query.

like this:
$query = mysql_query("SELECT * FROM student-contact WHERE Forename='$fname'") or die(mysql_error());


Was This Post Helpful? 0
  • +
  • -

#5 laytonsdad  Icon User is offline

  • Cheese and Sprinkles
  • member icon

Reputation: 447
  • View blog
  • Posts: 1,930
  • Joined: 30-April 10

Re: Inserting data into database

Posted 13 February 2013 - 11:24 AM

View Postnoorahmad, on 13 February 2013 - 09:29 AM, said:

Try to check what is the problem with your query by adding dir() function after mysql_query.

like this:
$query = mysql_query("SELECT * FROM student-contact WHERE Forename='$fname'") or die(mysql_error());



I think die() is what they meant to say.
Was This Post Helpful? 2
  • +
  • -

#6 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3730
  • View blog
  • Posts: 6,017
  • Joined: 08-June 10

Re: Inserting data into database

Posted 13 February 2013 - 03:58 PM

Keep in mind though that using die like that is a very crude way to deal with errors. Sure, it'll work well enough while debugging, but in a live product you don't want the errors to be dumped onto the screen in full view of the users. At best it messes up the site and makes it look very amateur-ish, and at worst it can provide malicious users with info on your code/database structure.

A better way is to properly configure PHP's error handling and use trigger_error instead.

Simple version:
mysql_query($sql) or trigger_error(mysql_error(), E_USER_ERROR);


A more complete version. This is probably more like what you want to end up doing.
$result = mysql_query($sql);
if ($result) {
    // Process the result here
}
else {
    // Log or display the error, then print a error page
    // for normal users to see.
    trigger_error(mysql_error(), E_USER_ERROR);
    include "error_500.php";
}


Now the actual error will only show up on servers with the "display_errors" config directive set to True. On production servers the error won't be displayed, but will be logged to an error log file.
Was This Post Helpful? 1
  • +
  • -

#7 tycos  Icon User is offline

  • D.I.C Head

Reputation: 4
  • View blog
  • Posts: 53
  • Joined: 12-February 13

Re: Inserting data into database

Posted 13 February 2013 - 05:20 PM

Are you going to use:

$query = mysql_query("SELECT * FROM student-contact WHERE Forename='$fname'");


After inserting your record? Unless first name is a unique field then you might return multiple records, what you would want to do is get the ID of the record you just created.

MySQL Insert ID
Was This Post Helpful? 0
  • +
  • -

#8 raghav.naganathan  Icon User is offline

  • Perfectly Squared ;)
  • member icon

Reputation: 408
  • View blog
  • Posts: 1,440
  • Joined: 14-September 12

Re: Inserting data into database

Posted 13 February 2013 - 09:07 PM

Well, also take a look on How to parameterize your queries to avoid SQL injection.

regards,
Raghav
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1