Reputation: 51
PHP script which will enter the data in mysql
I have 3 fieldnames called ID, Autore, Titolo in Mysql. The tablename is demo and database name is forms1
I have problem to insert data from many forms into database.
I test code but i have something wrong into insert.php
Form Code:
<style>
br {margin-bottom:-10px;}
</style>
<form action="insert.php" method="post">
<b>Titolo </b> <input type="text" name="Titolo"><br><br>
<b>Autore </b><input type="text" name="Autore"><br><br>
<input type="Submit">
</form>
Insert.php
<?php
define('DB_NAME', 'forms1');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
$sql = "INSERT INTO demo VALUES
('', 'Autore', 'Titolo')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
mysql_close();
?>
This piece of code is wrong:
$sql = "INSERT INTO demo VALUES
('', 'Autore', 'Titolo')";
When i try insert values like Jack, John from form the values that are adding are Autore and Titolo
But Autore & Titolo are my 2nd-3rd fieldnames in my demo table, but its are added like values!
This is my ResultPage.php
<html>
<?php
echo "<h2>Lista Autori</h2>";
echo "<table border='1' style='border-collapse: collapse;border-color: silver;'>";
echo "<tr style='font-weight: bold;'>";
echo "<td width='auto' align='center'>N</td>";
echo "<td width='auto' > Nome</td>";
echo "</tr>";
//1. Connessione al Database
$connection = mysql_connect("localhost","root","");
if(!$connection){
die("Database connection failed: " . mysql_error());
}
//2. Seleziona Database
$db_select = mysql_select_db("forms1",$connection);
if (!$db_select) {
die("Database connection failed: " . mysql_error());
}
//3. Interroga Database
$result = mysql_query("SELECT * FROM demo LIMIT 0, 30 ", $connection);
if (!$result) {
die("Database query failed: " . mysql_error());
}
//4. Use Returned Data
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td align='center' width='auto'>" . $row[1] . "</td>";
echo "<td width='auto'>" . " " . $row[2] . " " . "</td>";
echo "</tr>";
}
mysql_close($connection);
?>
</html>
How can i change insert.php file?
Upvotes: 0
Views: 248
Answers (8)
Reputation: 6653
Use these markup for the query:
INSERT INTO demo(Autore, Titolo)
VALUES ($_POST['Autore'], $_POST['Titolo'])
That way, there saved in the right column... maybe this helps
But be aware, that if you use this, your query is unsafe. You need to strip quotes and all that other stuff...
Upvotes: 0
Reputation: 7832
$Autore = mysql_real_escape_string ($_POST['Autore']);
$Titolo = mysql_real_escape_string ($_POST['Titolo']);
$sql = "INSERT INTO demo VALUES
('', '$Autore', '$Titolo')";
Upvotes: 0
Reputation: 17858
In your insertion code you have
$sql = "INSERT INTO demo VALUES
('', 'Autore', 'Titolo')"
This has hardcoded your values.
Do remember to check the values of the variables coming back and escape them
Your form has this:
<b>Titolo </b> <input type="text" name="Titolo"><br><br>
<b>Autore </b><input type="text" name="Autore"><br><br>
So the forms sending you
$_POST["Titolo"] and $_POST["Autore"]
So you should change your
$sql = "INSERT INTO demo VALUES
('', '".mysql_real_escape_string($_POST["Autore"])."', '".mysql_real_escape_string($_POST["Titolo"])."')"
and to delete the entered items (both boxes would need to be a proper match)
$sql = "DELETE FROM demo where Titolo='".mysql_real_escape_string($_POST["Autore"])."' and Autore='".mysql_real_escape_string($_POST["Titolo"])."';
Upvotes: 3
Reputation: 3020
Please ignore all previous answers. Your code is a security disaster. At least ditch the mysql_* functions and use Mysqli or PDO
Did you notice the large area in the php manual:
Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
MySQLi Example:
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$stmt = $mysqli->prepare("INSERT INTO demo VALUES (?,?,?)");
$val1='';
$autore=$_POST['Autore']; //TODO check if these POST values exist
$titolo=$_POST['Titolo'];
$stmt->bind_param('sss', $val1, $autore, $titolo);
/* execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
/* close statement and connection */
$stmt->close();
Upvotes: 0
Reputation: 440
Use the below code . You have to capture the actual value before inserting
$Autore = $_post['Autore'];
$Titolo = $_post['Titolo'];
$sql = "INSERT INTO demo (ID, Autore, Titolo) VALUES ('', '$Autore', '$Titolo')";
Upvotes: 0
Reputation: 121
This should work, if you did not miss anything!?
$sql = sprintf("INSERT INTO demo VALUES('', '%s', '%s')",
mysql_real_escape_string($_POST["Titolo"]),
mysql_real_escape_string($_POST["Autore"]));
Upvotes: 0
Reputation: 13384
$sql = "INSERT INTO demo VALUES ('', 'Autore', 'Titolo')";
In this query you have to insert the values which is getting from the form not the 'Autore', 'Titolo'
Upvotes: 1
Reputation: 485
i think your sql query got problem. it should be like this :
$autore = $_POST['Autore'];
$titolo = $_POST['Titolo'];
$sql = "INSERT INTO demo(Autore, Titolo) VALUES ('$autore', '$titolo')";
hope this helps :)
Upvotes: 1
Related Questions
- Insert data into mysql database
- Inserting data into database in php and mysql
- how to inserting a data in to mysql php code
- Inserting data in mysql database with php
- How to insert data to mysql using php
- Inserting data into database using php and mysql
- Inserting data into MySQL database
- Inserting data with MySQL
- Inserting Data into MySql from php
- Inserting data into MySQL