Order of php execution

Question

I am only starting with php and mysql I have been doing VB which is very simple and now i struggle with every bit of php. I made small piece of code which conncects to mysql server as a root and creates a database with the name entered in the text field but whenever I load the page I see a error message before I even get chance to type db name and to hit the button. The code does the job but gives a confusing error message.

Notice: Undefined index: dbname in C:\xampp\htdocs\dbcreation.php on line 53 Error creating database: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line

<?php
$databasename = $_POST['dbname'];
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if (mysql_query("CREATE DATABASE $databasename",$con))
{
echo "Database created";
}
else
{
echo "Error creating database: " . mysql_error();
}
mysql_close($con);
?>

what do I need to change so code is not executed untill i press the button?

Answer 1

Try this:

$host="";//Host name
$username="";//MYSQL username
$password="";//MYSQL password
$db_name="";//Database name

//connect to server and select database
try{
$conn = new PDO('mysql:host='.$host.';dbname='.$db_name.'',$username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);}
catch(PDOException $e){
echo 'ERROR: ' . $e->getMessage();}


//post vars
$dbname=$_POST['dbname']
if(empty($dbname))
{
die("you did not enter a database name")
}

$sql="CREATE DATABASE". $databasename."";
$result=$conn->query($sql);
if($result !=false){
echo "Data inserted!";
}
else{
die("Error inserting data");
}

In the future, try to use PDO to connect to your SQL database, a good example of a PDO connection is the one i have left here.

Answer 2

When debugging MySQL errors you can view your query after an error:

...
}
if (mysql_query("CREATE DATABASE $databasename",$con)) {
...

becomes

...
}
$query = "CREATE DATABASE $databasename";
$succes = mysql_query($query, $con) or die("Query: '".$query."' failed: ".mysql_error());
if ($succes) {
...

Some advise: use mysqli instead of mysql.

Answer 3

You can check if a variable is already set or not by ussing isset() function

<?php
if(isset($_POST['dbname']))
{
    $databasename = $_POST['dbname'];
    $con = mysql_connect("localhost","root","");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    if (mysql_query("CREATE DATABASE $databasename",$con))
    {
        echo "Database created";
    }
    else
    {
        echo "Error creating database: " . mysql_error();
    }
    mysql_close($con);
}
?>

Answer 4

Your query is being run even if the form has not been submitted. You first need to check if the form has been submitted. For example:

if(!empty($_POST['dbname']))
{
    // Handle stuff here.
}

I would like to make a few points for you, though:

• Avoid using mysql_* functions, they're deprecated now and you should be using mysqli as a minimum.
• You might want to read up about SQL injection, as your code is seriously vulnerable to same.

Answer 5

Check to see if the variable exists.

if(!empty($_POST['dbname'])){
    // execute code
}