Reputation: 75
$_POST error saving mysql database
I have this code, this is to register a user from a link given from an email. so the ID and Email is being GET by the form and display, then being check if there is a user then it will display the contents on the field, then it is just an update. Now what I'm trying to do is to CREATE, since the ID in the link that is given to the user doesn't exist yet. This is the code in the file called Register.php
<?php
load_function('database.php');
if(!empty($_GET['user_id']) && !empty($_GET['cbemail']))
{
$user_id = base64_decode($_GET['user_id']);
$email = base64_decode($_GET['cbemail']);
$employee = get_employee($user_id,$email);
}
/*$first_name = $_POST['first_name'];
$middle_name = $_POST['middle_name'];
$last_name = $_POST['last_name'];
$suffix = $_POST['suffix'];
$gender = $_POST['gender'];
$date_birth = $_POST['date_birth'];
$cbemail = $_POST['cbemail'];
$locality_id = $_POST['locality_id'];
$home_phone = $_POST['home_phone'];
$mobile_phone = $_POST['mobile_phone'];*/
?>
<div id="main-content">
<div id="emp_registrationform">
<form action="" method="post">
<table width="600" border="0">
<h1>Create Employee</h1>
<tr>
<td class="align-right"><label for="user_id">User</label>
<input type="text" name="user_id" id="user_id"
value="<?php if(isset($user_id)){echo $user_id ; } ?>"/></td>
</td>
</tr>
<tr>
<td class="align-right"><label for="first_name">First Name</label>
<input type="text" name="first_name" id="first_name" value='<?php echo $employee['first_name'] ?>'/></td>
<td><label for="birth_date">Birth Date</label>
<input type="text" name="birth_date" id="birth_date" value='<?php echo $employee['date_birth'] ?>'/></td>
</tr>
<tr>
<td class="align-right"><label for="middle_name">Middle Name</label>
<input type="text" name="middle_name" id="middle_name" value='<?php echo $employee['middle_name'] ?>'/></td>
<td><label for="cbemail">Email</label>
<input type="text" name="cbemail" id="cbemail"
value="<?php if(isset($email)){echo $email ; } ?>"/></td>
</tr>
<tr>
<td class="align-right"><label for="last_name">Last Name</label>
<input type="text" name="last_name" id="last_name" value='<?php echo $employee['last_name'] ?>'/></td>
<td><label for="locality_id">Locality ID</label>
<input type="text" name="locality_id" id="locality_id" value='<?php echo $employee['locality_id'] ?>'/></td>
</tr>
<tr>
<td class="align-right"><label for="suffix">Suffix</label>
<input type="text" name="suffix" id="suffix" value='<?php echo $employee['suffix'] ?>'/></td>
<td><label for="home_phone">Phone(Home)</label>
<input type="text" name="home_phone" id="home_phone" value='<?php echo $employee['home_phone'] ?>'/></td>
</tr>
<tr>
<td class="align-right"><label for="gender">Gender</label>
<select>
<option selected><?php echo $employee['gender'] ?></option>
<option value="male">Male</option>
<option value="female">Female</option>
</select></td>
<td><label for="mobile_phone">Phone(Mobile)</label>
<input type="text" name="mobile_phone" id="mobile_phone" value='<?php echo $employee['mobile_phone'] ?>'/></td>
</tr>
<td class="align-right">
<input type="submit" id="submit-btn" value="Create Employee" />
</td>
<td> </td>
</table>
</form>
</div>
</div>
My problem is this data, is not being captured when saving on the database. My function in the database is as follows.
function add_employee($user_id, $first_name, $middle_name, $last_name,
$suffix, $gender, $date_birth, $cbemail,
$locality_id, $home_phone, $mobile_phone) {
$db = load_db();
$sql = "INSERT into employees (
user_id, first_name, middle_name, last_name,
suffix, gender, date_birth, cbemail,
locality_id, home_phone, mobile_phone
) VALUES (
$user_id, $first_name, $middle_name, $last_name,
$suffix, $gender, $date_birth, $cbemail,
$locality_id, $home_phone, $mobile_phone
)";
$result = $db->query($sql);
}
Yes i'm requiring a POST but i don't know how to capture the "value" in the value field of the input boxes.
The submit button will redirect in this line of code.
if(isset($_POST['save_user'])){
add_employee($_POST['user_id'], $_POST['first_name'], $_POST['middle_name'], $_POST['last_name'],
$_POST['suffix'], $_POST['gender'], $_POST['date_birth'], $_POST['cbemail'],
$_POST['locality_id'], $_POST['home_phone'], $_POST['mobile_phone']);
So any ideas? I hope you understand the problem.
Upvotes: 0
Views: 694
Answers (4)
Reputation: 1891
What is if(isset($_POST['save_user'])){ I don't see any field with save_user name. You should change it to some thing else may be if(isset($_POST['user_id'])){ Also You would need quotes as mention by others.
Upvotes: 0
Reputation: 1650
Use this.
function add_employee($user_id, $first_name, $middle_name, $last_name,
$suffix, $gender, $date_birth, $cbemail,
$locality_id, $home_phone, $mobile_phone) {
$db = load_db();
$sql = "INSERT into employees (
user_id, first_name, middle_name, last_name,
suffix, gender, date_birth, cbemail,
locality_id, home_phone, mobile_phone
) VALUES (
'".$user_id."', '".$first_name."', '".$middle_name."', '".$last_name."',
'".$suffix."', '".$gender."', '".$date_birth."', '".$cbemail."',
'".$locality_id."', '".$home_phone."', '".$mobile_phone."'
)";
$result = $db->query($sql);
}
Upvotes: 0
Reputation: 1373
For strings to be stored in Mysql database you need to use '' (quotes).
So for string like $_POST['first_name'] , use '$_POST['first_name']'
Btw try to use parameterized queries to be safe too,
Then you should be good.
Upvotes: 4
Reputation: 943967
String values in SQL must be quoted. You are dumping the data in without quoting it. This is invalid SQL.
Use paramaterized queries, these will automatically quote your data and also escape it to remove your enormous SQL injection security vulnerability.
Upvotes: 1
Related Questions
- PHP error posting form data to database
- PHP - Save data $_POST array into database mysql
- PHP fails to post to MySQL Database
- PHP form not posting
- PHP $_POST don't save on mysql by a html form
- PHP Form Post to MySQL database error
- error posting to mysql
- PHP form post to MySQL error
- PHP won't POST to MySQL database.
- PHP post error Mysql