Reputation: 7
html form to mysql database
hi so i have to make a blog and I'm having a bit of a problem of showing my entries onto the webpage.
<?xml version = "1.0" encoding = "utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns = "http://www.w3.org/1999/xhtml">
<head> <title> Add entry </title>
</head>
<body>
<form action = "text1.php" method = "post">
Title: <input type = "text" name = "title"><br>
Body:
<textarea rows="10" cols="100" name="textblock"></textarea>
<input type = "submit" value = "Add Entry" />
</body>
</html>
and my php code
<?php
$title = $_POST['title'];
$textblock = $_POST['textblock'];
$host = "xxxxxx" ;
$user = "xxx" ;
$pass = "xxx" ;
$db = "xxx" ;
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db")or die(mysql_error());
$query = "INSERT INTO yourMySQLTable (title, textblock) VALUES ('$title','$textblock')";
mysql_query($query) or die('Error, insert query failed');
?>
I want to display each entry, consisting of the title and the textblock on another webpage but for some reason the values are not going into the table. How do I input the values into the table and how do I display them on another webpage called viewblog.php?
Upvotes: 0
Views: 120
Answers (4)
Reputation: 74220
Since other answers have been given in order to help you with your INSERT, I won't repeat it in this answer.
Edit: An INSERT method has been added below, using mysqli_* functions.
Mine consists of your second part:
"I want to display each entry, consisting of the title and the textblock on another webpage"
If you wish to show data from a DB table, you need to use a loop.
Here is a mysqli_* based version and a very basic method.
<?php
// $db = new mysqli("host", "user", "pw", "db");
// CONNECT TO THE DATABASE
$DB_HOST = "xxx";
$DB_NAME = "xxx";
$DB_PASS = "xxx";
$DB_USER = "xxx";
$db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($db->connect_errno > 0) {
die('Connection failed [' . $db->connect_error . ']');
}
$result = $db->query("SELECT * FROM `yourMySQLTable`");
while($row = $result->fetch_assoc()) {
echo "<b>Title:</b> " . $row['title'] . " <b>Text:</b> " . $row['textblock'] . "<br>";
}
mysqli_close($db);
?>
Here is an mysqli_* based and basic version to INSERT values into a DB.
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
$title = mysqli_real_escape_string($dbc,$_POST['title']);
$textblock = mysqli_real_escape_string($dbc,$_POST['textblock']);
$query = ("INSERT INTO `yourMySQLTable` (`title`, `textblock`)
VALUES ('$title','$textblock')";
mysqli_query($dbc, $query);
if($query){
echo "SUCCESS!";
}
else {
echo "Sorry!";
}
?>
Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)
mysql_* functions are deprecated and will be removed from future PHP releases.
Here are a few tutorials on prepared statements that you can study and try:
Here are a few tutorials on PDO:
Footnotes:
You don't need the extra tags:
<?xml version = "1.0" encoding = "utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns = "http://www.w3.org/1999/xhtml">
Changing it to the following will suffice:
<!DOCTYPE html>
Upvotes: 0
Reputation: 2707
Use the following:
$host = "xxxxxx" ;
$user = "xxx" ;
$pass = "xxx" ;
$db = "xxx" ;
// Connect to server and select database.
mysql_connect($host, $username, $password)or die(mysql_error());
mysql_select_db($db)or die(mysql_error());
$title = mysql_real_escape_string($_POST['title']);
$textblock = mysql_real_escape_string($_POST['textblock']);
$query = "INSERT INTO tableName (title, textblock) VALUES ('$title','$textblock')";
mysql_query($query) or die(mysql_error());
To display them:
$query = "SELECT * FROM tableName";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) {
echo $row['title'] . ' - ' . $row['textblock'] . '<br />';
}
- Note how I am not using "" when using variables, that is not needed.
- Note how I am using mysql_real_escape_string which will make it safe to insert to the DB.
- Replaced all error messages with mysql_error() to show the actual errors if any.
- Make sure you update tableName to the name of the table
Upvotes: 1
Reputation:
You have a "here" attached to your variable: here$textblock = $_POST['textblock'];
Also try this: $query = "INSERT INTO yourMySQLTable (title, textblock) VALUES ('" . $title . "','" . $textblock . "')";
Upvotes: 0
Reputation: 880
You should be using PDO for Database interactions, mysql_* functions are depcrecated and un-safe. PDO will sanitize your variables to prevent SQL Injection attacks.
http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059
Upvotes: 0
Related Questions
- connect HTML Form to MySQL Database with PHP
- HTML Form that sends entered information to a MySQL Table in Database
- Populating HTML form from MySQL using PHP
- html forms to sql table
- Form Data to a Table With a Database
- How to make a PHP/HTML form with MySQL?
- html form into mysql database then onto a table
- HTML Form -> Mysql
- Populate HTML Form from Database
- insert HTML form data to a MySQL database with PHP