PHP form not posting to database

Question

it validates and displays the errors in my arrays properly, however it doesn't POST to my database. All the naming of fields is correct on the form (case correct too), PHP, and MYSQL, dbconnect.php are all correct and proper. The problem i believe is somewhere in the array function. Now I just started learning PHP this month so please go easy on me. Thanks for the help!

<?php
include ('scripts/dbconnect.php');
$Name = mysql_real_escape_string($Name);
$Email = mysql_real_escape_string($Email);

if (isset($_POST['formsubmitted'])) {
$error = array();//Declare An Array to store any error message  

if (empty($_POST['Name'])) {//if no name has been supplied 
    $error[] = 'Please Enter Your Name ';//add to array "error"
    } else {
        $Name = $_POST['Name'];//else assign it a variable
    }

if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['Email'])) { //regular expression for email validation
    $Email = $_POST['Email'];
    } else {
         $error[] = 'Your EMail Address is Invalid  ';
    }
}
if (empty($error)) //Send to database if no errors
    mysql_query("INSERT INTO InviteRequestDB ( 'Name', 'Email' ) VALUES ( '$Name', '$Email' )");
    mysql_close($connect); //Close connection to database

  foreach ($error as $key => $values) {
  echo "<li style=color:#FFF> $values </li>";
  }

?>

Now I know I shouldn't be using mysql. But I ran into too many problems with mysqli and this is just a simple contact form.

Also should I be doing mysql_real_escape_string on each variable as i am doing now? Or is the order of the procedure not correct?

<form action="applyforinvite.php" method="post">
    <input class="textbox" type="text" name="Name" />
    <input class="textbox" type="text" name="Email" />
  <input type="hidden" name="formsubmitted" value="TRUE" />
  <input type="submit" value="Register" />
</form>

Thanks for the help!

echo out your query, and run it directly against the database; or at least add some error handling around the query to see what you're getting back from the database. — andrewsi, Jun 26 '12 at 18:47
Check my updated answer, you're inserting the wrong variables. — Lusitanian, Jun 26 '12 at 18:54
Thanks for the help everyone. I got it working using code from each of you. I put mysql_connect instructions directly on the page and removed my include dbconnect.php. i also used David's revised code and John's code aswell. Thank you everyone for the help. I am still perplexed though because I am using this same dbconnect include file and it works fine with two other forms writing to the same database in different tables.. I will investigate further. But thanks again everyone for the help. And I hope im posting this in the right place because I'm new to SO. THANKS AGAIN TO ALL! — MrPizzaFace, Jun 26 '12 at 19:26

David Bélanger · Answer 1 · 2012-06-26T19:14:10.623

2

Change

mysql_query("INSERT INTO InviteRequestDB ( 'Name', 'Email' ) VALUES ( '$Name', '$Email' )");

To

mysql_query('INSERT INTO InviteRequestDB ( Name, Email ) VALUES ( "'.$Name.'", "'.$Email.'" )') or die(mysql_error());

EDIT

<?php
include ('scripts/dbconnect.php');

if(isset($_POST['formsubmitted'])){
    #   Will contain errors
    $Error = array(); 

    #   Email
    $Email = (isset($_POST['Email']) ? $_POST['Email'] : '');
    if($Email == '' OR !preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $Email)){
        $Error[] = 'Email address is invalid.';
    }

    #   Name
    $Name = (isset($_POST['Name']) ? $_POST['Name'] : '');
    if($Name == ''){
        $Error[] = 'Please enter your name.';
    }

    if(count($Error)){
        echo '<ul>';
        foreach($Error as $Value){
            echo '<li style="color: #FFF;">'.$Value.'</li>';
        }
        echo '</ul>';
    } else {
        // Query
        mysql_query('INSERT INTO InviteRequestDB ( Name, Email ) VALUES ( "'.$Name.'", "'.$Email.'" )') or die(mysql_error());
    }

    //Close connection to database
    mysql_close($connect);
}

?>

edited Jun 26 '12 at 19:14

answered Jun 26 '12 at 18:43

David Bélanger

7,400
4
37
55

You don't need to use the concatenation operator -- just take the quotes out of the first set of parens. – Rey Gonzales Jun 26 '12 at 18:46
Ray can you elaborate please? – MrPizzaFace Jun 26 '12 at 18:47
@ReyGonzales No, but using variable inside a string like this is a bad scripting at first. – David Bélanger Jun 26 '12 at 18:48
It's not giving me a specific error, The page is reloading and the scripts runs on submit, but it doesn't INSERT in the db table – MrPizzaFace Jun 26 '12 at 18:48
@DavidBélanger why are you using concatenation on the variables? I don't understand your logic. – MrPizzaFace Jun 26 '12 at 18:50
@FabioAnselmo Also Fabio, use addslashes function while you insert because if you insert a string like this `L"italie`, the " will break your query. – David Bélanger Jun 26 '12 at 18:50
PHP will be faster if you exclude variable from the string. Also, easier to read the code. Plus, you can attach function directly to it. Also, ' is faster then ". See http://stackoverflow.com/a/3316126/1009061 – David Bélanger Jun 26 '12 at 18:52
@DavidBélanger again your revised solution did not work. I will look in to PDO - thank you. For addslashes are you suggesting I do the following $Name = addslashes($Name); $Email = addslashes($Email); – MrPizzaFace Jun 26 '12 at 18:55
@FabioAnselmo Yes you can. and I found the problem.Instead of `if (empty($error))` use `if (!count($error))`. You are using an array. – David Bélanger Jun 26 '12 at 18:57
Put the bracket, be sure everything is fine, re-read it yourself... I cannot help you more, I am not behind your screen Fabio. – David Bélanger Jun 26 '12 at 19:06
(!count($error) doesn't work - it doesn't display the input errors i defined in my array, however (count($error) does work to display errors but the form is still NOT posting to the DB – MrPizzaFace Jun 26 '12 at 19:07

Lusitanian · Accepted Answer · 2012-06-26T18:59:23.827

You shouldn't quote the column names in the INSERT query. ('name, 'email') should be (name, email).

Also, don't use the php_mysql extension for new applications, it's deprecated. Try MySQLi or PDO.

Final edit( lol ), try this -- fixed the multiple issues with the code:

    if (isset($_POST['formsubmitted'])) {
        $error = array(); //Declare An Array to store any error message  

        if (empty($_POST['Name'])) { //if no name has been supplied 
            $error[] = 'Please Enter Your Name '; //add to array "error"
        } else {
            $Name = mysql_real_escape_string($_POST['Name']); //else assign it a variable
        }

        if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['Email'])) { //regular expression for email validation
            $Email = mysql_real_escape_string($_POST['Email']);
        } else {
            $error[] = 'Your EMail Address is Invalid  ';
        }
        if (empty($error)) //Send to database if no errors
            {
            mysql_query("INSERT INTO InviteRequestDB (Name, Email) VALUES ( '$Name', '$Email' )");
        }
    }

    mysql_close($connect); //Close connection to database

    foreach ($error as $key => $values) {
        echo "<li style=color:#FFF> $values </li>";
    }

Heh, I made one (final) edit after about 4, try that modified version of your code. — Lusitanian, Jun 26 '12 at 19:06
No errors but still doesn't post to DB.. smh ty for the help though — MrPizzaFace, Jun 26 '12 at 19:11
Yes i am sure. If $error is not empty I get the message - to insert email or name. — MrPizzaFace, Jun 26 '12 at 19:13
Okay, so call die( mysql_error() ); after your query -- something must be going on with the db. — Lusitanian, Jun 26 '12 at 19:14

johnmadrak · Answer 3 · 2012-06-26T19:19:08.443

1

<?PHP
require_once('scripts/dbconnect.php');

if (!$link) { //Change $link to be your connection variable
    die("Not connected : " . mysql_error());
}

if (!$db_selected) { //Change $db_selected to be the variable you set mysql_select_db on
    die ("Can't use database : " . mysql_error());
}

if (isset($_POST['formsubmitted'])) {
    $error = array();//Declare An Array to store any error message  

    if (empty($_POST['Name'])) {//if no name has been supplied 
      $error[] = 'Please Enter Your Name ';//add to array "error"
    } else {
      $Name = mysql_real_escape_string($_POST['Name']);//else assign it a variable
    }

    if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['Email'])) { //regular expression for email validation
      $Email = mysql_real_escape_string($_POST['Email']);
    } else {
      $error[] = 'Your EMail Address is Invalid  ';
    }

    if (count($error) == 0){ //Send to database if no errors
        mysql_query("INSERT INTO `InviteRequestDB` (`Name`, `Email`) VALUES('$Name', '$Email')")or die(mysql_error());
    } else {
      foreach ($error as $key => $values) {
        echo "<li style=color:#FFF> $values </li>";
      }
    }
    mysql_close($connect); //Close connection to database
}

edited Jun 26 '12 at 19:19

answered Jun 26 '12 at 18:50

johnmadrak

840
5
7

Sorry, it should work now. I didn't realize you were not bracketing your if statement. – johnmadrak Jun 26 '12 at 18:59
In your dbconnect, make sure you have mysql_select_db('database name'); set. That is a mysql error stating that you currently do not have a database selected. http://us2.php.net/manual/en/function.mysql-select-db.php – johnmadrak Jun 26 '12 at 19:13
John - the strange thing is that i do have the correct db name selected in my dbconnect file – MrPizzaFace Jun 26 '12 at 19:17
@FabioAnselmo Try to pass the link variable to the query as second parameters. – David Bélanger Jun 26 '12 at 19:19
@FabioAnselmo try my edited code. Change the $link and $db_selected variables to be what they are in your dbconnect.php file – johnmadrak Jun 26 '12 at 19:19

PHP form not posting to database

3 Answers3