Form inserts blank row into database

Question

I've seen similar questions asked, but none of the answers have worked for me. Mine is a simple form that includes some data into the database, where it is displayed in a table elsewhere on the website.

The form, however, just adds a blank row to the database, no matter what is entered. There are no errors or anything, just a blank row.

I have another form, which submits to another table, that works perfectly, so I am really confused.

Here is the form:

<form method="GET" action="addsuggestion.php">

<label>Game Title:</label>
<input type="text" name="gamename" id="gamename" />

<br />

<label>Game Platform:</label>
<input type="text" name="gameplatform" id="gameplatform" />
<br />

<label>Suggestor Nickname:</label>
<input type="text" name="suggestor" id="suggestor" />

<input type="submit" value="sumbit" />
</form>

And the addsuggestion.php

<?php
echo'<h1>Suggestion Process</h1>';

$connection = mysql_connect("removed", "removed", "removed") or die("Couldn't Connect!");
mysql_select_db("removed") or die("Couldn't find database!") ;

$gamename = $GET['gamename'];
$gameplatform = $GET['gameplatform'];
$suggestor = $GET['suggestor'];

$query = "INSERT INTO sug (gamename,gameplatform, suggestor) VALUES ('$gamename','$gameplatform','$suggestor')";

$result = mysql_query($query) or die ("Error in query");
echo'Submisson accepted, click <a href="recent.php">here</a> to check it out!';
?>

I get the submission accepted message and a row is added to the database, but it is always blank. The recent php shows the database as a table, with one new blank row.

There is an id that I am using as the primary key, but it is auto increment, so I haven't included it. That is the only field that contains something every time.

[Don't use the obsolete `mysql_*` functions](http://stackoverflow.com/q/12859942/19068) — Quentin, Oct 13 '12 at 18:16
[Don't open yourself up to SQL Injection like that](http://bobby-tables.com/). — Quentin, Oct 13 '12 at 18:16
You have label elements, but they don't have `for` attributes and they don't have `input`s inside them, so they are worthless. — Quentin, Oct 13 '12 at 18:17
[Don't use GET requests to add content](http://stackoverflow.com/questions/504947/when-should-i-use-get-or-post-method-whats-the-difference-between-them) — Quentin, Oct 13 '12 at 18:18
At a _minimum_, you _MUST_ call `mysql_real_escape_string()` on each of these query variables. As it is now, your database is highly vulnerable to tampering. Better is to switch to an API supporting prepared statements, as has been suggested above. (PDO or MySQLi) — Michael Berkowski, Oct 13 '12 at 18:18
Welcome to Stack Overflow! Please, don't use `mysql_*` functions to write new code. They are no longer maintained and the community has begun [deprecation process](http://goo.gl/KJveJ). See the *[red box](http://goo.gl/GPmFd)*? Instead you should learn about [prepared statements](http://goo.gl/vn8zQ) and use either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). If you can't decide which, [this article](http://goo.gl/3gqF9) will help you. If you pick PDO, [here is good tutorial](http://goo.gl/vFWnC). Also see [Why shouldn't I use `mysql` functions in PHP?](http://goo.gl/ycnmO) — Madara's Ghost, Oct 13 '12 at 20:48

GBD · Answer 1 · 2012-10-13T18:31:51.313

4

It is $_GET not $GET

$gamename = mysql_real_escape_string($_GET['gamename']);
$gameplatform = mysql_real_escape_string($_GET['gameplatform']);
$suggestor = mysql_real_escape_string($_GET['suggestor']);

edited Oct 13 '12 at 18:31

answered Oct 13 '12 at 18:17

GBD

15,847
2
46
50

Yeah, also it is highly recommended that you escape your $_GET variables. This way you are opening yourself to SQL injections. – Matija Milković Oct 13 '12 at 18:19
@Phoenix_yay completely agree with you :) – GBD Oct 13 '12 at 18:22
Thanks for your answer. I changed the method to $_POST and added the mysql_escape_string, but still, all that is added to the database in a blank row, with the only field that has anything in it being the the auto increment id. – user1743734 Oct 14 '12 at 08:53
can post your newly edited code ? – GBD Oct 14 '12 at 08:55

score 1 · Answer 2 · answered Oct 13 '12 at 18:18

1

Your form method is "GET". This should be "POST".

also with the variables, change get into $_POST['gamename'] etc.

also it is case sensitive. make sure the table isn't written with a capital letter.

good luck!

edit for extra info:

we might say that "GET" is basically for just getting (retrieving) data whereas "POST" may involve anything, like storing or updating data, or ordering a product, or sending E-mail.

Source: http://www.cs.tut.fi/~jkorpela/forms/methods.html#fund

answered Oct 13 '12 at 18:18

NoobishPro

2,539
1
12
23

Thanks for your answer. I changed the method to $_POST and added the mysql_escape_string that the person above recommended, but still, all that is added to the database in a blank row, with the only field that has anything in it being the the auto increment id. – user1743734 Oct 14 '12 at 08:52
try to var_dump($_POST)... If it returns you the values you've typed in, the problem is in inserting it into the database. If it doesn't, the problem is in extracting it from the form. – NoobishPro Oct 14 '12 at 13:34

Form inserts blank row into database

2 Answers2