0

This is my first attempt at creating a form. When I click submit no record is added to the table.

What am I not understanding here? (I don't just want the answer!)

 <?php

 require_once 'login.php';
 $db_server = mysql_connect($db_hostname, $db_username, $db_password);

if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());

mysql_select_db($db_database, $db_server)
or die("Unable to select database: " . mysql_error());


if (
isset($_POST['store_id']) &&
isset($_POST['item_title']) &&
isset($_POST['date']) &&
isset($_POST['price'])
)

{

$store = get_post('store_id');
$item = get_post('item_title');
$date = get_post('date');
$price = get_post('price');

$query = "INSERT INTO competitors VALUES('$store', '$item', '$date', '$price')";

if(!mysql_query($query, $db_server))
    echo "INSERT failed: $query<br/>" .
    mysql_error() . "<br/><br/>";

} 

?>
Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
spm
  • 131
  • 1
  • 2
  • 11
  • `mysql_*` functions are deprecated and are likely to be removed in the next major release. Instead, switch to either `MySQLi` or `PDO`, both are easy to get a good grasp of with great examples in the docs. – Terry Harvey Dec 28 '12 at 22:01
  • Thanks for the advice. I'm browsing the MySQLi documentation right now. I'm planning to build some large databases. Any suggestions or comments on which is more stable? – spm Dec 28 '12 at 22:28
  • Beware of [Little Bobby Tables](http://xkcd.com/327/)! – Geo Dec 28 '12 at 22:50
  • @spm Check out: [MySQLi or PDO - What are the Pros and Cons?](http://stackoverflow.com/questions/13569/mysqli-or-pdo-what-are-the-pros-and-cons) :) – Terry Harvey Dec 28 '12 at 22:56
  • Thanks Terry. Lol damn Geo didn't even give me a chance. HOW YOU GONNA PUT ME ON ICE LIKE THAT. – spm Dec 29 '12 at 06:08

1 Answers1

1

1) you need to switch to PDO or MySQLi. These routines are deprecated.
2) try changing your $query to

$query = "INSERT INTO competitors VALUES('" . $store. "', '" . $item . "', '" . $date . "', '" . $price . "')";

3) read up on prepared statements. This approach leaves you open to injection attacks.

ethrbunny
  • 10,379
  • 9
  • 69
  • 131