-2

I am doing an exercise that extracts data from a form, then inputs the data into a table in the database.

I have total of 6 fields on the form, but only first 3 fields are registered in the table.

Data type in the table

first_name  varchar(30)
last_name   varchar(30)
pd          varchar(10)
b_month     varchar(2)
b_day       varchar(2)
b_year      varchar(4)

HTML Code for the form

    <form action="handle_reg2.php" method="post">
    <p>first name: <input type="text" name="first_name" size="20" /></p>
    <p>last name: <input type="text" name="last_name" size="20" /></p>
    <p>Password: <input type="password" name="pwd" size="10" /></p>
    <p>confirm password: <input type="password" name="confirm" size="10" /></p>
     <select name="month">
    <option value="">Month</option>
    <option value="1">January</option>
     </select> 
     <select name="day">
    <option value="">Day</option>
    <option value="1">1</option>
  </select>
  <input type="text" name="year" value="yyyy" size="4"/>
  </p>

PHP Code to handle the form data

$db_connect = mysql_connect("localhost", "$db_user", "$db_pass");
 $sql = "insert into reg_data (first_name, last_name, pd, b_month, b_day, b_year) 
 values 
 ('$first_name', '$last_name', '$password', '$b_month',
 '$b_day', '$b_year')";

$insert_data = mysql_query ($sql, $db_connect );

Please take a look at my code fragment and advise me what is the cause and how to resolve the issue.

Zero Piraeus
  • 56,143
  • 27
  • 150
  • 160
user2061466
  • 485
  • 9
  • 17
  • 27
  • 2
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – John Conde Feb 11 '13 at 14:05
  • What error do you get? What troubleshooting did you do? – John Conde Feb 11 '13 at 14:05
  • You should also seriously look into escaping your variables. – jeroenvisser101 Feb 11 '13 at 14:06
  • FYI, you also wide open to [SQL injections](http://stackoverflow.com/q/60174) – John Conde Feb 11 '13 at 14:06

1 Answers1

0

You altered the name of the variables ... EG

$byear = $_POST['year'];

TO

$b_year

EDIT:

You've changed the Q and removed the code showing how you named the incoming variable $byear and then tried to reference it as $b_year.

Stick to a naming convention and you'll have less of these daft errors. EG from your form to your db:

<input type =text name="b_year" />

THEN

$b_year = (int)$_POST['b_year'];

THEN

"insert into mytable (b_year) values ($b_year )";

Except of course you will have listed to what everyone has said and be using prepared statements or have found another way to protect your db.

Cups
  • 6,901
  • 3
  • 26
  • 30
  • Hello Cups: Thanks for point out what I have done wrong. I change the variables' name in the insert statement and the form data was inserted correctly. – user2061466 Feb 12 '13 at 03:19