0

Here's the code. I'm not sure what i'm doing wrong. The form is submitting in the database but it's blank. 

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if(!$link){
die('Could not connect: ' . mysql_error());
}

$db_selected = mysql_select_db(DB_NAME, $link); 

if(!$db_selected){
die('can not use' . DB_NAME . ': ' . mysql_error());
}
$value = $_POST['hit'];
$value = $_POST['amount'];
$value = $_POST['category'];


$sql = "INSERT INTO hit (hit) VALUES ('$value')";

if(!mysql_query($sql)){
die('Error: ' . mysql_Error());
}

mysql_close();
?>

and here's the form

 <!DOCTYPE html>
<html>
<head>
    <title>Post Hits</title>
    <style type="text/css">
        table tr > td { text-align: right; }
        table tr > td + td { text-align: left; }
    </style>
</head>
<body>
    <form action="he.php" method="post">
        <table>
            <tr>
                <td>
                    Hit:
                </td>
                <td>
                    <textarea name="hit" rows="3"></textarea>
                </td>
            </tr>
            <tr>
                <td>
                    amount:
                </td>
                <td>
                    <input type="text" id = "amount" name="amount" />
                </td>
            </tr>
            <tr>
                <td>
                    category:
                </td>
                <td>
                    <select name="category" id="category">
                        <option value="">- Choose -</option>
                        <option value="Blue">survey</option>
                        <option value="Green">batch</option>
                        <option value="Orange">misc</option>
                        <option value="Red">masters</option>
                        <option value="Yellow">qual</option>
                    </select>
                </td>
            </tr>
            <tr>
                <td colspan="2" style="text-align: center;">
                    <input type="submit" id="submit" value="Submit!" />

                </td>
            </tr>
        </table>
    </form>
</body>
</html>

I am still very new with all of this so whatever mistake i am doing, it isnt obvious to me. Thanks

lin
  • 29
  • 5

2 Answers2

2

There are many problems and error in your code. At first stage you are using the same variable for all the value you want to get from your POST data

$value = $_POST['hit'];
$value = $_POST['amount'];
$value = $_POST['category'];

Should be

$hit = $_POST['hit'];
$amount = $_POST['amount'];
$category = $_POST['category'];

So your query will look like 

$sql = "INSERT INTO hit (hit) VALUES ('$hit')";

Or if you want all data to be inserted you should do

$sql = "INSERT INTO hit (hit, amount, category) VALUES ('$hit', '$amount', '$category')";

Then I would like to remember you that mysql_ functions are deprecated so i would advise you to switch to mysqli or PDO and indeed you are at risk of sql injection, have a look here How can I prevent SQL injection in PHP?. You should use prepared statment to avoid any risk

Community
  • 1
  • 1
Fabio
  • 23,183
  • 12
  • 55
  • 64
0

You are overwriting the value of $value at each stage here:

$value = $_POST['hit'];
$value = $_POST['amount'];
$value = $_POST['category'];

Which would make $value only equal to the last time you assigned it a value, in this case it would only be equal to $_POST["category"]. You should store each of your $_POST data in a separate variable like this :

$hit = $_POST['hit'];
$amount = $_POST['amount'];
$category = $_POST['category'];

Then insert it into your query like this $sql = "INSERT INTO hit (hit,amount,category) VALUES ('$hit','$amount','$category')";

Also you should look into securing your data from SQL Injection, by using PDO or mysqli to do your database transactions.

kabuto178
  • 3,129
  • 3
  • 40
  • 61