HTML table inputting data to a mysql database

Question

I am trying to get a form to input data into my "mysql database" however i am getting an error message and also it is inputting a blank data everytime the page loads.

Here is my code:

    <form action="insert.php" method="post">
Name: <input type="text" name="name">
<input type="submit" value="Submit">
</form>

<?php
// This is the connection to my database
$con = mysql_connect('127.0.0.1', 'shane', 'diamond89');
if (!$con){
die('Could not Connect: ' . mysql_error());
}

// This creates my table layout
echo "<table border='1'>
<tr>
<th>ID</th>
<th>Name</th>
<th>Delete</th>
</tr>";

// This selects which database i want to connect to
$selected = mysql_select_db("shane",$con);
if (!$con){
die("Could not select examples");
}

// This inserts new information to the Database
$query = "INSERT INTO test1 VALUES('id', '$name')";

$result = mysql_query($query);
if ($result){
echo("Input data is Successful");
}else{
echo("Input data failed");
}

// This chooses which results i want to select from
$result = mysql_query("SELECT `id`, `name` FROM `test1` WHERE 1");


// This outputs the information into my table
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . "[D]" . "</td>";
echo "</tr>";
}
echo "</table>";

// This closes my connection
mysql_close($con);

?>

Here is the error message:

( ! ) SCREAM: Error suppression ignored for ( ! ) Notice: Undefined variable: name in C:\wamp\www\sql_table.php on line 36 Call Stack

Time Memory Function Location

1 0.0006 250360 {main}( ) ..\sql_table.php:0

You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). — Quentin, May 21 '13 at 13:38
what is $name? where it is defined? you needs to fetch form values with $_POST['name'] ... — Bojan Kovacevic, May 21 '13 at 13:40
@user1839483: I did not getting your point,error which you have said in question is gone ? — Mahesh.D, May 21 '13 at 13:43

Alarid · Answer 1 · 2013-05-21T14:40:05.810

1

You are trying to access to the POST data, so you should do something like that :

EDIT: be careful about the data you put into your database. You should use a modern database API, or, at least, escape your data (cf bellow code)

<form action="insert.php" method="post">
Name: <input type="text" name="name">
<input type="submit" value="Submit">
</form>

<?php
// Following code will be called if you submit your form
if (!empty($_POST['name'])) :

// This is the connection to my database
$con = mysql_connect('127.0.0.1', 'shane', 'diamond89');
if (!$con){
die('Could not Connect: ' . mysql_error());
}

// This creates my table layout
echo "<table border='1'>
<tr>
<th>ID</th>
<th>Name</th>
<th>Delete</th>
</tr>";

// This selects which database i want to connect to
$selected = mysql_select_db("shane",$con);
if (!$con){
die("Could not select examples");
}

// This inserts new information to the Database
$query = "INSERT INTO test1 VALUES('id', \'".mysql_real_escape_string($_POST['name'])."\')";

$result = mysql_query($query);
if ($result){
echo("Input data is Successful");
}else{
echo("Input data failed");
}

// This chooses which results i want to select from
$result = mysql_query("SELECT `id`, `name` FROM `test1` WHERE 1");


// This outputs the information into my table
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . "[D]" . "</td>";
echo "</tr>";
}
echo "</table>";

// This closes my connection
mysql_close($con);

endif;
?>

edited May 21 '13 at 14:40

answered May 21 '13 at 13:37

Alarid

770
1
6
19

You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 21 '13 at 13:38
I know, i've just corrected his code... Thanks for the downvote :). This is not about database API here, but about a syntax error. – Alarid May 21 '13 at 13:40
If you'd corrected his code, then you would have properly escaped the data. – Quentin May 21 '13 at 13:41
1

This wasn't the subject, I just corrected his error. Unsecurity is not an error. – Alarid May 21 '13 at 13:42
Teaching people how to insert user data into SQL without teaching them how to do it safely is irresponsible. – Quentin May 21 '13 at 13:44
You're right. But if I changed his code by using a modern API, he would probably don't understand, so I prefered to let his code like this. But, indeed, I should have tell him about that, at least. – Alarid May 21 '13 at 13:47
You could, at least, make use of the protection mechanisms available in the API that is being used. i.e. `mysql_real_escape_string`. – Quentin May 21 '13 at 13:48
Parse error: syntax error, unexpected ':' in C:\wamp\www\sql_table.php on line 16 – user1839483 May 21 '13 at 13:55
There is a ) missing. I've edited my code. Sorry about that ^^' – Alarid May 21 '13 at 14:39
Nope data failing to insert into database – user1839483 May 21 '13 at 14:50
Can you give more details about this ? – Alarid May 21 '13 at 15:01

HTML table inputting data to a mysql database

Time Memory Function Location

1 Answers1