1

For learning purposes I'm trying to insert data from HTML form to a MySQL database, this is the code I've got for the form:

<form action="newmovie.php" method="post">

            <p>Titulo:  <input type="text" name="movieTitle"> </p>
            <p>Año:  <input type="text" name="movieYear"> </p>
            <p>Director:  <input type="text" name="movieDirector"> </p>
            <p>Protagonista:  <input type="text" name =movieProtagonist> </p>
            <input type="submit"  class="button" value="Agregar">

</form>

So, in same webpage I check if a POST is being performed:

<?php
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        include("connectDB.php");
        $mySQL=new MySQL();

        $movieTitle=$_GET['movieTitle']; 
        $movieDirector=$_GET['movieDirector'];    
        $movieYear=$_GET['movieYear'];    
        $movieProtagonist=$_GET['movieProtagonist'];
        echo "INSERT INTO peliculas (titulo,director,year, protagonista) VALUES ('$movieTitle','$movieDirector','$movieYear', '$movieProtagonist')";
        $queryResult=$mySQL->query("INSERT INTO peliculas (titulo,director,year, protagonista) VALUES ('$movieTitle','$movieDirector','$movieYear', '$movieProtagonist')");
        echo "$queryResult";    
    }
?>

So, inserting is done BUT the fields are empty, this is what the echo prints:

INSERT INTO peliculas (titulo,director,year, protagonista) VALUES ('','','', '')

What's that I'm doing wrong with my code?

diegoaguilar
  • 8,179
  • 14
  • 80
  • 129
  • 2
    in php file use $_POST instead of $_GET, and check $_POST['submit'] == 'Agregar' in if condition. and do a mysql_real_escape_string for better coding. – Priya Oct 22 '13 at 11:06

6 Answers6

2

Fix the typo here

<p>Protagonista:  <input type="text" name =movieProtagonist> </p>

by changing it to

<p>Protagonista:  <input type="text" name="movieProtagonist"> </p>

Change the PHP to:

<?php
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        include("connectDB.php");
        $mySQL=new MySQL();

        $movieTitle=$_POST['movieTitle']; 
        $movieDirector=$_POST['movieDirector'];    
        $movieYear=$_POST['movieYear'];    
        $movieProtagonist=$_POST['movieProtagonist'];
        echo "INSERT INTO peliculas (titulo,director,year, protagonista) VALUES ('$movieTitle','$movieDirector','$movieYear', '$movieProtagonist')";
        $queryResult=$mySQL->query("INSERT INTO peliculas (titulo,director,year, protagonista) VALUES ('$movieTitle','$movieDirector','$movieYear', '$movieProtagonist')");
        echo "$queryResult";    
    }
?>

Explanation:

You can submit a form to a PHP script by using HTTP GET or HTTP POST. You define this in the form. In your form, you set it to send it via POST but were trying to retrieve it in php using $_GET.

Get is good for if you need to send URLS and should only be used for retrieving data from the database. Get variables are passed like this

http://yourserver.com/yourscript.php?variable1=something&variable2=somethingElse

And post is hidden in the HTTP request (you don't see it in the URL). It's better to use 'post' for any request that is making changes to the DB.

You can read more about the differences here: http://blog.teamtreehouse.com/the-definitive-guide-to-get-vs-post

LondonAppDev
  • 8,501
  • 8
  • 60
  • 87
  • One more question, I know it's kinda off scope of the question, though: If I get any string with accents or such characters like ñ, How can I catch them properly to be stored in database. – diegoaguilar Oct 22 '13 at 11:15
  • 1
    Good question, not a simple of single answer unfortunately. You need to make sure any script you use to access/change the database is secure and prevents things like "Injection" attacks. There are lots of other posts that cover this on SO, such as: http://stackoverflow.com/questions/15741557/php-mysql-security-approach-while-inserting-into-mysql-fetching-from-mysql-to. Hope this helps. – LondonAppDev Oct 22 '13 at 11:19
1

In PHP file instead of the 

$_GET

use the 

$_REQUEST

And your problem will solve as you are using the method='post' in the form tag. And you are getting the data by $_GET which is used to get the data of method get.

Always use the $_REQUEST to get the data from form as it is common to get the both data from get and post.

Code Lღver
  • 15,573
  • 16
  • 56
  • 75
1

Use $_POST to read form data: example: $movieTitle=$_POST['movieTitle'];

M Reza Saberi
  • 7,134
  • 9
  • 47
  • 76
1

try the code below, it will fix your issue.

<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {

    $movieTitle=$_POST['movieTitle']; 
    $movieDirector=$_POST['movieDirector'];    
    $movieYear=$_POST['movieYear'];    
    $movieProtagonist=$_POST['movieProtagonist'];
    echo "INSERT INTO peliculas (titulo,director,year, protagonista) VALUES ('".$movieTitle."','".$movieDirector."','".$movieYear."', '".$movieProtagonist."')";
    $queryResult=$mySQL->query("INSERT INTO peliculas (titulo,director,year, protagonista) VALUES ('".$movieTitle."','".$movieDirector."','".$movieYear."', '".$movieProtagonist."')");
    echo "$queryResult";    
}

?>

Ram Sharma
  • 8,676
  • 7
  • 43
  • 56
1
<form action="newmovie.php" method="post">

Since your form method is post, you need to use 

$movieTitle=$_POST['movieTitle'];

You could alternatively use 

$movieTitle=$_REQUEST['movieTitle'];

for both post and get but this would cause unneccessary overhead

Yanki Twizzy
  • 7,771
  • 8
  • 41
  • 68
1

Since method='post'

Instead of $_GET['']

use either

$_POST['']

or

$_REQUEST['']
Code Lღver
  • 15,573
  • 16
  • 56
  • 75
ashutosh madheshiya
  • 11
  • 2