0

I'm a php beginner. Trying to submit bit of data to a MYSQL database.

When I submit the form, a row is created in the table but only containing the AUTOINT column, not my data. Any help?

index.php:

<form method="post" action="form.php">

    <input id="name" name="name"  value="Stuffff">
    <input id="limite" name="limite"  value="100.00">
    <input type="submit" name="submit" value="Add!">

</form>

form.php:

<?
mysql_connect("localhost","root","root")
mysql_select_db("means");

$order = "INSERT INTO categories (name, limite ) VALUES ( '$name', '$limite' )";

$result = mysql_query($order);
if($result){
    echo("<br>Input data is succeed");
} else{
echo("<br>Input data is fail");
}
?>
Jeremy P. Beasley
  • 679
  • 1
  • 7
  • 22
  • 3
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Apr 06 '14 at 18:36

4 Answers4

1

Your tutorial or book seems very outdated and relies of a configuration of REGISTER_GLOBALS=on. This feature was removed with PHP 5.4, see http://www.php.net/manual/en/security.globals.php .

Please use a modern API to mysql like PDO or mysqli instead of old mysql_ and sanitize your database inputs, i.e. use prepared statements.

VMai
  • 10,156
  • 9
  • 25
  • 34
0

Your code depends on register_globals being available (meaning you are using an out of date PHP) and turned on.

Get your posted data from $_POST['name'] and $_POST['limite'].

It also depends on short open tags being turned on, which hasn't been the default for many years.

Use <?php, not <?.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Thanks but for some reason it's still not working. Now form.php is just a blank screen, no error, and nothing is submitting to the DB. – Jeremy P. Beasley Apr 06 '14 at 18:41
  • @JeremyPaulBeasley — Edited with another potential problem. The code gives me the impression that you are trying to learn PHP from a book written in the 1990s. You might want to find something more modern. – Quentin Apr 06 '14 at 18:46
  • @JeremyPaulBeasley: It's a great difference between the use of a simple string variable in a double quoted string and the use of an array element. See http://de2.php.net/manual/en/language.types.array.php#language.types.array.donts – VMai Apr 06 '14 at 18:56
0

You have to modify your code as follows

$order = "INSERT INTO categories (name, limite ) VALUES ( $_POST['name'], $_POST['limite'] )";

This is because you're posting data so you have to retrieve it from $_POST php built in variable

Moreover remember that mysql_* functions are deprecated

DonCallisto
  • 29,419
  • 9
  • 72
  • 100
0
$order = "INSERT INTO categories (name, limite ) VALUES ( '$name', '$limite' )";

in above statement, change the following:

$name -> $_POST['name']
$limite -> $_POST['limite']

you might want to read more about php forms. there are lots of resources available online. cheers!

Gajus
  • 69,002
  • 70
  • 275
  • 438
greysaff
  • 198
  • 1
  • 9