blank entries in mysql php

Question

I am new to mysql php and I have been struggling to make this simple name entry form work but it has been failing on me by inserting blank entries. I have been looking arround the web for a while but nothing has been helpful.

This is my html form

    <form action="demo.php" method="post"> 
    name:<input type="text" name="input1">
    <br/>
    <input type="submit" value="submit">
    </form>

My php code

    <?php

    define('db_name', 'demo');
    define('db_user', 'root');
    define('db_password', 'password');
    define('db_host', 'localhost');

    $link = mysql_connect (db_host, db_user, db_password);

    if (!$link) {
       die('could not connect: '. mysql_error());
    }

    $db_selected = mysql_select_db(db_name, $link);

    if (!$db_selected) {
    die('can\'t use' . db_name . ': ' . mysql_error());
    }


    $value = $_post['input1'];

    $sql = "insert into demo (name) values ('$value')";

    if (!mysql_query($sql)) {
      die('Error: ' . mysql_error());
    }

    mysql_close();
    ?>

Mysql table

+-------+-------------+------+-----+---------+----------------+
| Field | Type        | Null | Key | Default | Extra          |
+-------+-------------+------+-----+---------+----------------+
| id    | int(11)     | NO   | PRI | NULL    | auto_increment |
| name  | varchar(30) | YES  |     | NULL    |                |
+-------+-------------+------+-----+---------+----------------+

Simple, change `$_post` to uppercase letters. It's called a "superglobal". Look that up. Plus, you're wide open to SQL injection, even after you fix that. — Funk Forty Niner, May 26 '14 at 04:12
[Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — Phil, May 26 '14 at 04:18
@Fred-ii- Correct me if I'm wrong, but lowercase should work as well right? — asprin, May 26 '14 at 04:31
wow fred, you were right! When I changed $_post to uppercase, the entry went through! If you post your comment as an answer, I will select yours as the answer! — user3435505, May 26 '14 at 04:32
@asprin Nope, won't work. It must be in uppercase => http://www.php.net/manual/en/language.variables.superglobals.php — Funk Forty Niner, May 26 '14 at 04:32
@user3435505 It's ok. Please accept [`Phil's answer`](http://stackoverflow.com/a/23862699/) while using what he posted instead of the present code you're using. cheers — Funk Forty Niner, May 26 '14 at 04:33
@Fred-ii- Yeh, you're right. Just tested it locally. Amazing how such little things escape me — asprin, May 26 '14 at 04:35
@asprin Many a time, it's the "little things that count" ;-) — Funk Forty Niner, May 26 '14 at 04:36

score 1 · Answer 1 · answered May 26 '14 at 04:15

1

Try this:

First Check value of text input & then use it in the query.

$value = $_POST['input1'];

echo $value; exit;

check $value. Do you get value you entered in textbox ??

If Yes then use it in the Query.

- Thanks

answered May 26 '14 at 04:15

Anand Solanki

3,419
4
16
27

score 1 · Accepted Answer · edited May 26 '14 at 04:35

I'm surprised you didn't see the big red-ish (pink?) warning on all the mysql_* functions in the PHP manual. To summarise...

Warning This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.

So, on that advice, I suggest you try mysqli.

In regards to your specific problem, I'd say it's as Fred said in the comments, $_post should be $_POST. In PHP, variable names are case sensitive.

You should also prepare an INSERT statement and use parameter binding to avoid SQL injection vulnerabilities.

Here's an example to summarise...

$link = new mysqli('localhost', 'root', 'password', 'demo');
if ($link->connect_errno) {
    throw new Exception($link->connect_error, $link->connect_errno);
}

// Check that the expected value has been provided via a POST request
if (!isset($_POST['input1'])) {
    throw new Exception('Missing POST request parameter [input1]');
}

// now prepare an INSERT statement
if (!$stmt = $link->prepare('INSERT INTO `demo` (`name`) VALUES (?)')) {
    throw new Exception($link->error, $link->errno);
}

// bind parameters
$stmt->bind_param('s', $_POST['input1']);

if (!$stmt->execute()) {
    throw new Exception($stmt->error, $stmt->errno);
}

I guess I'll scrap my answer lol. Oh well, just as long as the OP uses a safe method rather than what's being used now. Thanks for mention as well Phil. — Funk Forty Niner, May 26 '14 at 04:31
you are a good guy Fred! Phil thank Fred -ii- for giving you the credit for the right answer! — user3435505, May 26 '14 at 04:35
@Fred-ii- Thanks for the edit. I think I subconsciously pluralise `bind_param` because it takes multi parameter arguments :) — Phil, May 26 '14 at 04:38

score 1 · Answer 3 · answered May 26 '14 at 06:33

1

also you can use: $value = filter_input(INPUT_POST, 'var_name'), and of course you should start using PDO.

answered May 26 '14 at 06:33

dgierejkiewicz

103
1
6

blank entries in mysql php

3 Answers3