PHP MySQL insert query via html form, parameters not going through

Question

I tried every version of code but it is not working. I have an HTML form calling Post- PHP page to insert few fields in database. Only fields with direct text are adding, but anything coming via $_POST parameters are empty - nothing getting through no matter what I change.

HTML FORM:

<html>
<table><form method="post" action="input.php">
<tr><td>Post Title</td>
<td><input type="text" name="fdt_post_title" size="20"></td></tr>
<tr><td>Post URL</td><td><input type="text" name="fdt_post_url" size="40"></td></tr>
<tr><td>Post Description</td><td><input type="text" name="fdt_post_desc" size="40"></td></tr>
<tr><td>Post Title for FB</td><td><input type="text" name="fdt_post_title_fb" size="40"></td></tr>
<tr><td>Image URL</td><td><input type="text" name="fdt_image_url_fb" size="40"></td></tr>
<tr><td></td><td align="right"><input type="submit" name="submit" value="Submit"></td></tr>
</form></table>
</html>

input.php page:

<?php
$dt_post_title = mysql_real_escape_string($_POST['$fdt_post_title']);
$dt_post_url = mysql_real_escape_string($_POST['$fdt_post_url']);
$dt_post_desc = mysql_real_escape_string($_POST['$fdt_post_desc']);
$dt_post_title_fb = mysql_real_escape_string($_POST['$fdt_post_title_fb']);
$dt_image_url_fb = mysql_real_escape_string($_POST['$fdt_image_url_fb']);

$link = mysql_connect("localhost","root","");//database connection
mysql_select_db("bighorn1_autoshare", $link);

$now =  date();

//inserting data order
$order = "INSERT INTO topics
(id, title, url, description, facebook_post, facebook_image, facebook_pubstatus, date_published)
VALUES
(DEFAULT, '$dt_post_title', '$dt_post_url', '$dt_post_desc', '$dt_post_title_fb',     '$dt_image_url_fb', '0', '$now')";

//declare in the order variable
$result = mysql_query($order, $link);   //order executes
if($result){
echo("<br>Input data is succeed<br>");
} else {
echo("<br>Input data is fail<br>");
}
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
?>

In the table, Field id is Primary, Not Null, Auto Increment. All I am getting is id number incremented to next one in reach new row, facebook_pubstatus as 0 and date_published as0000-00-00 00:00:00`

--------------------------------------------------------------------------------------------------------------------------------
id  |   title   |   url |   description |   facebook_post   |   facebook_image  |   facebook_pubstatus  |   date_published      |
--------------------------------------------------------------------------------------------------------------------------------
1   |           |       |               |                   |                   |               0       |   0000-00-00 00:00:00 |
--------------------------------------------------------------------------------------------------------------------------------
2   |           |       |               |                   |                   |               0       |   0000-00-00 00:00:00 |
--------------------------------------------------------------------------------------------------------------------------------

and so on....

If I change to direct string in (DEFAULT, '$dt_post_title', '$dt_post_url' .... ") like (DEFAULT, 'test String 1',...... ) then this text has no issues going through.

Any magic appreciable, thanks.

Also stressing on this part too much, my brain not figuring out whats with the date now, why all zeros.

Thanks

Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide. — Jay Blanchard, Nov 06 '14 at 20:10
Add error reporting to the top of your file(s) right after your opening ` — Jay Blanchard, Nov 06 '14 at 20:12
Don't just "look into it", make the changes or one day you will be on the receiving end of an [example of what happens when you continue to use `mysql_*` functions.](http://stackoverflow.com/questions/26299564/php-version-upgraded-cannot-use-few-functions) I'd hate to see you have to recode everything because your PHP version was upgraded and your sites stopped working. — Jay Blanchard, Nov 06 '14 at 20:15
@JayBlanchard Yup I will definitely change to mysqli, new to php (beginner - long way to go yet) Thanks. For this question, I danmullen answer kinda worked out. But yea I will take your advice and now will change the code to mysqli api. — user2350586, Nov 06 '14 at 20:21

score 3 · Accepted Answer · answered Nov 06 '14 at 20:11

3

You have an extra '$' sign in your variables. Change to this:

$dt_post_title = mysql_real_escape_string($_POST['fdt_post_title']);
$dt_post_url = mysql_real_escape_string($_POST['fdt_post_url']);
$dt_post_desc = mysql_real_escape_string($_POST['fdt_post_desc']);
$dt_post_title_fb = mysql_real_escape_string($_POST['fdt_post_title_fb']);
$dt_image_url_fb = mysql_real_escape_string($_POST['fdt_image_url_fb']);

answered Nov 06 '14 at 20:11

danmullen

2,556
3
20
28

Thanks @danmullen . Stupid question I think I asked :) happens sometimes when working for long hours. Beautifully done. – user2350586 Nov 06 '14 at 20:14

score 2 · Answer 2 · edited Jun 20 '20 at 09:12

You need to pass the link_identifier to your mysql_real_escape_string. http://php.net/manual/en/function.mysql-real-escape-string.php

The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.

Returns the escaped string, or FALSE on error.

You are probably getting the value "false" in each of your variables right now. Try it this way:

$link = mysql_connect("localhost","root","");//database connection
$dt_post_title = mysql_real_escape_string($_POST['fdt_post_title'], $link);
$dt_post_url = mysql_real_escape_string($_POST['fdt_post_url'], $link);
$dt_post_desc = mysql_real_escape_string($_POST['fdt_post_desc'], $link);
$dt_post_title_fb = mysql_real_escape_string($_POST['fdt_post_title_fb'], $link);
$dt_image_url_fb = mysql_real_escape_string($_POST['fdt_image_url_fb'], $link);

PHP MySQL insert query via html form, parameters not going through

2 Answers2