PHP/MySql - putting data to table

Question

I'm learning to put values into my db from php. this is my simple form i wrote to test (its in a table)

<form action="connect2db.php" method="post">
<table width="500" border="0">
    <tr>
        <td width="200">first name:</td>
        <td><input type="text" width="258" name="fname" id="fname"/></td>
    </tr>
    <tr>
        <td width="200">last name:</td>
        <td><input type="text" width="258" name="lname" id="lname"/></td>
    </tr>
    <tr>
        <td>
        your email address: 
        </td>
        <td>
        <input type="text" width="258" name="email" id="email"/>
        </td>
    </tr>
    <tr>
        <td width="200">Your message:</td>
        <td><textarea rows="5" cols="45" name="mssg" id="mssg" ></textarea></td>
    </tr>
    <tr>
        <td><input type="submit"></td>
    </tr>
</table>
</form>

everything works as far as page 1 sending the values to page 2, and echoing them out. but when its time to insert them into the db table. its not working. this is the php code:

when i do a SELECT * FROM myTableNameHere, it says "empty set", when i enter the values manually via terminal to test, i get the values fine.

here is my simple code:

<?php 
$connection = mysql_connect("127.0.0.1","root","passhere"); 
if(!$connection) {
    die("database connection failed you fool!: FIX IT!" . mysql_error()); } 


$db_select = mysql_select_db("storeemail",$connection);
if(!$db_select){
    die("database selection failed." . mysql_error()); }
    else{ echo "connection made ";
    }

?>

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>

<body>


<?php
$to = 'email@gmail.com';
$subject = 'test from my email php script';
$email = $_POST['email'];
$name = $_POST['fname'];
$lastname = $_POST['lname'];
$mssg = $_POST['mssg'];


$insertData = mysql_query("INSERT into myusers(firstname, lastname) 
VALUES ('$name', '$lastname', '$email', '$mssg');");


 mysql_close($connection) 

?><br/>

your first name is - <?php echo $name; ?><br/>
your last name is - <?php echo $lastname ; ?><br/>
your message to send is - <?php echo $mssg; ?> <br/>

</body>
</html>

Read this: http://en.wikipedia.org/wiki/SQL_injection – sje397 Jul 22 '11 at 13:54 — sje397, Jul 22 '11 at 13:54

score 3 · Answer 1 · answered Jul 22 '11 at 13:54

3

$insertData = mysql_query("INSERT into myusers(firstname, lastname) 
VALUES ('$name', '$lastname', '$email', '$mssg');");

above you have specified 2 columns and giving values for four variables

answered Jul 22 '11 at 13:54

jimy

4,848
3
35
52

thanks! so simple! i commented out some parts when i was doing another function and forgot that! thanks – somdow Jul 22 '11 at 14:32

JK. · Answer 2 · 2011-07-22T14:06:04.410

2

myusers(firstname, lastname) gets interpreted as function. Separate myusers from paranthesis.

myusers (firstname, lastname)

You also need to specify two more columns since you insert four values. And omit the trailing semi-colon withing the query string.

$insertData = mysql_query("INSERT into myusers (firstname, lastname, email, mssg) VALUES ('$name', '$lastname', '$email', '$mssg')");

Your code is also vulnerable to SQL Injections. Put you $_POST call within a mysql_real_escape_string() function call.

$email = mysql_real_escape_string($_POST['email']);

edited Jul 22 '11 at 14:06

answered Jul 22 '11 at 13:55

JK.

5,126
1
27
26

i have NO idea what that means lol. though i am semi aware of sql injections. mnd sharing any good links on security? – somdow Jul 22 '11 at 14:35
Start here: http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php – JK. Jul 22 '11 at 15:19

score 1 · Accepted Answer · answered Jul 22 '11 at 13:56

for what i can see, you are only specifying 2 columns for the insert (firstname, lastname) and 4 values (name, lastname, email, msg), so the column count does not match (either insert 2 or 4 values, and specify all of them accordingly).

after the insert, issue a mysql_error($connection) to see any errors that may arise with your queries

score 1 · Answer 4 · answered Jul 22 '11 at 14:03

1

Here is a good article on this matter to prevent further similar questions. It covers all basic operations with MySQL tables with PHP. Isn't it's easier to ask such questions on Google first?

answered Jul 22 '11 at 14:03

Hnatt

5,767
3
32
43

first thanks for the link. second. no need for the dumb remark, i have 3 monitors up, a bunch with links to random mofis who talk alot of SH!T but dont explain anything. the power of the net IS to communicate with your peers especially the ones in the know. google DID NOT give me the answer i was seeking so i came here. – somdow Jul 22 '11 at 14:23
I've found this this article (which is quite good, in my opinion) by putting the title of your question in Google search box. And so I ask, isn't that easier to do so instead of describing your problem, pasting codes and so on? Just read a simple tutorial and there you go, the problem dissapears. Don't mean to insult you. – Hnatt Jul 22 '11 at 14:41

PHP/MySql - putting data to table

4 Answers4