Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    PHP code working but Database field is empty

    This is my Code which just take names from customer and place it in databases.What i am seeing is that the code working fine,Showing echo message also but in database i created 2 field 1 auto incremented id and other for name.the id is generated but the name field remains blank..please help me.
    PHP Code:
    <?php

    $link 
    mysql_connect("localhost","root","");
    if (! 
    $link) {
                          die(
    'cannot connect: ' .mysql_error() ) ;
                          }
    $db_selected mysql_select_db ("adform",$link );
    if(!
    $db_selected){
                           die(
    'cannot use :' .mysql_error() ) ;
                            }

     
    $value $_POST['firstname'];

     
    $sql ="INSERT INTO demo (firstname) VALUES ('$value')" ;

         if(!
    mysql_query($sql) ) {
             die (
    'Error :' mysql_error());
             }
           echo 
    "record added to database ";
    mysql_close ($link);
    ?>

  • #2
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    Do you have the HTML? Also remember to use mysql_escape_string() function around your $_POST/$_GET variables.

    Make sure column name is correct, check table name, etc. Make sure the name value for the input box is actually 'firstname'.

  • #3
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Reply

    ya i have HTML
    THIS IS THE HTML CODE
    Code:
    <form method="post" action="demo.php">
    
    <p>First Name <input type="text" name="firstname" /></p>
    
    <input type="Submit" value="Submit" /> </form>
    
    </td>
    I checked the php code bt nothing is putted in firstname column.it is kept empty though id is generating .
    please help me
    Last edited by bunty20077; 11-25-2011 at 07:32 AM.

  • #4
    Senior Coder djm0219's Avatar
    Join Date
    Aug 2003
    Location
    Wake Forest, North Carolina
    Posts
    1,303
    Thanks
    4
    Thanked 204 Times in 201 Posts
    Try changing

    PHP Code:
    if(!mysql_query($sql) ) {
    die (
    'Error :' mysql_error());

    to
    PHP Code:
    mysql_query($sql,$link) or die(mysql_error()); 
    and see what you get.

    And please don't cross post ... you've already asked this question in the MySQL forum.
    Dave .... HostMonster for all of your hosting needs

  • Users who have thanked djm0219 for this post:

    bunty20077 (11-25-2011)

  • #5
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Thanked a lot

    1.First of all i want to give a thanks to you..Code now working fine after doing your step.Can u please tell me why dis thing happened ?

    2.How to write this code so that my code becomes SQL injected free.putting mysql_real_escape_stringdoesnot helping me? can u please check dat one

    PHP Code:
    $value mysql_real_escape_string($_POST['Firstname']); 

  • #6
    Senior Coder djm0219's Avatar
    Join Date
    Aug 2003
    Location
    Wake Forest, North Carolina
    Posts
    1,303
    Thanks
    4
    Thanked 204 Times in 201 Posts
    Please stop using large colored text in your posts.

    Quote Originally Posted by bunty20077 View Post
    Can u please tell me why dis thing happened ?
    A call to mysql_query needs both the query to be done and the database the query should be done against. You forgot to include the database in your original code.

    Quote Originally Posted by bunty20077 View Post
    2How to write this code so that my code becomes SQL injected free.putting mysql_real_escape_string does not helping me?
    PHP Code:
    $value mysql_real_escape_string($_POST['Firstname']); 
    That is the correct way but you don't have to create a separate variable. Simply do it when you're building your query string.

    PHP Code:
    $sql ="INSERT INTO demo (firstname) VALUES ('" mysql_real_escape_string($_POST['firstname']) . "')" 
    It likely wasn't working as you expected because your variable name was incorrect. You used firstname in your form but Firstname when you were using mysql_real_escape_string.
    Dave .... HostMonster for all of your hosting needs


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •