tags:

views:

83

answers:

3
+1  Q: 

MySQL: Why is it ignoring the text in the form field?

I am trying to teach myself MySQL/PHP from the very beginning. The following code was lifted from various tutorial sites. I'm using phpMyAdmin provided by my webhost.

I made a table with an auto-incrementing field called "ID" and another field called "first" (varchar, limit 30, not null). Then I made a simple form with one text field named "first" and a Submit button. I type my name into the box and click Submit. This does create a row in the database with an ID, but the "first" field is always blank.

I tried replacing '$_POST[first]' with some straight-up words, and that worked - the words appeared in the table with an ID number just fine. That's how I know it is indeed managing to talk to the database, it's just not picking up the text field

After the INSERT statement runs, I have it display all the records in the table. It shows all of the ID numbers and then blank where "first" should be.

I also have it echo the INSERT statement. This is what the echo displays: INSERT INTO tblHurray(ID, first) VALUES ('','')

When I substitute words for '$_POST[first]', the echo looks like this: INSERT INTO tblHurray(ID, first) VALUES ('','words')

This is my first question so please let me know if I've left out any pertinent information! And thanks in advance for your help.

This is the form:

<form action="run_input.php" method="post">
Name: <input type="text" name="first">
<input type="Submit">
</form>

This is what runs when "Submit" is clicked:

<?
include("run_connect.php"); // this connects to the database, this works

$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','$_POST[first]')";
mysql_query($step1);
echo "$step1";

echo "<b><center>Database Output</center></b><br><br>";

$step2=mysql_query("SELECT * FROM tblHurray");

$num=mysql_numrows($step2);

$i=0;
while ($i < $num) {

$firstname=mysql_result($step2,$i,"first");
$ID=mysql_result($step2,$i,"ID");
echo "$ID: $firstname<br />";

$i++;
}
?>
A: 

This line

$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','$_POST[first]')";

needs to look like this:

$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','" . mysql_escape_string($_POST['first']) . "')";

It's a good habit to always quote your array keys (['first'] rather than [first]).

Plus it's good to get used to always escaping user input before inserting into the database to prevent SQL injection.

Also double-check to make sure the name of the input on your HTML form matches your PHP code.

$_POST['first']

is not the same as

$_POST['First']
Mark Biek  2009-07-02 16:12:31
Even better practice is to use prepared statements. Check out PDO or mysqli.
Philippe Gerber  2009-07-02 16:15:21
mySQL has had prepared statements as of 4.1
MatW  2009-07-02 16:17:08
I agree with both of you, I just didn't want to introduce too many concepts at once :)
Mark Biek  2009-07-02 16:17:48
This didn't work.. and I looked into this "prepared statements" thing and I think I have to just get past the "successfully insert to database" phase before I go any farther..
 2009-07-02 16:28:26
Are you positive that $_POST['first'] actually has a value in it?
Mark Biek  2009-07-02 16:30:05
I've been typing a variety of things into the box including my name, random letters etc.
 2009-07-02 16:31:39
Try adding this right before the line that says $step1= : print_r($_POST);
Mark Biek  2009-07-02 16:32:41
And let us know what it prints out :)
Mark Biek  2009-07-02 16:33:44
OK well! Now it echos: Array ( [First] => dfsafdf ) INSERT INTO tblHurray(ID, first) VALUES ('','')I guess we're getting somewhere now haha
 2009-07-02 16:35:10
OK, in the HTML, is the input name "First" or "first". Because those represent two different values in the $_POST array.
Mark Biek  2009-07-02 16:37:42
Everything is lowercase everywhere. The HTML is exactly as quoted above. Where could that capital F be coming from?
 2009-07-02 16:41:35
Ahh! I changed everything from "first" to "lulz" and it worked! I guess that capital F was stuck in there from when I created the field as "First" and then changed it to "first". Thank you so much Mark!
 2009-07-02 16:48:18
No problem. Glad we got it sorted out. Now go read up on PDO prepared statements :)
Mark Biek  2009-07-02 18:09:50
+1  A: 

Try

$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','".$_POST['first']."')";

Although, if you're really going learn it, then start with PHP PDO. It will save you ALOT of trouble in the long run, especially with parametrized queries.

rfusca  2009-07-02 16:12:42
This didn't work... same thing as before :(
 2009-07-02 16:29:33
what does print_r($_POST) output?
rfusca  2009-07-02 16:47:53
A: 

Mark Biek nailed it, but as a fractional tweak, the mysql_real_escape_string function is better than mysql_escape_string as it factors in the character set associated with the connection.

middaparka  2009-07-02 20:59:45

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL