php form script

Question

I'm very new to PHP and am having some trouble. I have a form using HTML which is action=.php method=post

The form is using text boxes and select options, I'm not sure if it makes a difference in sqldatabase. I've tried about 30 different combinations of this script and can only get a connect successfully message but nothing is posted.

<?php 
$link = mysql_connect('everybodyslistcom.ipagemysql.com', 'accounts', 'accounts'); 
if (!$link) { 
    die('Could not connect: ' . mysql_error()); 
} 
echo 'Connected successfully'; 
mysql_select_db("user"); 
$FName = $_POST["FName"];
$LName = $_POST["Lname"];
$Phone = $_POST["Phone"];
$EmailAddress = $_POST["EmailAddress"];
$Month = $_POST["Month"];
$Day = $_POST["Day"];
$Year = $_POST["Year"];
$Username = $_POST["Username"];
$Password = $_POST["Password"];

$sql = 'INSERT INTO Members (ID, FName, LName, Phone, EmailAddress, Month, Day, Year, Username, Password) VALUES'
    . '(\'\', \'$FName\', \'$LName\', \'$Phone\', \'$EmailAddress\', \'$Month\', \'$Day\', \'$Year\', \'$Username\', \'$Password\')';

mysql_close();
php?>

Answer 1

try to execute your query

mysql_query($sql);

EDIT: I see you are doing this:

$sql = 'SELECT bla bal $variable';

PHP will not parse the variable. The right way:

$sql = "SELECT bla bla $variable"; // valid
$sql = "SELECT bla bla {$variable}"; // also valid
$sql = 'SELECT bla bla '.$variable; // also valid

Answer 2

You need to execute the query too: mysql_query($sql, $link);

Answer 3

your closing php tag is not correct, it should be

 ?>

rather than

 php?>

Also u r not executing your query using:

mysql_query('your query here');

this might cause the problem.

Answer 4

1. Your variables are not interpreted by PHP. If you want variable to be parsed in string, it should be wrapped in double-quote (")
2. It may fail if any of your posted data contains some quote character, so you must apply mysql_real_escape_string to all of them.
3. I hope that database connection credentials are not real you posted here? :D

Answer 5

You said that your form contains "action=.php" literally, you have to turn it into :

<form name="form_name" method="post" action="your_script.php">

Answer 6

you should also check whether POST was really sent:

if (!empty($_POST)) {
    // ... your code here
}

next thing: you don't need closing tag ?> if your *.php file consist only PHP code - end of file is also correct end of PHP block of code - it's "good-to-have" habit, because in some cases it helps you to avoid error: "Cannot add/modify header information - headers already sent by..."

next problem - wrong way of inserting variables into string:

$sql = 'INSERT INTO Members (ID, FName, LName, Phone, EmailAddress, Month, Day, Year, Username, Password) VALUES'
. '(\'\', \'$FName\', \'$LName\', \'$Phone\', \'$EmailAddress\', \'$Month\', \'$Day\', \'$Year\', \'$Username\', \'$Password\')';

correct way:

$sql = "INSERT INTO Members (ID, FName, LName, Phone, EmailAddress, Month, Day, Year, Username, Password) VALUES (null, '$FName', '$LName', '$Phone', '$EmailAddress', '$Month', '$Day', '$Year', '$Username', '$Password')";

more info here

next - as Deniss said, instead of:

$FName = $_POST["FName"];

should be:

$FName = mysql_real_escape_string($_POST["FName"]);

actually you should fist check weather magic quotes gpc are on or off:

if (get_magic_quotes_gpc()) {
    if (!empty($_POST)) {
        array_walk_recursive($_POST, 'stripslashes_value');
    }
}
function stripslashes_value(&$value) {
    $value = stripslashes($value);
}

without this you could have problem with double \\ inserted into db (it depends on your server configuration)

and last but not least: as Robert said you miss one more important thing:

mysql_query($sql);