Trying to write to a MySQL database with a PHP form

Question

I'm trying to do a simple write to database with an HTML form, using PHP.

I've run the SQL query in the database and it works perfectly. However, using the form doesn't work. I'm not sure why. Any help? The user/pass/db name are all correct.

<?php
if(isset($_POST['submit']))
{

$con = mysql_connect("localhost","delives0_ideas","ideas");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("delives0_ideas", $con);

mysql_query("INSERT INTO data (firstName, lastName, email, idea) VALUES ('$_POST['firstName']','$_POST['lastName']', '$_POST['email']', '$_POST['idea']')");

//also email it to us besides writing it into the database

mysql_close($con);
?>

<form method="post">
<strong>First name:</strong> <input type="text" name="firstName"/>
<br/>
<strong>Last name:</strong> <input type="text" name="lastName"/>
<br/>
<strong>Email:</strong> <input type="text" name="email"/>  #####Put a javascript checker for valid emails, like [email protected] format
<br/>
<br/>
<strong>Idea:</strong>
<br/>
<textarea rows="10" cols="30" name="idea"> 
Hit us with your best shot.
</textarea> 
<br/>
<input name="submit" type="submit" value="Submit"/>
</form>

Answer 1

You forgot the "action = nameofyourpage.php" inside the form markup. And I would add a "or die (mysql_error())" at the end of your query to check the syntax of the request.

Answer 2

you've got a few errors in your script - please check the following

http://pastie.org/1056569

<?php
if(isset($_POST['submit']))
{
   $con = mysql_connect("localhost","delives0_ideas","ideas");
   if (!$con){
     die('Could not connect: ' . mysql_error());
   }

   mysql_select_db("delives0_ideas", $con);

   $sqlCmd = sprintf("INSERT INTO data (firstName, lastName, email, idea) 
     VALUES ('%s','%s','%s','%s')", 
      mysql_real_escape_string($_POST["firstName"]),
      mysql_real_escape_string($_POST["lastName"]),
      mysql_real_escape_string($_POST["email"]),
      mysql_real_escape_string($_POST["idea"]));

   mysql_query($sqlCmd);
   mysql_close($con);
 }
 ?>

 <form method="post">
  <strong>First name:</strong> <input type="text" name="firstName"/><br/>
  <strong>Last name:</strong> <input type="text" name="lastName"/><br/>
  <strong>Email:</strong> <input type="text" name="email"/> 
  <strong>Idea:</strong><br/>
  <textarea rows="10" cols="30" name="idea">Hit us with your best shot.</textarea><br/>
  <input name="submit" type="submit" value="Submit"/>
 </form>

Answer 3

You already have the answer to your question as to why it was not working, but please check this article about SQL injection attacks before putting this code into production.