0

I am trying to get a form to input data into my "mysql database" however i am getting an error message and also it is inputting a blank data everytime the page loads.

Here is my code:

    <form action="insert.php" method="post">
Name: <input type="text" name="name">
<input type="submit" value="Submit">
</form>

<?php
// This is the connection to my database
$con = mysql_connect('127.0.0.1', 'shane', 'diamond89');
if (!$con){
die('Could not Connect: ' . mysql_error());
}

// This creates my table layout
echo "<table border='1'>
<tr>
<th>ID</th>
<th>Name</th>
<th>Delete</th>
</tr>";

// This selects which database i want to connect to
$selected = mysql_select_db("shane",$con);
if (!$con){
die("Could not select examples");
}

// This inserts new information to the Database
$query = "INSERT INTO test1 VALUES('id', '$name')";

$result = mysql_query($query);
if ($result){
echo("Input data is Successful");
}else{
echo("Input data failed");
}

// This chooses which results i want to select from
$result = mysql_query("SELECT `id`, `name` FROM `test1` WHERE 1");


// This outputs the information into my table
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . "[D]" . "</td>";
echo "</tr>";
}
echo "</table>";

// This closes my connection
mysql_close($con);

?>

Here is the error message:

( ! ) SCREAM: Error suppression ignored for ( ! ) Notice: Undefined variable: name in C:\wamp\www\sql_table.php on line 36 Call Stack

Time Memory Function Location

1 0.0006 250360 {main}( ) ..\sql_table.php:0

Improve this question
7
  • are you sure 'name' exist in your table? Commented May 21, 2013 at 13:35
  • You are using an obsolete database API and should use a modern replacement. Commented May 21, 2013 at 13:38
  • try this by adding on first line of the page <?php ob_start(); ?> Commented May 21, 2013 at 13:38
  • yes 100% sure i am looking at phpmyadmin Commented May 21, 2013 at 13:39
  • what is $name? where it is defined? you needs to fetch form values with $_POST['name'] ... Commented May 21, 2013 at 13:40

1 Answer 1

Reset to default
1

You are trying to access to the POST data, so you should do something like that :

EDIT: be careful about the data you put into your database. You should use a modern database API, or, at least, escape your data (cf bellow code)

<form action="insert.php" method="post">
Name: <input type="text" name="name">
<input type="submit" value="Submit">
</form>

<?php
// Following code will be called if you submit your form
if (!empty($_POST['name'])) :

// This is the connection to my database
$con = mysql_connect('127.0.0.1', 'shane', 'diamond89');
if (!$con){
die('Could not Connect: ' . mysql_error());
}

// This creates my table layout
echo "<table border='1'>
<tr>
<th>ID</th>
<th>Name</th>
<th>Delete</th>
</tr>";

// This selects which database i want to connect to
$selected = mysql_select_db("shane",$con);
if (!$con){
die("Could not select examples");
}

// This inserts new information to the Database
$query = "INSERT INTO test1 VALUES('id', \'".mysql_real_escape_string($_POST['name'])."\')";

$result = mysql_query($query);
if ($result){
echo("Input data is Successful");
}else{
echo("Input data failed");
}

// This chooses which results i want to select from
$result = mysql_query("SELECT `id`, `name` FROM `test1` WHERE 1");


// This outputs the information into my table
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . "[D]" . "</td>";
echo "</tr>";
}
echo "</table>";

// This closes my connection
mysql_close($con);

endif;
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

You are using an obsolete database API and should use a modern replacement. You are also vulnerable to SQL injection attacks that a modern API would make it easier to defend yourself from.
I know, i've just corrected his code... Thanks for the downvote :). This is not about database API here, but about a syntax error.
If you'd corrected his code, then you would have properly escaped the data.
This wasn't the subject, I just corrected his error. Unsecurity is not an error.
Teaching people how to insert user data into SQL without teaching them how to do it safely is irresponsible.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.