0

This is just a testing page to make sure that I know how to insert data into the database.

This is my login page:

<?php 

$mysql_host = "[HOST REMOVED]";
$mysql_database = "a8700070_test";
$mysql_user = "a8700070_admin";
$mysql_password = "[PASSWORD REMOVED]";
?>

This is the code I have for the form.

<form action="db.php" method="post">

<input name="name" type="text">
<input name="age" type="text">
<input name="title" type="text">
<input name="person" type="text">
<input name="ok" type="text">
<input name="GO!" type="submit"> 



</form>

and this is the code I have that inserts it into the table.

<?php // 
require_once 'login.php';
$db_server= mysql_connect($mysql_host, $mysql_user, $mysql_password);

if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());

mysql_select_db($mysql_database)  or die("Unable to select database: " . mysql_error());

$namer = $_POST["name"];
$age = $_POST["age"];
$tit = $_POST["title"];
$k = $_POST["ok"];
$pers = $_POST["person"];

echo "$namer";

$sql="INSERT INTO test (title,person,age,date,ok)
VALUES($namer,$age,$tit,$k,$pers)"



?>
Improve this question
4
  • ...and what kind of trouble are you having, exactly? Commented Nov 22, 2011 at 18:32
  • Do you really want to share your mysql password with the whole world? A user with the same webhost as you would be able to access your database. Commented Nov 22, 2011 at 18:32
  • 1
    You must enclose the query values in single quotes, as in '$namer'. And you MUST MUST MUST escape them against SQL injection attacts. $namer = mysql_real_escape_string($_POST['name']);en.wikipedia.org/wiki/SQL_injection Commented Nov 22, 2011 at 18:33
  • Oops lol. It's just simple free webhost that I use for testing. Commented Nov 22, 2011 at 18:34

2 Answers 2

Reset to default
5

you need to actually call your query with mysql_query like this:

mysql_query($sql);

You should also remember to escape your input to ensure a user wont abuse it with SQL injection.

Your query should look like this: 

$sql = "INSERT INTO test (title,person,age,date,ok) VALUES('".mysql_real_escape_string($namer)."','".mysql_real_escape_string($age)."','".mysql_real_escape_string($tit)."','".mysql_real_escape_string($k)."','".mysql_real_escape_string($pers)."')";

If you're getting an error, you could print the actual error with mysql_error like this:

mysql_query($sql) or die(mysql_error());
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You should also mention the possible mysql injections
I'm using this for the mysql_query and I'm still getting an error. mysql_query($sql,$db_server);
Testing it again now and I'll let you know what happens.
1

You need to seperate the variables in your SQL query with single quotes and should properly escape them...

$sql="INSERT INTO test (title,person,age,date,ok)
VALUES('".mysql_real_escape_string($namer)."','".mysql_real_escape_string($age)."','".mysql_real_escape_string($tit)."','".mysql_real_escape_string($k)."','".mysql_real_escape_string($pers)."')

And then actually run the query e.g.

$query = mysql_query($sql);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.