0

I have been trying to sort this out but so far I haven't been able to get it to work. No errors are thrown, the page refreshes on submit. I am at a loss, but I am not exactly an expert, fairly new to this.

Here is the code (simplified for posting):

<?php if (!isset($_POST['submit'])) {
echo              "<!-- Form starts here -->
                  <form id=\"billing\" action=\"\" method=\"post\">
                  <!-- Name -->
                  <div class=\"control-group\">
                  <label class=\"control-label\"><b>Name</b></label>
                  <div class=\"controls\">
                  <input type=\"text\" id=\"name\" name=\"name\" placeholder=\"your name\" class=\"input-large\">
                  </div>
                  </div>
                  <!-- Zip -->
                  <div class=\"control-group\">
                  <label class=\"control-label\"><b>Zip Code</b></label>
                  <div class=\"controls\">
                  <input type=\"text\" id=\"billingzip\" name=\"billingzip\" placeholder=\"5 digit zip\" class=\"input-large\">
                  </div>
                  </div>
                  <!-- Submit -->
                  <div class=\"control-group\">
                  <div class=\"controls\">
                  <button class=\"button save small_green_button\" type=\"submit\">
                  &nbsp;Save&nbsp;
                  </button>
                  </div>
                  </div>
                  </form>";
}
else
{
 $host="localhost";
 $user_name="user";
 $pwd="password";
 $database_name="database";
 $db=mysql_connect($host, $user_name, $pwd) or die(mysql_error());
 $dbsel=mysql_select_db($database_name, $db);

 if (mysql_error() > "") print mysql_error() . "<br>";
               if (mysql_error() > "") print mysql_error() . "<br>";

                   $account_id = users::getAttr('Account', 'account_id'); 
                   $zip = mysql_real_escape_string($_POST['billingzip']);
                   $name = mysql_real_escape_string($_POST['name']);

                           $sql = "INSERT INTO `billing`
                                   SET `account_id` = '{$account_id}',
                                       `zip` = '{$billingzip}',
                                       `name` = '{$name}',
                                       `updated_at` = NOW()";

                           $result = mysql_query($sql, $dbsel) 
                                or  die(mysql_error().$sql);

                 mysql_close($db);


   }
  ?>
Improve this question
5
  • Don't write new code with the mysql_* functions, especially when you are learning it. They are in the process of becoming deprecated and will be removed in future versions of PHP. Learn with mysqli_* or PDO right away. Commented Dec 5, 2013 at 8:23
  • {$billingzip} should be {$zip}, and if $account_id is a numerical value you don't need the quotes in the query around it. Not sure though if that would result in an invalid query. Commented Dec 5, 2013 at 8:28
  • I don't see any input named submit in your form. Commented Dec 5, 2013 at 8:35
  • I left it out of the paste by accident, but it is in there. Commented Dec 5, 2013 at 8:54
  • type="submit" is not name="submit" Commented Dec 5, 2013 at 9:40

2 Answers 2

Reset to default
1

First what i see is 

$result = mysql_query($sql, $dbsel) or  die(mysql_error().$sql);

In my opinion you should wrote:

$result = mysql_query($sql, $db) or  die(mysql_error().$sql);
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I tried that exact method and it did not work. I realized the database name wasn't being referenced so I added dbsel to reference it.
OK, so your sql syntax is wrong ? I know is this should be like INSERT INTO table_name ([columns]) VALUES ([values]) | w3schools.com/php/php_mysql_insert.asp
This INSERT syntax is valid.
@Arringar1 $dbsel is definitely wrong, you must reference $db (or leave it out, it's not nessecary when you have only one database connection).
1

To summarize my comments:

Your form does not have any form element with name="submit", so (!isset($_POST['submit'])) will always be true and your else block will never execute. You can check this by adding var_dump($_POST); to the beginning of your script (before the if clause). var_dump() is one of the best debugging tools you have with PHP. Use it.

$dbsel=mysql_select_db($database_name, $db);

will return either true or false, so $dbsel will always be one of these two values. You don't need to store it, you can just add your or die("cannot select database");.

$account_id = users::getAttr('Account', 'account_id');

You have no information what this returns. It matters later if $account_id contains a numerical id or a string. If it is a string it is okay, if it is a numerical value you should change this:

`account_id` = {$account_id}

Next:

`zip` = '{$billingzip}',

You stored $_POST['billingzip'] in $zip, so this should be this:

`zip` = '{$zip}',

Last, but not least:

$result = mysql_query($sql, $dbsel)

As stated earlier, $dbsel either contains true or false, so it is wrong here, it should be the $db reference. Also, since you don't work with multiple database connections you don't need to reference any at all here.

$result = mysql_query($sql /* , $db */)

And the usual advice concerning mysql questions: If you write new code don't use the mysql_* functions at all. They are in the process of becoming deprecated and will be removed in future versions of PHP. Learn with mysqli_* or PDO right away. Both methods allow you to use prepared statements, which allows you to make sure your site is safe from SQL injections without having you to bother with escaping user provided content.

Do yourself a favor, comment the complete block out and rewrite it with PDO or mysqli_*.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.