0

I have a form that does not seem to want to write its data to my database. I am somewhat new to php mysql. When I test the script the page reloads with only a "0" displayed. I am not sure what am I missing? Any help is appreciated.

form

<form action="new.php" method="POST">
      <table>
        <tr>
          <td>Season Number: </td>
          <td><input type="text" name="season_sum" size="50" value="<? echo "$season_num";?>"></td>
        </tr>
        <tr>
          <td>Episode Number: </td>
          <td><input type="text" name="eps_num" size="50" value="<? echo "$eps_num";?>"></td>
        </tr>
        <tr>
          <td>Temp Episode Number: </td>
          <td><input type="text" name="temp_eps_num" size="50"></td>
        </tr>
        <tr>
          <td>Title: </td>
          <td><input type="text" name="title" size="50"></td>
        </tr>
        <tr>
          <td>Description: </td>
          <td><textarea type="text" name="descrip" cols="50" rows="7"></textarea></td>
        </tr>
        <tr>
          <td colspan="2"><input type="hidden" name="id">
            <input type="Submit" value="New Item"></td>
        </tr>
      </table>
    </form>

new.php

<?php
require "db.php";

//Test for user input
if (!empty($_POST[season_sum])&&
    !empty($_POST[eps_num])&&
    !empty($_POST[temp_eps_num])&&
    !empty($_POST[title])&&
    !empty($_POST[descrip]))

if ( ! empty($_POST['ID']))
$id = (int)$_POST['ID'];
else $id = 'NULL';

//Insert new entry
$query = "INSERT INTO `season` (`ID`, `season_num`, `temp_eps_num`, `esp_num`, `title`, `descrip`) VALUES ({$id}, '{$season_sum}', '{$eps_num}', '{$temp_eps_num}', '{$title}', '{$descrip}')";

// Send user back to the list once the update is successfully finished
header("Location: form.html");
?>
Improve this question

3 Answers 3

Reset to default
3

Disable the following line in new.php in the event the PHP code is throwing an error:

//header("Location: form.html")

Then you will need to execute the $query using mysql_query.

$query = "INSERT INTO ... ";

mysql_query($query);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I have made your recommended changes but still got a "0" when submitted
once I got back to the list tho, the data was inputted correctly
1

you are never actually sending the query, just defining the query string. To send it you netted to use mysql_query ($query).

See documentation for more details. http://php.net/manual/en/function.mysql-query.php

Improve this answer

Comments

0

Not sure about the "0" but in general your code looks like you chopped things out for readability. If not...

    if (!empty($_POST[season_sum]) && !empty($_POST[eps_num]) && !empty($_POST[temp_eps_num]) && !empty($_POST[title]) && !empty($_POST[descrip]))
    {

        if ( !empty($_POST['ID']))
            $id = (int)$_POST['ID'];
        else 
            $id = 'NULL';

        // mysql_real_escape_string() example
        $descrip = mysql_real_escape_string($_POST['descrip']);

        //Insert new entry
        $query = mysql_query("INSERT INTO `season` (`ID`, `season_num`, `temp_eps_num`, `esp_num`, `title`, `descrip`) VALUES ({$id}, '{$season_sum}', '{$eps_num}', '{$temp_eps_num}', '{$title}', '$descrip')") or die(mysql_error());

        // Send user back to the list once the update is successfully finished
        header("Location: http://www.yoursite.com/form.html");
        exit;
    }

I didn't put in the escaping since it is easier just to suggest you wrap your db insert strings with mysql_real_escape_string(). Aside that you never actually run a query, and you do not wrap your if statement with curly braces. I don't even know what the page would think to do in this condition.

Try applying these changes and let us know if the error persists.

note - I added exit after your header location. Also, I put a full url path in as somewhere or another I heard this was better practice. I have no backing for that claim though. Just a thing I heard somewhere.

mysql_real_escape_string() explanation: to use it you must have a connection open. This is usually handled in your db class so if you discover it doing nothing, look into mysql_connect(); To use, just call like so: 

$sql = mysql_query("SELECT * FROM `table` WHERE `id` = '".mysql_real_escape_string($string_to_escape)."'");

It will not add the single quote wrapper. All it does is help sanitize the string to prevent common sql injection attacks.

Improve this answer

7 Comments

looks like I do need to add mysql_real_escape_string() in because some descriptions have quotes in them
could you provide a code sample on how I would add the escape string to let my $descript contain quotes.
do you mean something like the following? mysql_real_escape_string($query);
updated. By the way you dont appear to be assigning your post variables to their simple form as called in your queries. Look at what I did to $descrip for example.
Ok, I am trying out your new example
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.