0

I have 3 fieldnames called ID, Autore, Titolo in Mysql. The tablename is demo and database name is forms1
I have problem to insert data from many forms into database. I test code but i have something wrong into insert.php

Form Code:

<style>
br {margin-bottom:-10px;}
</style>

<form action="insert.php" method="post">
<b>Titolo </b>&nbsp;&nbsp;<input type="text" name="Titolo"><br><br>
<b>Autore </b><input type="text" name="Autore"><br><br>
<input type="Submit">
</form>

Insert.php

<?php

define('DB_NAME', 'forms1');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');


$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
    die('Could not connect: ' . mysql_error());
}

$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) {
    die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}

$sql = "INSERT INTO demo VALUES
('', 'Autore', 'Titolo')";


if (!mysql_query($sql)) {
    die('Error: ' . mysql_error());
}
mysql_close();
?>

This piece of code is wrong:

$sql = "INSERT INTO demo VALUES
    ('', 'Autore', 'Titolo')";

When i try insert values like Jack, John from form the values that are adding are Autore and Titolo
But Autore & Titolo are my 2nd-3rd fieldnames in my demo table, but its are added like values! http://imageshack.us/a/img831/3109/insertdatadatabase.png

This is my ResultPage.php

<html>
<?php
echo "<h2>Lista Autori</h2>";  
echo "<table border='1' style='border-collapse: collapse;border-color: silver;'>";  
echo "<tr style='font-weight: bold;'>";  
echo "<td width='auto' align='center'>N</td>";  
echo "<td width='auto' >&nbsp;Nome</td>";
echo "</tr>";
    //1. Connessione al Database
$connection = mysql_connect("localhost","root","");
if(!$connection){
    die("Database connection failed: " . mysql_error());
}
    //2. Seleziona Database
$db_select = mysql_select_db("forms1",$connection);
if (!$db_select) {
    die("Database connection failed: " . mysql_error());
}
    //3. Interroga Database

$result = mysql_query("SELECT * FROM demo LIMIT 0, 30 ", $connection);
if (!$result) {
    die("Database query failed: " . mysql_error());
}

    //4. Use Returned Data
while ($row = mysql_fetch_array($result)) 
    { 

    echo "<tr>";
    echo "<td align='center' width='auto'>" . $row[1] . "</td>";
    echo "<td width='auto'>" . "&nbsp;" . $row[2] . "&nbsp;" . "</td>";     
    echo "</tr>";

    }

mysql_close($connection);
?>
</html>

How can i change insert.php file?

Improve this question

8 Answers 8

Reset to default
3

In your insertion code you have

$sql = "INSERT INTO demo VALUES 
('', 'Autore', 'Titolo')"

This has hardcoded your values.

Do remember to check the values of the variables coming back and escape them

Your form has this:

<b>Titolo </b>&nbsp;&nbsp;<input type="text" name="Titolo"><br><br>  
<b>Autore </b><input type="text" name="Autore"><br><br>

So the forms sending you 

$_POST["Titolo"] and $_POST["Autore"]

So you should change your 

$sql = "INSERT INTO demo VALUES 
('', '".mysql_real_escape_string($_POST["Autore"])."', '".mysql_real_escape_string($_POST["Titolo"])."')"

and to delete the entered items (both boxes would need to be a proper match)

$sql = "DELETE FROM demo where Titolo='".mysql_real_escape_string($_POST["Autore"])."' and Autore='".mysql_real_escape_string($_POST["Titolo"])."';
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

But if i want remove value like Jack or John from form?
INSERT TO to insert data, DELETE FROM..i try to replace but doesn't work
what are the names of your 2 fields you are populating, and I'll update the code.
i have 3 fields ID (int, autoincrement), Autore (varchar, null) Titolo (varchar, null). You can condiderate only Autore and Titolo
Have you lost your ) key? :)
|
1

i think your sql query got problem. it should be like this :

$autore = $_POST['Autore'];
$titolo = $_POST['Titolo'];

$sql = "INSERT INTO demo(Autore, Titolo) VALUES ('$autore', '$titolo')";

hope this helps :)

Improve this answer

8 Comments

But if i want remove value like Jack or John from form?
i dont get what u trying to ask there
mmm..i want remove values like jack or john from database. I try using your code replace INSERT INTO with DELETE FROM but i can't remove jack or john from mysql. How can i do using your solution?
i dont clearly get what u trying to do, but i hope this will help u DELETE FROM demo WHERE Autore = 'Jack' OR Titolo = 'John'
from form i can add insert data. In this case i want remove data from form..so how generic code can i use?
|
1

$sql = "INSERT INTO demo VALUES ('', 'Autore', 'Titolo')";

In this query you have to insert the values which is getting from the form not the 'Autore', 'Titolo'

Improve this answer

Comments

0

This should work, if you did not miss anything!?

$sql = sprintf("INSERT INTO demo VALUES('', '%s', '%s')",
        mysql_real_escape_string($_POST["Titolo"]),
        mysql_real_escape_string($_POST["Autore"]));
Improve this answer

Comments

0

Use the below code . You have to capture the actual value before inserting

 $Autore = $_post['Autore'];
 $Titolo = $_post['Titolo'];

 $sql = "INSERT INTO demo (ID, Autore, Titolo) VALUES  ('', '$Autore', '$Titolo')";
Improve this answer

2 Comments

thanks..now i want remove the input data like Jack or John. How can I modify your code? $sql = "DELETE FROM demo (ID, Autore, Titolo) seems doesn't work.
$_post needs to be uppercase and if you aren't going to secure the post data you should add a note to the answer to say it's unsecure.
0

Please ignore all previous answers. Your code is a security disaster. At least ditch the mysql_* functions and use Mysqli or PDO

Did you notice the large area in the php manual:

Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.

MySQLi Example:

$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$stmt = $mysqli->prepare("INSERT INTO demo VALUES (?,?,?)");
$val1='';
$autore=$_POST['Autore']; //TODO check if these POST values exist
$titolo=$_POST['Titolo'];
$stmt->bind_param('sss', $val1, $autore, $titolo);


/* execute prepared statement */
$stmt->execute();

printf("%d Row inserted.\n", $stmt->affected_rows);

/* close statement and connection */
$stmt->close();
Improve this answer

2 Comments

Even more reason to start with the current technology and not use something that will stop working in the near future. I'll update my answer with a small example.
thanks for your example. I try to understand to improve my code, thank you
0 
$Autore = mysql_real_escape_string ($_POST['Autore']);
$Titolo = mysql_real_escape_string ($_POST['Titolo']);

$sql = "INSERT INTO demo VALUES
    ('', '$Autore', '$Titolo')";
Improve this answer

8 Comments

and if i want remove from Form?
use auto increment Id in the Table from that you can remove or delete entry from table like DELETE FROM demo where id = 1
$sql = "DELETE FROM demo VALUES.. seems doesnt work "You have an error in your SQL syntax.."
VALUES should not come with the DElELTE query. you should use WHERE clause
I see in mysql this example of code DELETE FROM 'forms1'.'demo' WHERE 'demo'.'ID' = 20; but i must replace 'ID' = 20; with Autore = Jack; ?
|
0

Use these markup for the query:

INSERT INTO demo(Autore, Titolo)
VALUES ($_POST['Autore'], $_POST['Titolo'])

That way, there saved in the right column... maybe this helps

But be aware, that if you use this, your query is unsafe. You need to strip quotes and all that other stuff...

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.