0

The code below should write code into the database. I have divided into two parts HTML AND PHP code are separate. HTML form code is shown below:

<form name="form1" action="insert.php" method="post">
<h3>Ime </h3> <input type="text" name="field1" > <br/> <br/>
<h3>Prezime </h3> <input type="text" name="field2" > <br/> <br/>
<h3>Firma </h3> <input type="text" name="field3" > <br/> <br/>
<h3>Adresa </h3><input type="text" name="field4" > <br/> <br/>
<h3>Telefon </h3> <input type="text" name="field5" > <br/> <br/>
<h3>Fax </h3><input type="text" name="field6" > <br/> <br/>
<h3>Mobitel </h3> <input type="text" name="field7" > <br/> <br/>
<h3>Email </h3> <input type="text" name="field8" > <br/> <br/>
<h3>Web stranica </h3> <input type="text" name="field9" > <br/> 
</form>

PhP code is shown below. 

$host="localhost"; // Host name
$username="root"; // username
$password="le30mu09"; // password
$database="imenik"; // Database name
$tbl_name="clanovi"; // Table name

// Replace database connect functions depending on database you are using.

$field1=$_POST['field1'];
$field2=$_POST['field2'];
$field3=$_POST['field3'];
$field4=$_POST['field4'];
$field5=$_POST['field5'];
$field6=$_POST['field6'];
$field7=$_POST['field7'];
$field8=$_POST['field8'];
$field9=$_POST['field9']; 

$link=mysql_connect("$host", "$username", "$password");
if (!$link) {
    die('Could not connect: ' . mysql_error());
}

// make foo the current db
$db_selected = mysql_select_db("$database");
if (!$db_selected) {
    die ('db is not selected : ' . mysql_error());
}

   $query = "INSERT INTO `clanovi`(`Ime`, `Prezime`, `Firma`, `Adresa`, `Telefon`, `Fax`, `Mobitel`, `Email`, `Web_stranica`) VALUES ( "$field1", "$field2", "$field3", "$field4", "$field5", "$field6", "$field7", "$field8", "$field9")"; 

mysql_query($query);
mysql_close();
Improve this question
1
  • Why do you quote your variables? Thats probably the error. Commented Nov 15, 2013 at 9:26

4 Answers 4

Reset to default
1

You need to tell us what the actual error is. And bone up on PDO and the dangers of sending unsanitised POST variables to the DB as a matter of priority.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Modify your Insert query. It should be like this:

INSERT INTO clanovi
    (column1,column2,column3,...) 
VALUES 
    ( $field1, $field2, $field3,.....)
Improve this answer

3 Comments

his query is ok too. You dont have to specify the columns when you want to fill all.
but we need to specify the column(s) name in the SQL query if we are adding values for all the columns of the table. But the order of the values should be in the same order as the columns in the table.
Uhm, no, we dont need to. As i said, if you want to insert into all columns, the definition of the columns is unnecessary: w3schools.com/sql/sql_insert.asp
0

You appear to be using a lot of quotation marks in places that you shouldn't be using them in. It is funny how you can code something for 5 hours and then try to debug it for 2 hours because of a simple quotation mark! It's funny and very depressing at the same time :(

Ok, let's fix the code a little bit!

Database

$link=mysql_connect($host, $username, $password);
if (!$link) {
    die('Could not connect: ' . mysql_error());
}

// make foo the current db
$db_selected = mysql_select_db($database);
if (!$db_selected) {
    die ('db is not selected : ' . mysql_error());
}

Notice how I stripped all of the quotation marks out of the code? That will help with database connection and selection.

Now let's move onto the actual inserting of the information into the database!

$query = "INSERT INTO clanovi ('Ime', 'Prezime', 'Firma', 'Adresa', 'Telefon', 'Fax', 'Mobitel, 'Email', 'Web_stranica') VALUES ( $field1, $field2, $field3, $field4, $field5, $field6, $field7, $field8, $field9)";

Again, I stripped all of the quotation marks. Plus I removed backticks and replaced with a ' and also took the '' off of your table name - You should nly use quotation marks when not using a variable. 

//Correct
VALUES ($field1, "textnotvariable", $field2...

//Incorrect
VALUES ("$field1", "textnotvariable", "field2"...

The same goes with echo statements. Here's an example...

$myname = "MrJustin";

//Correct
echo $myname;

    //or

echo "My name is ". $myname .", it's nice to meet you!";

//Incorrect 

echo "My name is $myname, it's nice to meet you";

You'll notice how I used ". $myname ." - that tells the echo to break away from using text, and to pass a variable! :) That to me is the best way to explain how quotations will break a code.

Oh, and you should ALWAYS sanitize your inputs/outputs when using foreign code. I would do some Google searching on that one, and then chat us back up if you run into problems with that!

Hopefully this helps, and happy coding!!

Improve this answer

Comments

0

you are not selecting database. you are using double quotes in not its place.

replace this

  $db_selected = mysql_select_db("$database");

by

 $db_selected = mysql_select_db($database);

and also replace this

 $link=mysql_connect("$host", "$username", "$password");

by

 $link=mysql_connect($host, $username, $password);
  • i recomand you to use PDO or mysqli instead.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.