0

I am new to PHP and I am following a tutorial that gets information from a mySQL database table by the row and outputs a form to create new table rows. For some reason I can't figure out what is wrong with my code? The page is blank when I refresh the page and I have been staring at this code forever. Does anybody know what I am doing wrong? The database connection is fine as it is used on another page and i have checked.

The mySQL database I have is extremely simple, with 1 table called users that has 5 columns (ID, username, firstName, lastName, title) with the ID being a unique field.

<?php // sqltest.php
require_once 'login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);

if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
    mysql_select_db($db_database, $db_server)
    or die("Unable to select database: " . mysql_error());

if (isset($_POST['delete']) && isset($_POST['ID']))
{
    $id = get_post('ID');
    $query = "DELETE FROM users WHERE ID='$id'";
    if (!mysql_query($query, $db_server))
    echo "DELETE failed: $query<br>" .
    mysql_error() . "<br><br>";
}

if (isset($_POST['ID']) &&
    isset($_POST['username']) &&
    isset($_POST['firstName']) &&
    isset($_POST['lastName']) &&
    isset($_POST['title']))
{
    $id = get_post('ID');
    $username = get_post('username');
    $firstName = get_post('firstName');
    $lastName = get_post('lastName');
    $title = get_post('title');
    $query = "INSERT INTO users VALUES" .
    "('$id', '$username', '$firstName', '$lastName', '$title')";

    if (!mysql_query($query, $db_server))
        echo "INSERT failed: $query<br>" .
        mysql_error() . "<br><br>";
}

echo <<<_END
<form action="sqltest.php" method="post"><pre>
ID <input type="text" name="ID">
username <input type="text" name="username">
firstName <input type="text" name="firstName">
lastName <input type="text" name="lastName">
title <input type="text" name="title">
<input type="submit" value="ADD RECORD">
</pre></form>
_END;

$query = "SELECT * FROM users";

$result = mysql_query($query);

if (!$result) die ("Database access failed: " . mysql_error());
    $rows = mysql_num_rows($result);
    for ($j = 0 ; $j < $rows ; ++$j)
{
    $row = mysql_fetch_row($result);
    echo <<<_END
    <pre>
    ID $row[0]
    username $row[1]
    firstName $row[2]
    lastName $row[3]
    title $row[4]
    </pre>
    <form action="sqltest.php" method="post">
    <input type="hidden" name="delete" value="yes">
    <input type="hidden" name="title" value="$row[4]">
    <input type="submit" value="DELETE RECORD"></form>
    _END;
}

mysql_close($db_server);
function get_post($var)
{
    return mysql_real_escape_string($_POST[$var]);
}

Any help would be super awesome!

Improve this question
2
  • This tutorial is rather out of date Commented Oct 18, 2015 at 21:50
  • 2
    Notice: This code is vulnerable to SQL-Injection. You also should not use the deprecated mysql-lib anymore. Use mysqli or PDO instead. Commented Oct 18, 2015 at 23:35

1 Answer 1

Reset to default
1

You are trying to retrieve variables with the wrong way.

Example

$username = get_post('username');

should be

$username = $_POST['username'];

You should do the same with the same code that you are trying to retrieve post variables.

And the query to insert values should be

$query = "INSERT INTO users VALUES('".$id."', '".$username."', '".$firstName."', '".$lastName."', '".$title."')";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.