0

Before reading, please note that I am very new to both PHP and MYSQL. I have created a table in my MYSQL database. I would now like to 'spit out' this table onto a page through PHP. This part I seem to be okay with. After outputting the tables data into an HTML table, I would like to output an HTML form onto my page. So, I now have a table followed by a form. This form will contain a few text boxes that, when submitted, will post the data used to insert a new row into the preexisting table noted above.

All of the above code is currently in a PHP file named 'display.php'.

My Issue:

If the form described above is posting back to my 'display.php' file, after inserting a new row and displaying the new table information, what is stopping my code from inserting another new row full of NULL data? I'm sure I did a less than decent job of explaining this scenario so I will post some code.

HTML / PHP

<html>
<head> 
    <title>Html and PHP</title>
</head>

<body>

<!-- Form -->
<form action="insertdata.php" method="post">
Username: <input type="text" name="username" >
Hardware ID: <input type="text" name="hardwareid" >
<input type="submit" >
</form>

<?php

// Connect to MYSQL
$con = mysql_connect("localhost","blah","private");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

// Select database
mysql_select_db("dbname", $con);

// Insert posted data into table
$sql="INSERT INTO tablename(
Username,
HardwareID)

VALUES
('$_POST[username]','$_POST[hardwareid]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record successfully added...";

mysql_close($con)
?>

</body>
</html>

Again, I am a complete beginner - and I understand this. I want to know, must the different parts of the above code be placed into multiple files? I don't want to have to go to a new address, which is why this is causing me so much confusion I'd say.

Improve this question
0

2 Answers 2

Reset to default
2

try some thing like this,

connection.php file 

    // Connect to MYSQL
$con = mysql_connect("localhost","blah","private");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

// Select database
mysql_select_db("dbname", $con);

display.php file

    <html>
<head> 
    <title>Html and PHP</title>
</head>

<body>

<!-- Form -->
<form action="process.php" method="post">
Username: <input type="text" name="username" >
Hardware ID: <input type="text" name="hardwareid" >
<input type="submit" >
</form>

</body>
</html>

process.php file

    include_once("ur_file_dir/connection.php");

    if ((isset($_POST['username']) && isset($_POST['hardwareid'])) {

      $sql="INSERT INTO tablename(
         Username,
         HardwareID)

         VALUES
            ($_POST['username'],$_POST['hardwareid'])";
      if (!mysql_query($sql,$con))
      {
          die('Error: ' . mysql_error());
      }
      echo "1 record successfully added...";

      mysql_close($con)

}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You should validate your input, ie:

if (!empty($_POST['username'] && !empty($_POST['hardwareid']) {
    // do your insert here
}

Also, you should be wary of allowing user input to be inserted directly into your query, as this leaves your open to SQL injections. A better way to do this is to use PDO and prepared statements:

http://php.net/manual/en/pdo.prepared-statements.php

Improve this answer

3 Comments

Thank you. So I would also like to know, would you recommend keeping the Form, and the input into table code in separate files? If the answer to the above question is a 'yes', in which file would you recommend I put the code to read the data from the table and display it on the screen? I would suspect it would be the file with the Form in it?
@Evan To keep the code clean, I would recommend separating the presentation from the business logic, so you could put them in separate files. How you go about doing that is your choice; I personally make use of MVC, but since you are a beginner this might be a bit too much to handle right now.
Alright. So if I were to set my form to call the separate PHP file -the one containing the script that will add a new row into my table - how could I then reload the page with the Form and the read table code on it to display the newly added row?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.