1

this is seriously confusing me.. I now have such a headache! I have been learning php for a month and this is the sort of stuff I expected to srtuggle with 4 weeks ago s:

I am recieving the warning Undefined index and the database is updating with the date 0000-00-00 and then nothing in the other column, i turned the query into an echo to see what was happening but nothing seems to be getting assigned to the variables that are being sent from the form!

The Code: (simplified)

calender.php

<form name="slots" action="updatecalender.php" method="post">
Day: <input type="text" name="dayofmonth" />
<select name="month">
    <option value="1">January</option>
    <option value="2">February</option>
    <option value="3">March</option>
    <option value="4">April</option>
    <option value="5">May</option>
    <option value="6">June</option>
    <option value="7">July</option>
    <option value="8">August</option>
    <option value="9">September</option>
    <option value="10">October</option>
    <option value="11">November</option>
    <option value="12">December</option>
</select>
<select name="year">
    <option value="2012">2012</option>
    <option value="2013">2013</option>
    <option value="2014">2014</option>
    <option value="2015">2015</option>
    <option value="2016">2016</option>
    <option value="2017">2017</option>
    <option value="2018">2018</option>
    <option value="2019">2019</option>
    <option value="2020">2020</option>
    <option value="2021">2021</option>
    <option value="2022">2022</option>
    <option value="2023">2023</option>
</select><br /><br />
Slots Available:
<input type="text" name="noslots" /><br />
<input type="submit" value=" - Go - " />
</form>

updatecalender.php

<?php
//connect to database

require "dbconn.php";

$dayofmonth = $_GET['dayofmonth'];
$month = $_GET['month'];
$year = $_GET['year'];
$noslots = $_GET['noslots'];

$query = INSERT INTO calender VALUES ('".$year."-".$month."-".$dayofmonth."','".$noslots."')";

$results = mysql_query($query)
            or die(mysql_error());

header('Location:calender.php');

    ?>

I am a beginner so I am not playing with making it secure... just making it work!

Thank you soo much for any advice and help!

Improve this question
7
  • 2
    Is this really the code you're using? The line beginning with $query = looks like it would have at least one parser error. Also, what does the resulting query look like? You said you echoed it, can you share it? Commented Mar 26, 2012 at 18:28
  • 4
    your form uses POST, your PHP uses GET. Use $_POST Commented Mar 26, 2012 at 18:28
  • 1
    Oh look. Non-sanitised input. Little Bobby Tables will have so much fun. Is there a PHP/SQL tutorial anywhere on the planet that actually worries about SQL injection? "I am a beginner so I am not playing with making it secure" — So what? Security comes free with sane APIs. Use PDO. Don't use mysqli. Commented Mar 26, 2012 at 18:32
  • @mdi: Looks like you caught it first. You should post that as the answer. Commented Mar 26, 2012 at 18:32
  • sorry, I meant i echoed it so i could see if the variables had been assigned... and with regards the query, i missed in the code i copied into here a " I am learning still though (obvs) Commented Mar 26, 2012 at 18:33

3 Answers 3

Reset to default
2

Start by using $_POST in your php code i.e.:

$dayofmonth = $_POST['dayofmonth'];
$month = $_POST['month'];
$year = $_POST['year'];
$noslots = $_POST['noslots'];

Also, consider learning PDO. Your code is not secure as it is. PDO will help sanitize your inputs and help prevent things such as SQL Injections

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

your form uses POST, your PHP uses GET. Use $_POST

(initially proposed in comments)

Improve this answer

Comments

1

this may work for you.

<?php 
    //connect to database 

    require "dbconn.php";

    $dayofmonth = $_POST['dayofmonth']; 
    $month = $_POST['month']; 
    $year = $_POST['year']; 
    $noslots = $_POST['noslots']; 

    $results = mysql_query ("INSERT INTO calender VALUES ('".$year."-".$month."-".$dayofmonth."','".$noslots."')");

    header('Location:calender.php'); 

    ?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.