[RESOLVED] MySQL Insert Problem

[ERUM]

hello to everYone!!

i m using following code for inserting the the data in my sql there is no syntax error no exception but the data is not inserting in the database

i also tried by $_POST instead of $_REQUEST but no result !

PHP Code:

<?
ini_set("display_errors", 0);
if (isset($_REQUEST['submit'])) {
$name =$_REQUEST["username"];

echo $name;
$dbh=mysql_connect ('localhost','root','mypass');
mysql_select_db ("newdatabase");

mysql_query("insert into  newtable (name) values($name)") 
or die(mysql_error());  
echo "Data Inserted!";

}

if (!isset($_POST['submit'])) { // if page is not submitted to itself echo the form
?>
<html>
<body>
<form method="post" action="<?php echo $PHP_SELF;?>">
<table>
<tr>
<td>Please enter your name:</td>
<td> <input type="text" name="username" /></td>
</tr>
<td>Please enter your name1:</td>
<td> <input type="text" name="username1" /></td>
</tr>
<tr><td><input type="submit" value="submit" /></td></tr>
</table>
</form>

<?
}
 else {
  echo "Hello, " .$_REQUEST['username'];  

}
?>

Hope any one would reply

[Hack]

Split into its own thread from this thread.

[penagate]

There are a couple of problems with your script.
Let's start with the obvious: you have turned off error displaying. You say there is no error, but this is probably because you've suppressed them all. Remove this line:

PHP Code:

ini_set("display_errors", 0); 


Replace it with this:

PHP Code:

error_reporting(E_ALL | E_STRICT); 


Secondly: you are inserting $name directly into the query, which comes from a request variable. This is bad and is a SQL injection vulnerability. You might be able to get away with it if you have magic quotes on, but that is a deprecated "feature" that should not be used.
Instead, use mysql_real_escape_string($name) to ensure that any funny characters are escaped and will not mess up the SQL query.
Better yet, find yourself a data access abstraction library, like PDO. But that's a topic for another day, once you've got this working.

Thirdly: use $_GET and $_POST rather than $_REQUEST. $_REQUEST ignores the semantic difference between GET and POST methods and can possibly lead to problems with people manipulating URLs. Avoid its use.

Fourth: the opening <?php tag should be preferred to <?, which is not recommended for use in a production situation as it is not always supported. All tags apart from <?php ... ?> are deprecated.

With those changes made, give the script another whirl and let us know how it goes.


Moved from Database Development.

[ERUM]

First of i m very thankful to u for replying

here i m mailing the code again infact the problem is still reside i have follow

all the step that u told me but still no error and no data is inserting

VB Code:

<?php
error_reporting(E_ALL | E_STRICT); 
if (isset($_POST['submit'])) {
$name1 =$_POST["username"];
$name1=mysql_real_escape_string($name1)
echo $name1;
$dbh=mysql_connect ('localhost','newuser','mypass');
mysql_select_db ("newdatabase");
 
mysql_query("insert into  newtable (name) values($name1) 
or die(mysql_error());  
echo "Data Inserted!";
 
}
 
if (!isset($_POST ['submit'])) { // if page is not submitted to itself echo the form
?>
<html>
<body>
<form method="post" action="<?phpphp echo $PHP_SELF;?>">
<table>
<tr>
<td>Please enter your name:</td>
<td> <input type="text" name="username" /></td>
</tr>
<td>Please enter your name1:</td>
<td> <input type="text" name="username1" /></td>
</tr>
<tr><td><input type="submit" value="submit" name="submit"></td></tr>
</table>
</form>
 
<?php
}
 else {
  echo "Hello, " .$_POST ['username'];  
 
}
?>

u can correct my code i m still in ambiguity and doing something wrong

[mehul.pandya]

hi
i think there is problem in line

Code:

mysql_query("insert into  newtable (name) values($name1)

but i dont know php
like in vb or asp when u insert value of variable it is concatenated with the query
like

Code:

mysql_query("insert into  newtable (name) values(" + $name1 + ")

This will be error Hope so.

[ERUM]

my problem has been resolve in this way

PHP Code:


<?php
ini_set("display_errors", 0);


    if (isset($_POST['submit'])) {
    $Loginname = $_POST["Loginname"];
    $Password1 = $_POST["Password1"];
}

if (!isset($_POST['submit'])) { // if page is not submitted to itself echo the form


?>


<html>
<head>
<title>
</title>
</head>
<body>
<form method="post" action="<?php echo $PHP_SELF;?>">
<table  width="50%"   border="1px" align="center">

<tr bgcolor="Teal" width="100%" align="center" colspan=2>
<td align="center">User Login</td>
</tr>

<tr bgcolor="Biege">
<td>Enter Login name</td>
<td><input type="text" name="Loginname"></td>
</tr>

<tr bgcolor="Biege">
<td>Enter Password</td>
<td><input type="text" name="Password1"></td>
</tr>

<tr bgcolor="Biege">
<td><input type="submit" value="Submit" name="submit"></td>

</tr>
</table>
</form>

<?
} else {

$dbh=mysql_connect ('localhost','root','mypass');
mysql_select_db ("class");

mysql_query("INSERT INTO information  (firstName) VALUES ('$_POST[Loginname]')");
}

?> 

</body>
</html>