tuxandpucks Posted August 15, 2011 Share Posted August 15, 2011 Hey everyone, I am in need of that high quality help I receive when visiting this website. In short, I have a php script that is supposed to automatically submit data to a MySQL database but the data doesn't seem to make it to the database. I am not good at debugging and I am not getting any errors on the pages when I submit an entry. Basically I have this code which takes in the information and as you know/can tell it calls on another php script to do the auto submit to the database. Here is this code: </head> <?php include('../templates/bodyandlogo.htm'); ?> <?php include('../templates/navmenu.htm'); ?> <br /> <br /> <h1>PoemScribe: Order Form</h1> <br /> <br /> <p>Please complete the form below and click submit to order your personalized poem.</p> <br /> <br /> <div id="form"> <form action="../php_scripts/orderform.php" method="post"> <label for="firstname">First Name:</label> <div class="input"><input type="text" id="firstname" name="firstname" /></div><br /> <label for="lastname">Last Name:</label> <div class="input"><input type="text" id="lastname" name="lastname" /></div><br /> <label for="email">Email:</label> <div class="input"><input type="text" id="email" name="email" /></div><br /> <label for="selectpoemtype">Select Poem Type:<br /> 4-Line Poem: $15 8-Line Poem: $25 12-Line Poem: $40 16-Line Poem: $50 20-Line Poem: $75 Please type in your desired poem length. Example: "4line". </label><br /> <div class="input"><input type="text" id="selectpoemtype" name="selectpoemtype" /><br /> <br /> <br /> <label for="keynames">"Key names to include?"</label> <div class="input"><input type="text" id="keynames" name="keynames"/></div><br /> <label for="specificwords">Any specific words you would like to include in your poem?</label> <div class="input"><input type="text" id="specificwords" name="specificwords" /></div><br /> <label for="poemisfor">Who is the poem for?</label> <div class="input"><input type="text" id="poemisfor" name="poemisfor" /></div><br /> <label for="relationship">Relationship to you?</label> <div class="input"><input type="text" id="relationship" name="relationship" /></div><br /> <label for="occasion">What is the occasion for this poem?</label> <div class="input"><input type="text" id="occasion" name="occasion" /></div><br /> <label for="overallmessage">What do you want the overall message of this poem to be?</label> <div class="input"><input type="text" id="overallmessage" name="overallmessage" /></div><br /> <label for="anythingelse">Any other information you would like for me to know?</label> <div class="input"><input type="text" id="anythingelse" name="anythingelse" /></div><br /> <div class="input"><input type="submit" value="Submit" name="submit"</div> </form> </div><!--form--> <br /> <br /> <?php include('../templates/footer.htm'); And then the code that is called on (the script called orderform.php): <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head><title>PoemScribe Order Form</title> </head> <body> <h2>PoemScribe</h2> <?php $email = "myemail@gmail.com"; // Email to notify on error $first_name = $_POST['firstname']; $last_name = $_POST['lastname']; $email = $_POST['email']; $select_poem_type = $_POST['selectpoemtype']; $key_names = $_POST['keynames']; $specific_words = $_POST['specificwords']; $poem_is_for = $_POST['poemisfor']; $relationship = $_POST['relationship']; $occasion = $_POST['occasion']; $over_all_message = $_POST['overallmessage']; $anything_else = $_POST['anythingelse']; $dbc = mysqli_connect('localhost', 'login', 'password', 'database'); " . or die('Error connecting to MySQL server.'); $query = INSERT INTO poem_orders '(firstname, lastname, email, selectpoemtype, keynames, specificwords, poemisfor, " . "relationship, occasion, overallmessage, anythingelse)" . "VALUES ('$first_name', '$last_name', '$email', '$select_poem_type' '$key_names', '$specific_words', '$poem_is_for', " . "'$relationship', '$occasion', '$over_all_message', '$anything_else')"; echo 'Thank you, ' . $firstname . $lastname; echo 'Thanks for submitting the form.<br />'; echo ' Poem Type: ' . $selectpoemtype; echo ' Key names to include: ' . $keynames . '<br />'; echo 'Specific Words To Include: '. $specificwords . '<br />'; echo 'Poem is for: ' . $poemisfor . '<br />'; echo 'Relationship: ' . $relationship . '<br />'; echo 'Occasion: ' . $occasion . '<br />'; echo 'Overall Message: ' . $overallmessage . '<br />'; echo 'You also added: ' . $anything_else; mysqli_close($dbc); ?> </body> </html> Again, I am trying to figure out why my database isn't being populated when someone clicks on the submit button. I tried the code Larry shows on pages 352-354 of this book, but I couldn't get it to work, so I am now trying the code posted above. Any help is appreciated. Thanks in advance, Randy Link to comment Share on other sites More sharing options...
zanimation Posted August 16, 2011 Share Posted August 16, 2011 $dbc = mysqli_connect('localhost', 'login', 'password', 'database'); " . or die('Error connecting to MySQL server.'); It seems you've left the ;" . after mysqli_connect() which is causing your whole sql definition to mess up. Take out the semicolon, quotation, and the period and see if it works: $dbc = mysqli_connect('localhost', 'login', 'password', 'database') or die('Error connecting to MySQL server.'); Link to comment Share on other sites More sharing options...
tuxandpucks Posted August 16, 2011 Author Share Posted August 16, 2011 Thanks for the help. I tried your suggestion and without success. Also, now I end up with my ide telling me I have an error. I have attached a picture to show what I mean. $dbc = mysqli_connect('localhost', 'login', 'password', 'database'); " . or die('Error connecting to MySQL server.'); It seems you've left the ;" . after mysqli_connect() which is causing your whole sql definition to mess up. Take out the semicolon, quotation, and the period and see if it works: $dbc = mysqli_connect('localhost', 'login', 'password', 'database') or die('Error connecting to MySQL server.'); Link to comment Share on other sites More sharing options...
zanimation Posted August 16, 2011 Share Posted August 16, 2011 Thanks for the help. I tried your suggestion and without success. Also, now I end up with my ide telling me I have an error. I have attached a picture to show what I mean. The quotes for your query seem all messed up and mismatched. You also don't need to concatenate anything. Here it is fixed: $query = "INSERT INTO poem_orders (firstname, lastname, email, selectpoemtype, keynames, specificwords, poemisfor, relationship, occasion, overallmessage, anythingelse) VALUES ('$first_name', '$last_name', '$email', '$select_poem_type' '$key_names', '$specific_words', '$poem_is_for', '$relationship', '$occasion', '$over_all_message', '$anything_else')"; It seems you are also not executing your query. You are defining your query, but I see nothing that executes it. I'm not familiar with mysqli as I mainly use PDO, but try adding this just after your query definition: $success = mysqli_query($dbc, $query); // if query was successful, display message to user: if($success) { echo 'Thank you, ' . $firstname . $lastname; echo 'Thanks for submitting the form.<br />'; echo ' Poem Type: ' . $selectpoemtype; echo ' Key names to include: ' . $keynames . '<br />'; echo 'Specific Words To Include: '. $specificwords . '<br />'; echo 'Poem is for: ' . $poemisfor . '<br />'; echo 'Relationship: ' . $relationship . '<br />'; echo 'Occasion: ' . $occasion . '<br />'; echo 'Overall Message: ' . $overallmessage . '<br />'; echo 'You also added: ' . $anything_else; } else { echo 'Error: Query failed.'; } Also note that your query is wide open to SQL injection. While it's best to use prepared statements, you can just do this to prevent SQL injection: $email = "myemail@gmail.com"; // Email to notify on error $first_name = mysqli_real_escape_string($_POST['firstname']); $last_name = mysqli_real_escape_string($_POST['lastname']); $email = mysqli_real_escape_string($_POST['email']); $select_poem_type = mysqli_real_escape_string($_POST['selectpoemtype']); $key_names = mysqli_real_escape_string($_POST['keynames']); $specific_words = mysqli_real_escape_string($_POST['specificwords']); $poem_is_for = mysqli_real_escape_string($_POST['poemisfor']); $relationship = mysqli_real_escape_string($_POST['relationship']); $occasion = mysqli_real_escape_string($_POST['occasion']); $over_all_message = mysqli_real_escape_string($_POST['overallmessage']); $anything_else = mysqli_real_escape_string($_POST['anythingelse']); http://www.php.net/manual/en/mysqli.real-escape-string.php Zane Link to comment Share on other sites More sharing options...
tuxandpucks Posted August 16, 2011 Author Share Posted August 16, 2011 Thank you for taking the time to correct me. I will give this a try tonight. Randy The quotes for your query seem all messed up and mismatched. You also don't need to concatenate anything. Here it is fixed: $query = "INSERT INTO poem_orders (firstname, lastname, email, selectpoemtype, keynames, specificwords, poemisfor, relationship, occasion, overallmessage, anythingelse) VALUES ('$first_name', '$last_name', '$email', '$select_poem_type' '$key_names', '$specific_words', '$poem_is_for', '$relationship', '$occasion', '$over_all_message', '$anything_else')"; Also note that your query is wide open to SQL injection. It seems you are also not executing your query. You are defining your query, but I see nothing that executes it. I'm not familiar with mysqli as I mainly use PDO, but try adding this just before your query definition: mysqli_select_db($dbc, 'database'); and add this just after your query definition: $success = mysqli_query($query); // if query was successful, display message to user: if($success) { echo 'Thank you, ' . $firstname . $lastname; echo 'Thanks for submitting the form.<br />'; echo ' Poem Type: ' . $selectpoemtype; echo ' Key names to include: ' . $keynames . '<br />'; echo 'Specific Words To Include: '. $specificwords . '<br />'; echo 'Poem is for: ' . $poemisfor . '<br />'; echo 'Relationship: ' . $relationship . '<br />'; echo 'Occasion: ' . $occasion . '<br />'; echo 'Overall Message: ' . $overallmessage . '<br />'; echo 'You also added: ' . $anything_else; } else { echo 'Error: Query failed.'; } While it's best to use prepared statements, you can just do this to prevent SQL injection: $email = "myemail@gmail.com"; // Email to notify on error $first_name = mysqli_real_escape_string($_POST['firstname']); $last_name = mysqli_real_escape_string($_POST['lastname']); $email = mysqli_real_escape_string($_POST['email']); $select_poem_type = mysqli_real_escape_string($_POST['selectpoemtype']); $key_names = mysqli_real_escape_string($_POST['keynames']); $specific_words = mysqli_real_escape_string($_POST['specificwords']); $poem_is_for = mysqli_real_escape_string($_POST['poemisfor']); $relationship = mysqli_real_escape_string($_POST['relationship']); $occasion = mysqli_real_escape_string($_POST['occasion']); $over_all_message = mysqli_real_escape_string($_POST['overallmessage']); $anything_else = mysqli_real_escape_string($_POST['anythingelse']); Zane Link to comment Share on other sites More sharing options...
Lou Posted August 16, 2011 Share Posted August 16, 2011 You need to actually execute the query. $insert = mysqli_query($dbc, $query); Your query is not correct though. Follow the previous person's advice and fix that query. I like to run my queries through the mysql monitor or phpmyadmin before trying it in php code. That may help you out. You also don't have to run that mysqli_select_db function, you already selected the database in your mysqli_connect function. 1 Link to comment Share on other sites More sharing options...
Recommended Posts