I got this code from a site i google'd. Its supposed to let you enter data into a database from a PHP page. I know that i had to change some things because I read they were out of date ( ex: $PHP_SELF ) so the code may have something wrong with the syntax.

When i fill out the form then click submit it just clears the form and stays on the page. I looked into my DB but i couldnt really find any data that was created. Could someone set this up real quick and test it, see if you get the same results.

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns = "http://www.w3.org/1999/xhtml">
   <head>
   <title>Testing Data Insertion</title>
   

	 

    </head>

<body>


	<form enctype="multipart/form-data" method="post"  action="<?php echo $_SERVER['PHP_SELF'] ?>">
year<br>
<input type="Text" name="year" size="25">
<br>
make<br>
<input type="Text" name="make" size="25">
<br>
model<br>
<input type="Text" name="model" size="25">
<br>
price<br>
<input type="Text" name="price" size="25">
<br>
picture<br>
<input type="File" name="picture" size="25">
<br><br>
<input type="submit" name="submit" value="Upload">
</form>

         <?php
	if ($submit) {
	    $db = mysql_connect
                   (
          	        "$localhost",
                   	"joeuser",
                     	"somepass"
                    );
	    mysql_select_db( 
	"$joesauto",$db); 
	    $sql =  
	"INSERT INTO joesauto (year,make,model,price,picture_name) ". 
	         
	"VALUES ('$year,$make,$model,$price,$picture_name')";     exec(
	"cp $picture images/$picture_name");
         echo  "year: $year<br>\n";
         echo "make: $make<br>\n";
         echo "model: $model<br>\n";
         echo "price: $price<br>\n";
         echo  "temp file: $picture<br>\n";
         echo  "file name: $picture_name<br>\n";
         echo "file size: $picture_size<br>\n";
         echo  "file type: $picture_type<br>\n";
         echo "<br>\n";
         echo "<img src=images/$picture_name><br>\n"; }
	 ?>


</body>

</html>

here's the DB

Code:

CREATE TABLE joesauto(
  year INT(4),
   make CHAR(20),
   model CHAR(20),
   price CHAR(15),
   picture_name CHAR(25)
   );

First of all, please take a more object orientated approach to your coding. You've included the database connect function in with the page code. This is an unsecure way of connecting and paves the way for heaps of redundant code in your application.

Create a php file called "db_conn.php" and place all db info in it. Save it in a folder which resides out of the public http directory.

e.g.

../../db_conn.php

PHP Code:


<?php

$host = "localhost";
$db = "joesauto";
$user = "joeuser";
$pass = "joepass";
$dbConn = mysql_pconnect($host, $user, $pass) or trigger_error(mysql_error(),E_USER_ERROR); 
?>

When you script a php page that requires a connection to the database, include the file at the beginning of the page script.

e.g.

PHP Code:


<?php

include('../../db_conn.php');

?>

Your connection to the database within the script is then simplified to a single line of code.

e.g. Database connection

PHP Code:


<?php

mysql_select_db($db, $dbConn);

?>

Its also good coding practice to not rely on global vars being registered as being ON. So convert your long POST values to short before you use them.

e.g.

PHP Code:


<?php

if(isset($_POST['submit'])){

$year = $_POST['year'];
$make = $_POST['make'];
// etc
}

?>

Your form processing script can also be much simpler.

e.g. At the top of the page, under the include, write the form processing.

PHP Code:


<?php

if(isset($_POST['submit'])){

// long to short

$year = $_POST['year'];
$make = $_POST['make'];
$model = $_POST['model'];
$price = $_POST['price'];
// etc

// do insert

$sql = 'INSERT INTO joesauto (year,make,model,price) '. 
             
    "VALUES ('" . $year . "',"."'" . $make . "','" . $model . "','" . $price . "')";

mysql_select_db($db, $dbConn);

$result = mysql_query($sql, $dbConn) or die(mysql_error());

//redirect user to page after successful record insert

$successfulRedirectURL = 'success.php';

header('Location: ' . $successfulRedirectURL);

exit();

}

?>

As far as what url to submit the form to, a simple <form name="formName" method="POST" action="#"> will suffice if the processing code is on the same page. Hope this helps a bit..

I'll test that out then post again. But it still didnt answer my question, or maybe i'm not reading everything right. Is the data actually being saved into te database or when i hit submit is it doing nothing?

I'm just learning PHP so i didnt plan to use this code on an actual site, but more of an outline to something i will create myself. I'll take into account the pointers you gave on keeping my database code in an outside file, makes alot of sense.

When i do create something myself with an online form how would i do this without someone logging into a site. The form i plan to create is just going to be more of a "heads up" to the company that they know someone is interested in what they offer. Would i write the insertion code on the outside page then just have it connect to the DB from a username with insertion rights only? I dont think using root would be a good idea since someone would find a way to connect then have all rights to everything.

Here's the form i plan to use just to give you an idea of what i'm trying to do.

http://www.geocities.com/rsdmeangunz...formation.html

Thanks for writing out what you did write out, I usually learn alot more looking at someone's code and knowing what its supposed to do rather than reading some article online with a bunch of syntax.

Well actually you didn't ask any question, just if someone could repeat what you tried to do and see if they get the same results. The code you posted suffers from the problems I outlined above. If you have any further questions about what your trying to do specifally, please ask.

As for whether the data is being saved, does it insert the data when you hit submit? Have you looked at the records in your database to test this yet? As far as user permissions go, yes - dont use root for web page connections, create another user with insert, update, delete and select permissions only.

When i use the code i fist put in it just clears the form. I cant seem to find anything in the DB thats being added.

Sounds like you ought to test your connection to the db.

Follow the directions in my original post to write your connection script "dbConn.php".

Copy the code below and paste into a new file, save it as "dbTest.php" in the same folder as dbConn.php. Then point your browser to it and see whether you get a successful connection.

PHP Code:

<?php
require_once("dbConn.php");
$dbcheck = mysql_select_db($db, $dbConn);
?>
<html>
<head>
<style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>
</head>
<body>
<?php
if (!$dbcheck) {
        $mysqlConnError = mysql_error();
?>
<p class="style2">Connection to the db failed!</p>
<p>Mysql Error Msg: <?php echo $mysqlConnError; ?></p>
<p>Please check your values in dbConn.php </p>
<?php
} else {
?>
<p>You've made a successful connection to the db with the following settings:</p>
<ul>
    <li>Host name: <?php echo $host; ?></li>
    <li>Database: <?php echo $db; ?></li>
    <li>User name: <?php echo $user; ?></li>
    <li>Password: ******</li>
</ul>
<?php } ?>
</body>
</html>

You've made a successful connection to the db with the following settings:

Host name: localhost
Database: joesauto
User name: joeuser
Password: ******


I'm on my way! i'll have alot of time this week with the summer vacation to work on this so i'lll try to mak myself working forms saving to a DB. Thx for helpin metho

One small question is this line:

mysql_connect($host,$user,$pass) or die(mysql_error());

outdated? i noticed you do not have the or die(mysql_error()); but instead using or trigger_error(mysql_error(),E_USER_ERROR); which i imagine does the same thing. Or is "or die" not outdated but just used when working with a certain sql?

The trigger_error line is used for better security in that particular case; it helps not to have your scripts outputting sensitive error messages to the browser. die() is really the same as exit(), no difference.