PHP MySql Forms

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am new to mysql and php. I am trying to learn this in order to
implement a web based database to keep track of camera inventory along
with RMA and cost information. I am not sure what I am doing wrong
with this.

I am trying to set this up so that when someone hits submit it enters
the information into the database.

I would also like to find a way to get it to append the information as
well. I have no prior html, php, or mysql experience.

// database connection
mysql_connect("localhost", "username", "password") or
mysql_select_db("cameradb") or die(mysql_error());

//$query definition
$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
CAM_Name, RMA_Number, RMA_Description,
RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, RMA_Cost)

 '$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
'$_post[RMA_Number]', '$_post[RMA_Description]',
 '$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
'$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',


//form definition and assigning variables
 <form action ="<?php mysql_query($query) ?>" method="post">
 <p>Camera Serial Number: <input type="text" name="SN" /></p>
 <p>Mac Adress: <input type="text" name="Mac_adress" /></p>
 <p>Camera Types: <input type="text" name="cam_type" /></p>
 <p>Camera Loacation: <input type="text" name="cam_location" /></p>
 <p>Camera Name: <input type="text" name="cam_name" /></p>
 <p>RMA Number: <input type="text" name="RMA_Number" /></p>
 <p>RMA Description: <input type="text" name="RMA_Description" /></p>
 <p>RMA Request Date: <input type="text" name="RMA_Req_date" /></p>
 <p>RMA Recieve Date: <input type="text" name="RMA_Rec_date" /></p>
 <p>RMA Ship Date: <input type="text" name="RMA_Ship_Date" /></p>
 <p>RMA Return Date: <input type="text" name="RMA_Return_date" /></p>
 <p>RMA Cost: <input type="text" name="RMA_Cost" /></p>
 <p><input type="submit" /></p>



Re: PHP MySql Forms wrote:

Quoted text here. Click to load it

To begin with, variables are case-sensitive in PHP. That is, $_POST and
$_post are two very different things. Here you go:

function escaped_post ($key)
    if (!isset($_POST[$key]))
        return 'NULL';

    if (is_numeric($_POST[$key]))
        return $_POST[$key];

    $value = $_POST[$key];
    if (get_magic_quotes_gpc())
        $value = stripslashes($value);
    $value = mysql_real_escape_string($value);
    return "''";

$query = sprintf("INSERT INTO cameras (SN, MAC_Adress, CAM_Type, "
            . "CAM_Location, CAM_Name, RMA_Number, "
            . "RMA_Description, RMA_Req_Date, "
            . "RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, "
            . "RMA_Cost) "
        . "VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s);",

Toby A Inkster BSc (Hons) ARCS
Geek of ~ HTML/SQL/Perl/PHP/Python/Apache/Linux

Re: PHP MySql Forms wrote:
Quoted text here. Click to load it

A couple of things.

First of all, it is $_POST, not $_post - case sensitive.

And you need to ALWAYS VALIDATE input from the user.  Don't just  
"assume" the data are correct.

Finally, all strings should be processed with mysql_real_escape_string()  
before being inserted into the database - among other things it takes  
care of apostrophes in the text - but also helps protect you if someone  
tries some bad data (google for "SQL injection").

Something like:

$sn = $_POST['SN'];
... validate here
$macaddr = $_post[MAC_Adress];
... validate
(or get each one locally and validate it)


$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, " .
    "CAM_Location, CAM_Name, RMA_Number, RMA_Description, " .
    "RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, " .
    "RMA_Cost) " .
    "VALUES ('" . mysql_real_escape_string($sn) . "', '" .
         mysql_real_escape_string($macaddr) . "', '" .


If course there are other ways to handle the actual syntax - but you get  
the idea.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline