www.webdeveloper.com
Results 1 to 4 of 4

Thread: cannot get data to post to mysql with web form

  1. #1
    Join Date
    Nov 2009
    Posts
    8

    Exclamation cannot get data to post to mysql with web form

    I am trying to create something similar to a time clock. I have a web form that has several fields for integers. I want to be able to enter in these numbers and hit submit on my form and send off the data to the database I have created.

    For some reason when I press the submit button, nothing happens. What have I done wrong? Here is the code I have so far in my file cloudlog.php

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Flight Log</title>
    <style type="text/css">
    .container {
        width:1000px;
        margin: 0 auto;
    }
    </style>
    </head>

    <body>
    <div class="container">
    <form action="cloudlog.php" method="post">

      <table border="1" cellspacing="2" cellpadding="2">
        <tr>
          <th scope="col" width="75">SEL</th>
          <th scope="col" width="75">MEL</th>
          <th scope="col" width="75">Cross</th>
          <th scope="col" width="75">Day</th>
          <th scope="col" width="75">Night</th>
          <th scope="col" width="75">Act. Instr.</th>
          <th scope="col" width="75">Sim. Instr.</th>
          <th scope="col" width="75">Ground</th>
          <th scope="col" width="75">Dual Rec.</th>
          <th scope="col" width="75">Dual Given</th>
          <th scope="col" width="75">PIC</th>
          <th scope="col" width="75">FTD</th>
          <th scope="col" width="75">SIM</th>
          <th scope="col" width="75">SES</th>
          <th scope="col" width="75">MES</th>
          <th scope="col" width="75">Multi-Engine</th>
          <th scope="col" width="75">Total</th>
        </tr>
        <tr>
          <td><input name="sel" type="number" size="5" /></td>
          <td><input type="number" name="mel" size="5" /></td>
          <td><input type="number" size="5" name="crosscountry" /></td>
          <td><input type="number" size="5" name="day" /></td>
          <td><input type="number" size="5" name="night" /></td>
          <td><input type="number" size="5" name="actualinstrument" /></td>
          <td><input type="number" size="5" name="simulatedinstrument" /></td>
          <td><input type="number" size="5" name="groundschool" /></td>
          <td><input type="number" size="5" name="dualreceived" /></td>
          <td><input type="number" size="5" name="dualgiven" /></td>
          <td><input type="number" size="5" name="pilotincommand" /></td>
          <td><input type="number" size="5" name="ftd" /></td>
          <td><input type="number" size="5" name="sim" /></td>
          <td><input type="number" size="5" name="ses" /></td>
          <td><input type="number" size="5" name="mes" /></td>
          <td><input type="number" size="5" name="multiengine" /></td>
          <td><input type="number" size="5" name="total" /></td>
        </tr>
      </table>
      <div align="center"><br />

      <input name="Submit" type="button" value="Submit to Logbook" />
      </div>
    </form>

    <?php 

    if (isset ($_POST["Submit"])){
    $con mysql_connect ("host","username","password");
    if (!
    $con) {
        die (
    "something went wrong... mySQL Error:" mysql_error());
    }

    mysql_select_db("flightlogbook"$con);

    $sql "INSERT INTO logbook (SEL,MEL,CROSS,DAY,NIGHT,ACTUALINSTRUMENT,SIMULATEDINSTRUMENT,GROUNDSCHOOL,DUALRECEIVED,DUALGIVEN,PIC,FTD,SIM,SES,MES,MULTI,TOTAL) VALUES ('$_POST[sel]','$_POST[mel]','$_POST[crosscountry]','$_POST[day]','$_POST[night]','$_POST[actualinstrument]','$_POST[simulatedinstrument]','$_POST[groundschool]','$_POST[dualreceived]','$_POST[dualgiven]','$_POST[pilotincommand]','$_POST[ftd]','$_POST[sim]','$_POST[ses]','$_POST[mes]','$_POST[multiengine]','$_POST[total]')";

    mysql_query($sql$con);

    mysql_close($con);
    }
    ?>

    </div>

    </body>
    </html>

  2. #2
    Join Date
    Nov 2009
    Posts
    8
    So I got a little further. I was able to get it to work by changing the button type from "button" to "submit" however now when the page clears and I check my database nothing appears to have been saved.

  3. #3
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    803
    Start tracking your progress with echo statements and narrow down the possibilities

  4. #4
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,366
    Your problem #1 : <input type="number" size="5" name="total" />

    type is either text, hidden, button, submit, file or password.

    You also need to use mysql_real_escape_string() function to prepare your inputs too and you SHOULD NOT be using $_POST directly.

    You should have an array to sanitize the $_POST array in to and use the sanitized array to post your data.

    I whipped up this
    PHP Code:
    $con mysql_connect ("host","username","password") or die ("something went wrong... mySQL Error:" mysql_error());
    mysql_select_db("flightlogbook"$con);

    $fld = array('sel'=>'','mel'=>'','crosscountry'=>'','day'=>'','night'=>'','actualinstrument'=>'','simulatedinstrument'=>'',
    'groundschool'=>'','dualreceived'=>'','dualgiven'=>'','pilotincommand'=>'','ftd'=>'','sim'=>'','ses'=>'','mes'=>'',
    'multiengine'=>'','total'=>'');
    foreach( 
    $fld as $key=>$fval ){
        
    $fld[$key] = "'".mysql_real_escape_string(clean($_POST[$key]))."'";
        
    $field[$key] = strtoupper($key);
    }
    $sql "INSERT INTO logbook (" implode(",",$field).") VALUES('".implode("','",$fld)."');--";

    mysql_query($sql$con);
    mysql_close($con); 
    which is neither tested or guaranteed to work.

    the idea is to have an array of the field names as keys with no data and using it to fill with data that has been cleaned or sanitised and escaped at the same time using the secondary array to create an array of field names then using the load function to create a string for field names and full values sever the query can then be run.

    What you need is a function clean that will strip out things like slashes any extraneous spaces HTML characters that can be used to break the PHP script all for SQL injection.

    The script has not been tested as previously stated it is just an idea to help reduce the amount of code and allow you to manipulate field names if needed.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles