John R. Sims, Jr. wrote:
> <?php
[snip * - not even gunna bother]
> </HTML>

Okay, quick/proper fixes 1 - 4:

1) you never open a <FORM> element, you only close it - you'll be wanting one, probably with a method="POST".

2) you should quote your array indices... just because php will evaluate them as themselves doesn't mean it's a good thing to rely on.
wrong: ($_POST[master_id] == "")) {
right: ($_POST['master_id'] == "")) {

3) you should similarly quote and curly group for the mysql queries.
$add_master = "insert into client values ($_POST[fname]', '$_POST[lname]')";
$add_master = "insert into client values ('{$_POST['fname']}',

4) also, all of your queries are doing inserts - they're not specifying the fields they are to insert into, and I'm sure many of them should in fact be UPDATE statements. You'll want to fix that before your data gets *too* sparse.


Once that's all fixed, go to step 5.


5) rewrite all the database accesses to prevent people from doing sql injection attacks and ruining everything.

- Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257
The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital.

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to