[PHP-DB] Submitting data to MySQL database using HTML/PHP form

2011-02-20 Thread Nazish Zafar 
Hi there,

I am creating a login page for my website. The users' information will be
stored in a MySQL database. I have a registration form on my home page, and
a separate file called login.php to process the user values. However, the
entries are not going to the MySQL database (even though the values can be
entered successfully using the command line).

I'd appreciate your insight on why the form entries are not making their way
to the MySQL database. Much thanks in advance!

This is the code for the form in home.php:

form action='login.php' method='POST'
Username: input type='text' name='login'br
Password: input type='password' name='password'br
input type='submit' value='Submit'
/form

This is the code in login.php:

?php
// Connect to server and select database.
$host = localhost;
$user = root;
$mysql_pass = abc;
$db = directory;

mysql_connect($host, $user, $mysql_pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

// username and password sent to table user_info in mysql

$login = $_POST['login'];
$password = $_POST['password'];

// insert values into table called user_info

$insert = INSERT INTO user_info
(login, password)
VALUES
($login, $password);

mysql_query($insert);

?

I hope to develop the form further once the basic submission process has
been ironed out... Thanks again for any insight!

Re: [PHP-DB] Submitting data to MySQL database using HTML/PHP form

2011-02-20 Thread Daniel Brown 
On Sun, Feb 20, 2011 at 14:11, Nazish Zafar naz...@jhu.edu wrote:

 $insert = INSERT INTO user_info
 (login, password)
 VALUES
 ($login, $password);

You're using double-quotes to encapsulate your $insert variable
data, then never closing them.  What's more, you're also using
double-quotes to encapsulate each individual variable in the query.
Rewrite $insert to this:

$insert = INSERT INTO user_info(login,password)
VALUES('.mysql_real_escape_string($login).','.mysql_real_escape_string($password).');

-- 
/Daniel P. Brown
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] data formats

2011-02-20 Thread Richard Dunne 
I'm submitting form data which is a mixture of checkboxes and text inputs, some 
of which are integers and a couple text based.  I am retrieving the data as 
follows:
$var = (int)!empty($_POST['var']);  for checkboxes,
$var = (int)$_POST['var']; for integers and 
$var = mysql_real_escape_string($_POST['var']);
Is this correct?


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Submitting data to MySQL database using HTML/PHP form

2011-02-20 Thread Donovan Brooke 

Daniel Brown wrote:

On Sun, Feb 20, 2011 at 14:11, Nazish Zafarnaz...@jhu.edu  wrote:


$insert = INSERT INTO user_info
(login, password)
VALUES
($login, $password);


 You're using double-quotes to encapsulate your $insert variable
data, then never closing them.  What's more, you're also using
double-quotes to encapsulate each individual variable in the query.
Rewrite $insert to this:

 $insert = INSERT INTO user_info(login,password)
VALUES('.mysql_real_escape_string($login).','.mysql_real_escape_string($password).');



Look at that one more time Dan. ;-)

Donovan




--
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php