Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 3 of 3
  1. #1
    Member
    Join Date
    Jan 2005
    Posts
    53
    Member #
    8598
    I am still such a newbie.

    I am trying to get a handle on inserting records into different table in a db.

    I have set up a student/course database. The tables are:
    STUDENT table: student_id(PK), username (unique), f_name, l_name, password, entry_date.
    COURSE table: course_id(PK), course_name (unique, course_date, student_id.

    (Please see attachment for the code)(Wow, the trouble I have had getting this posted!)

    The problem is that nothing is happening. The form displays but on 'submit' no records are
    inserted and the 'Entry Added' page doesn't come up.

    Can someone help. A big "Thank you" for any and all help.

  2.  

  3. #2
    Senior Member visualAd's Avatar
    Join Date
    Jan 2003
    Location
    Slough, UK
    Posts
    201
    Member #
    434
    I have looked through your script. The reason the form is not being processed is because you are checking for a non existent post variable $_POST['op']. The only variables which are available in the $_POST array from submitted forms are those from, INPUT, SELECT and TEXTAREA form elements in you the HTML form. You also made this error when getting the last insert id. The best way to check if the form was submitted is to check for the presence of one of named POST variables. You could for example use the SUBMIT button which you have appropriately named submit
    PHP Code:
    if (isset($_POST['submit'])) {
        
    /* process form */

    Overall though, its good to see you have checked that the variables have been submitted and used error checking with the mysql functions. However I'd like to give you a couple more pointers.
    • You need to ensure that you have escaped all your post variables. PHP has a setting called magic quotes which automatically make any submitted variables safe for database entry, however, if this option is turned off, your scripts can be vulnerable to SQL injections. A nasty which could see you database rendered useless, user names and passwords leaked or in the worst cases, system files overwritten. The [phpfunction]get_magic_quotes_goc[/phpfunction] function can be used to ascertain whether magic quotes is on and the [phpfunction]addslashes[/phpfunction] function can be used to escape the variables should it be turned off.
    • Even after correcting the $_POST variable check in your original script, the query will still fail to enter the correct information. This is because you have not properly embedded the variables inside your string. While normal variables can be embedded as follows:
      PHP Code:
      $mystirng "one two three $var_name"
      Arrays have to be embedded slightly differently:
      [php]
      $mystring = "one two three {$array['index']}";
    • Again, it is good to see that the bulk of your processing is done in the top part of the script and the script output, i.e.: the HTML is at the bottom of the script. However, I would like to extend this one step further. Including large sections or HTML in strings is not good practice. It makes the code hard to read and means that you have to escape every single quote. A better approach would keep any output directives to minimum while processing your form.

    With these points considered, I have re-written your script making the necessary corrections. I have also taken the processing and put it into a function - the function returns true if the form was successfully processed and the entry added and false otherwise - if an error occurred the $error variable is set.

    Finally the output of the script is produced at the bottom - PHP's alternate templating like syntax is used here to ascertain whether or not the form was submitted and if it was whether the processing was successful.

    Hope this helps

  4. #3
    Member
    Join Date
    Jan 2005
    Posts
    53
    Member #
    8598
    Thank you very much, it was a great help... and all help is greatly appreciated.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 06:37 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com