Jump to content

Inserting Data into a MySQL Database


Imoddedu
 Share

Recommended Posts

I get this error:

Notice: Undefined index: userName in C:\Program Files (x86)\EasyPHP-5.3.3.1\www\SearchWiDe\contact.php on line 10Notice: Undefined index: userEmail in C:\Program Files (x86)\EasyPHP-5.3.3.1\www\SearchWiDe\contact.php on line 11Notice: Undefined index: userCat in C:\Program Files (x86)\EasyPHP-5.3.3.1\www\SearchWiDe\contact.php on line 12Notice: Undefined index: userText in C:\Program Files (x86)\EasyPHP-5.3.3.1\www\SearchWiDe\contact.php on line 13

A session is started in header.phpconfig.php contains the MySQL connection detailsI think it has something to do where I set my variables = to the $_POST ones.

<?php include("header.php"); ?><?php include("config.php"); $conn = mysql_connect($dbhost,$dbuser,$dbpass)or die ('Error connecting to mysql');?><?php $error = 0; ?><?php		$name = $_POST['userName'];		$email = $_POST['userEmail'];			$category = $_POST['userCat'];			$text = $_POST['userText'];			$ip = $_SERVER['REMOTE_ADDR'];if($_POST) {		// Error Messages		if($name == NULL) {		$error = 1;		}		elseif($email == NULL) {		$error = 2;		}		elseif($text == NULL) {		$error = 3;		}} else {$query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip');");mysql_query($query);$error = 99;}?><div style="margin-left: 300px;"><h2>Contact Form</h2><p>fdhfhdhsf</p><?php if ($error == 1) { echo "<div class='ui-widget'><div class='ui-state-error ui-corner-all' style='padding: 0 .7em;'> <p><span class='ui-icon ui-icon-alert' style='float: left; margin-right: .3em;'></span> <strong>Error:</strong> You didn't fill out the <b>name</b> field!</p></div></div>"; }elseif ($error == 2) { echo "<div class='ui-widget'><div class='ui-state-error ui-corner-all' style='padding: 0 .7em;'> <p><span class='ui-icon ui-icon-alert' style='float: left; margin-right: .3em;'></span> <strong>Error:</strong> You didn't fill out the <b>email</b> field!</p></div></div>"; }elseif ($error == 3) { echo "<div class='ui-widget'><div class='ui-state-error ui-corner-all' style='padding: 0 .7em;'> <p><span class='ui-icon ui-icon-alert' style='float: left; margin-right: .3em;'></span> <strong>Error:</strong> You didn't fill out the <b>type</b> field!</p></div></div>"; }elseif ($error == 99) {echo "<div class='ui-state-highlight ui-corner-all' style='margin-top: 20px; padding: 0 .7em;'> 				<p><span class='ui-icon ui-icon-info' style='float: left; margin-right: .3em;'></span>				Thanks! You will recieve a confirmation and follow up email shortly.</p>			</div>";}?>		<form  method="post" action="contact.php"><table><tr id="userName"><td><h4>Name:</h4></td><td><input type="text" name="userName" id="userNameField" size="31" style="background: #dbdbdb; border: 1px solid #474747" /></td></tr><tr id="userEmail"><td><h4>Email:</h4></td><td><input type="text" name="userEmail" id="userEmailField" size="31" style="background: #dbdbdb; border: 1px solid #474747" /></td></tr><tr id="userCat"><td><h4>Category:</h4></td><td><select name="userCat" id="userNameField" style="background: #dbdbdb; border: 1px solid #474747"><option>hfd</option><option>dfh</option><option>dhfd</option><option>dhfd</option></select></td></tr><tr id="userText"><td><h4>Type:</h4></td><td><textarea name="userText" id="userTextField" rows="7" cols="70" style="background: #dbdbdb; border: 1px solid #474747"></textarea></td></tr><tr id="userSubmit"><td></td><td><input type="submit" name="submit" value="Submit" style="background: #dbdbdb; border: 1px outset #d97c03; color: #000000;" /></td></tr></table></form></div><?php include("footer.php"); ?></div></body></html>

Edited by Imoddedu
Link to comment
Share on other sites

I tried something...but I'm afraid it didn't work. Do I have things in the wrong places?

if(isset($_POST['userName']) && ($_POST['userEmail']) && ($_POST['userCat']) && ($_POST['userText'])) {if($_POST) {		$name = $_POST['userName'];		$email = $_POST['userEmail'];			$category = $_POST['userCat'];			$text = $_POST['userText'];			$ip = $_SERVER['REMOTE_ADDR'];		// Error Messages		if($name == NULL) {		$error = 1;		}		elseif($email == NULL) {		$error = 2;		}		elseif($text == NULL) {		$error = 3;		}} else {$query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip');");mysql_query($query);$error = 99;}}else {}

Link to comment
Share on other sites

You want to use the isset() on all $_POST vars such as;

 if (isset($_POST['userName']) &&    isset($_POST['userEmail']) &&    isset($_POST['userCat']) &&    isset($_POST['userText'])) {   ...do your stuff here}

Edited by Gerry H
Link to comment
Share on other sites

sort of, you've kind of got thing's a little mixed up

if(isset($_POST['userName']) && ($_POST['userEmail']) && ($_POST['userCat']) && ($_POST['userText'])) {  $name = $_POST['userName'];  $email = $_POST['userEmail'];	  $category = $_POST['userCat'];	  $text = $_POST['userText'];	  $ip = $_SERVER['REMOTE_ADDR'];  //connect to db first of course  $query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip');");  mysql_query($query);} else {   // Error Messages  if($_POST['name'] == "") {	$error = 1;  }elseif($_POST['email'] == "") {	$error = 2;  }elseif($_POST['text'] == "") {	$error = 3;  };};

Link to comment
Share on other sites

It's not really necessary to check if all 4 variables are set, if any one of them is set then the form was submitted.
You are 100% correct, however I prefer to do that in case there are other post calls from other pages to this script with different vars.
Link to comment
Share on other sites

sort of, you've kind of got thing's a little mixed up
if(isset($_POST['userName']) && ($_POST['userEmail']) && ($_POST['userCat']) && ($_POST['userText'])) {  $name = $_POST['userName'];  $email = $_POST['userEmail'];	  $category = $_POST['userCat'];	  $text = $_POST['userText'];	  $ip = $_SERVER['REMOTE_ADDR'];  //connect to db first of course  $query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip');");  mysql_query($query);} else {   // Error Messages  if($_POST['name'] == "") {	$error = 1;  }elseif($_POST['email'] == "") {	$error = 2;  }elseif($_POST['text'] == "") {	$error = 3;  };};

I tried using this (which is basically what you had). And received this error: Notice: Undefined variable: name in C:\Program Files (x86)\EasyPHP-5.3.3.1\www\SearchWiDe\contact.php on line 23I thought $name was already given a value?
if(isset($_POST['userName']) && ($_POST['userEmail']) && ($_POST['userCat']) && ($_POST['userText'])) {  $name = $_POST['userName'];  $email = $_POST['userEmail'];	  $category = $_POST['userCat'];	  $text = $_POST['userText'];	  $ip = $_SERVER['REMOTE_ADDR'];  // Insert into DB  $query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip');");  mysql_query($query);  $error = 99;} else {   // Error Messages  if($name == "") {	$error = 1;  } elseif($email == "") {	$error = 2;  } elseif($text == "") {	$error = 3;  };}

Link to comment
Share on other sites

It's only given a value in the if part, not the else part. You may want to start, before the if, by setting everything to an empty string first.
I added
$name = "";$email = "";$category = "";$text = "";

before the IF statement, but now it displays the $error = 1 message I have.

Do I have to learn this too in the future?
If you want your web pages to communicate with a server and do cool things, yes :)
Link to comment
Share on other sites

Your else is kind of in the wrong place. You should have all of those if statements checking for errors after you get the values and before you do the query. Start $error off at 0 also. After you get the values and validate, check if $error is 0 before you do the query, if it's not 0 then there was an error.

Link to comment
Share on other sites

Your else is kind of in the wrong place. You should have all of those if statements checking for errors after you get the values and before you do the query. Start $error off at 0 also. After you get the values and validate, check if $error is 0 before you do the query, if it's not 0 then there was an error.
Alright, now I have this:When I fill in everything BUT the "Name" field, it gives me an error. Then when I don't fill in the email field, or text field, or anything it all, and I submit, it just basically refreshes the page. Even when I fill in everything and it gives me the "ok" no records show up in the MySQL database. Is there something wrong with the MySQL query now?
<?php$error = 0;$name = "";$email = "";$category = "";$text = "";if(isset($_POST['userName']) && ($_POST['userEmail']) && ($_POST['userCat']) && ($_POST['userText'])) {  $name = $_POST['userName'];  $email = $_POST['userEmail'];	  $category = $_POST['userCat'];	  $text = $_POST['userText'];	  $ip = $_SERVER['REMOTE_ADDR'];	 // Error Messages  if($name == "") {	$error = 1;  } elseif($email == "") {	$error = 2;  } elseif($text == "") {	$error = 3;  }  if ($error == 0) {  // Insert into DB  $query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip')");  mysql_query($query);  $error = 99;}} ?>

Link to comment
Share on other sites

First, if you want to check for everything being set you need to use isset every time, not just once:

if(isset($_POST['userName']) && isset($_POST['userEmail']) && isset($_POST['userCat']) && isset($_POST['userText'])) {

Also, make sure you're checking for errors with MySQL:mysql_query($query) or exit(mysql_error());You should also be using mysql_real_escape_string when you put those values into the query, right now if you have a single quote in any of your fields it will cause the query to fail.http://www.php.net/manual/en/function.mysq...cape-string.php

Link to comment
Share on other sites

if(isset($_POST['userName'],$_POST['userEmail'],$_POST['userCat'],$_POST['userText'])) {}

you can also do something like this. if you want to check all the variable is set or not. It will only return true if all of the variable is set. if atleast one among them is not being set. it will return false.more details here http://php.net/function.isset

Link to comment
Share on other sites

First, if you want to check for everything being set you need to use isset every time, not just once:
if(isset($_POST['userName']) && isset($_POST['userEmail']) && isset($_POST['userCat']) && isset($_POST['userText'])) {

Also, make sure you're checking for errors with MySQL:mysql_query($query) or exit(mysql_error());You should also be using mysql_real_escape_string when you put those values into the query, right now if you have a single quote in any of your fields it will cause the query to fail.http://www.php.net/manual/en/function.mysq...cape-string.php

That exit(mysql_error()); really helps!
$error = 0;$name = "";$email = "";$category = "";$text = "";if(isset($_POST['userName']) && isset($_POST['userEmail']) && isset($_POST['userCat']) && isset($_POST['userText'])) {  $name = $_POST['userName'];  $email = $_POST['userEmail'];	  $category = $_POST['userCat'];	  $text = $_POST['userText'];	  $ip = $_SERVER['REMOTE_ADDR'];    /* $name = mysql_real_escape_string($name);  $email = mysql_real_escape_string($email);  $text = mysql_real_escape_string($text); */	 // Error Messages  if($name == "") {	$error = 1;  } elseif($email == "") {	$error = 2;  } elseif($text == "") {	$error = 3;  }  if ($error == 0) {  // Insert into DB  $query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip')");  mysql_query($query) or exit(mysql_error());  $error = 99;}} ?>

Did I use the mysql_real_escape_string right?

Link to comment
Share on other sites

New problem. Now that I think I got mysql_real_escape_string working, I tried to check to see if the email is valid. I keep recieving this error if I don't put in anything for the "email" field:

Notice: Undefined offset: 1 in C:\Program Files (x86)\EasyPHP-5.3.3.1\www\SearchWiDe\contact.php on line 35

here is the code, reworked:

<?php$error = 0;$name = "";$email = "";$category = "";$text = "";if(isset($_POST['userName']) && isset($_POST['userEmail']) && isset($_POST['userCat']) && isset($_POST['userText'])) {  $name = $_POST['userName'];  $email = $_POST['userEmail'];	  $category = $_POST['userCat'];	  $text = $_POST['userText'];	  $ip = $_SERVER['REMOTE_ADDR'];    $name = mysql_real_escape_string($name);  $email = mysql_real_escape_string($email);  $text = mysql_real_escape_string($text);	 // Error Messages  if ( filter_var($email, FILTER_VALIDATE_EMAIL)  == TRUE) {  $email = mysql_real_escape_string($email);  }  else {	$error = 4;  }  // Filter and Split Email    $splitemail = explode('@', $email);  if(checkdnsrr("$splitemail[1]")) {	 $email = mysql_real_escape_string($email);  }  else {	$error = 4;  }  if($name == "") {	$error = 1;  } elseif($email == "") {	$error = 2;  } elseif($text == "") {	$error = 3;  }   if ($error == 0) {  // Insert into DB  $query = sprintf("INSERT INTO contact(name,email,category,text,ip) VALUES ('$name','$email','$category','$text','$ip')");  mysql_query($query) or exit(mysql_error());  $id = mysql_insert_id();  $result = mysql_query("SELECT * FROM users WHERE id = '$id'");  $to = $email;				$subject = 'dffdhdsfhdf ';				$message = "<p>sdfhfdhdsfhsf</p><p><a href='http://example.com/confirm.php?id=$result'>below</a></p>";				$headers = 'From: webmaster@example.com' . "\r\n" .						   'Content-type: text/html; charset=iso-8859-1' . "\r\n";				mail($to,$subject,$message,$headers);				  $error = 99;}} ?>

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...