Member Avatar for ashley9210_2

Hi there I am trying to add some data from a form into a MySQL database and it doesn't seem to been working. Any help would be appreciated.

PHP
<?php
if(isset($_POST['add']))
{
$dbhost = 'localhost';
$dbuser = '';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
  die('Could not connect: ' . mysql_error());
}

$businessname = $_POST['businessname'];
$businessgenre = $_POST['businessgenre'];
$shortbusinessdescription = $_POST['shortbusinessdescription'];
$longbusinessdescription = $_POST['longbusinessdescription'];
$businesswebsiteaddress = $_POST['businesswebsiteaddress'];
$businessphonenumber = $_POST['businessphonenumber'];
$businesscontactemail = $_POST['businesscontactemail'];
$businesstags = $_POST['businesstags'];


$sql = "INSERT INTO database ".
       "(businessname, businessgenre, shortbusinessdescription, longbusinessdescription, businesswebsiteaddress, businessphonenumber, businesscontactemail, businesstags) ".
       "VALUES ".
       "('$businessname','$businessgenre','$shortbusinessdescription', '$longbusinessdescription', '$businesswebsiteaddress', '$businessphonenumber', '$businesscontactemail', '$businesstags')";
mysql_select_db('armannwe_bakery');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}
else
{
?>

<?php
}
?>
HTML
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form name="form1" method="post" action="insert_ac.php">
<table width="100%" border="0" cellspacing="1" cellpadding="3">

<tr>
<td colspan="3"><strong>Add your business for a free listing today </strong></td>
</tr>

<tr>
<td width="71">Business Name</td>
<td width="6">:</td>
<td width="301"><input name="businessname" type="text" id="businessname"></td>
</tr>

<tr>
<td>Business Genre</td>
<td>:</td>
<td><input name="businessgenre" type="text" id="businessgenre"></td>
</tr>

<tr>
<td>Short Business Description</td>
<td>:</td>
<td><input name="shortbusinessdescription" type="text-area" id="shortbusinessdescription"></td>
</tr>

<tr>
<td>Long Business Description</td>
<td>:</td>
<td><input name="longbusinessdescription" type="text-area" id="longbusinessdescription"></td>
</tr>

<tr>
<td>businesswebsiteaddress</td>
<td>:</td>
<td><input name="businesswebsiteaddress" type="text" id="businesswebsiteaddress"></td>
</tr>

<tr>
<td>businessphonenumber</td>
<td>:</td>
<td><input name="businessphonenumber" type="text" id="businessphonenumber"></td>
</tr>

<tr>
<td>businesscontactemail</td>
<td>:</td>
<td><input name="businesscontactemail" type="text" id="businesscontactemail"></td>
</tr>

<tr>
<td>businesstags</td>
<td>:</td>
<td><input name="businesstags" type="text" id="businesstags"></td>
</tr>

<tr>
<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
  • 3 Contributors
  • 2 Replies
  • 167 Views
  • 19 Hours Discussion Span
  • Latest Post Latest Post by broj1
Member Avatar for mattster

For a start, remember mysql_* functions are outdated in PHP now, so a much better idea to use mysqli_ or PDO. There is also no need to open and close PHP tags (e.g. line 38 + 40), and no need to have an empty else{} statement.

Next, your script is hopelessly insecure. You need to have a qucik read up on SQL injection, as none of the variables are being sanitized.

At the top of your script you have isset($_POST['add']), yet there is no "add" field in your form, so none of the rest of the code will execute.

Member Avatar for broj1

Your script might work if you change line 2 to:

if(isset($_POST['Submit']))

since you usualy check whether the form was submited (but this is more or less just a guess).

However, do take seriously above notes about security.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.