Hi, I have put together a fairly basic form that should submit to the database. The problem is when submit is pressed it doesnt do anything, the submit button seems de-active? <?php require_once('db.inc.php'); if (isset($_POST['submit'])){ //change all the post to variables $url=$_POST['url']; $email=$_POST['email']; $title=$_POST['title']; $address=$_POST['address']; $telephone=$_POST['telephone']; $fax=$_POST['fax']; $description=$_POST['description']; if ($url=="" || $email=="" || $title=="" || $address=="" || $height=="" || $telephone=="" || $description==""){ $errors .= "<span class=\"red\">All fields marked with '*' are required to be filled up.</span>\n"; $error = true; } if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$email)){ $errors .= "<span class=\"red\">Email is not valid.</span>\n"; $error = true; } //send the email $title="mysite.com(ADD URL)"; $youremail="info@myemail.com"; $body="Data:<br><br>URL: $url<br>Email: $email<br>Title: $title<br>Address: $address<br>Telephone: $telephone<br>Fax: $fax<br>Description: $description"; mail($youremail,$title,$body,"From:$email\r\nReply-to: $email\r\nContent-type: text/html; charset=us-ascii") or die("oops! mail is not sent."); $x5=1; $query = "INSERT INTO add_url (id, url, email, title, address, telephone, fax, description) VALUES (NULL, '$url', '$email', '$title', '$address', '$telephone', '$fax', '$description')"; } ?> <table width="229" border="0" cellspacing="0" cellpadding="2"> <tr> <td width="54"><span class="style19">URL*:</span></td> <td width="146"><input name="url" type="text" id="url" value="<?=$url?>" size="20" /></td> </tr> <tr> <td><span class="style19">Email*:</span></td> <td><input name="email" type="text" id="email" value="<?=$email?>" size="20" /></td> </tr> <tr> <td class="style19">Title*:</td> <td><input name="title" type="text" id="title" value="<?=$title?>" size="20" /></td> </tr> <tr> <td class="style19">Address*:</td> <td><input name="address" type="text" id="address" value="<?=$address?>" size="20" /></td> </tr> <tr> <td class="style19">Telephone*:</td> <td><input name="telephone" type="text" id="telephone" value="<?=$telephone?>" size="20" /></td> </tr> <tr> <td class="style19">Fax:</td> <td><input name="fax" type="text" id="fax" value="<?=$fax?>" size="20" /></td> </tr> <tr> <td class="style19">Description*:</td> <td><textarea name="description" cols="20" rows="2" id="description"><?=$description?> </textarea></td> </tr> <tr> <td class="style19"><input name="submit" type="submit" id="submit" value="submit" /></td> <td> </td> </tr> </table> PHP:
You haven't defined the form itself anywhere in your html. You need to add the following open/close form tags around your table: <form action="" method="post"> <!-- TABLE html code from your code snippet goes here --> </form> PHP: Now the $_POST variables will be set in php.
Oh yes ofcourse, <form method="POST" action="index.php"> After fixing the form and clicking submit it goes to my email when submitted but when i check the database its not there? any ideas why? It all looks correct in the database?
It's 3am for me right now, so I don't think I can really analyze any more code right now, BUT... You really really REALLY need to sanitize your $_POST variables, especially since you're inserting them into an email (open to a header injection attack), displaying them on a web page (open to a form field injection attack) and into a database (open to a sql injection attack). At a minimum, you need to wrap the data going into mysql in mysql_real_escape_string() calls, strip any "\r\n\" input from anything going into your email, and wrap the variables being redisplayed in your form in htmlentities() calls to escape html characters. To give you a small idea, take a look at this article about email header injections over at SecurePHP: http://www.securephpwiki.com/index.php/Email_Injection
Your not actually doing the query you have only set it to a variable but not executed it. Just add after the $query, mysql_query($query) or die (mysql_error());
HuggyCT2 for the win As I mentioned in my previous post, you should sanitize your inserted variables. At the very least, use this code to construct your sql statement: $query = "INSERT INTO add_url (id, url, email, title, address, telephone, fax, description) VALUES (NULL, " . mysql_real_escape_string($url) . ',' . mysql_real_escape_string($email) . ',' . mysql_real_escape_string($title) . ',' . mysql_real_escape_string($address) . ',' . mysql_real_escape_string($telephone) . ',' . mysql_real_escape_string($fax) . ',' . mysql_real_escape_string($description . ')'; PHP: