I have written a script which should submit a form to my database however its not working. Could someone please tell me what I have done wrong. Im not very sure about this part of the code: if($_SERVER['REQUEST_METHOD']=='POST') { $qur="insert into `links`(`moviename`,`divxurl`,`imdb`,`imageurl`,`backlink`)values ('".$_POST['$moviename']."','".$_POST['$divxlink']."','".$_POST['$imdblink']."','".$_POST['$imageurl']."','".$_POST['$backlink']."', now())"; $res=mysql_query( $qur ); } PHP: Also, is the database connecting part all correct? The Full Code: <?php ////////////////////////////////////////// //// MySQL Database Connection /////////// ////////////////////////////////////////// $host = "localhost"; $user = "theflick_divx"; $db_name= "theflick_divx"; $pass= "password"; $conn = mysql_connect($host, $user, $pass) or die(mysql_error()); mysql_select_db($db_name, $conn) or die(mysql_error()); //DivX Table echo "<form method=post name=\"divxsubmit\" target=\"_self\" id=\"divx\"> <label> Movie Name: <input name=\"moviename\" type=\"text\" value=\"moviename\" size=\"31\" maxlength=\"30\" /> </label> <br /> <label> Divx Link :<input name=\"divxlink\" type=\"text\" value=\"divxlink\" size=\"34\" maxlength=\"1000\" /> </label> <br /> <label> IMDB Link:<input name=\"imdblink\" type=\"text\" value=\"imdblink\" size=\"33\" maxlength=\"50\" /> </label> <br /> <label> Image URL:<input name=\"imageurl\" type=\"text\" id=\"imageurl\" value=\"$imageurl\" size=\"33\" maxlength=\"100\" /> </label> <br /> <label> Optional Backlink:<input name=\"backlink\" type=\"text\" value=\"backlink\" size=\"27\" maxlength=\"100\" /> </label> <p><label></label> <label> <input name=\"$res\" type=\"submit\" id=\"$res\" value=\"Submit\"> </label> </p> </form>"; if($_SERVER['REQUEST_METHOD']=='POST') { $qur="insert into `links`(`moviename`,`divxurl`,`imdb`,`imageurl`,`backlink`)values ('".$_POST['$moviename']."','".$_POST['$divxlink']."','".$_POST['$imdblink']."','".$_POST['$imageurl']."','".$_POST['$backlink']."', now())"; $res=mysql_query( $qur ); } ?> PHP:
first of all you are using something like this "<input name=\"$moviename\" " this will output the value of $moviename (which is blank). so when you see the source code, you will see something like this <input name="" /> so, you cant get any value from post. and i should you give you some warning, which is really important. don't use the variables you get from post (or get, or cookie) directly in your queries. people can write anything, and change your queries. (at least use mysql_real_escape_string function) For more info, just google "sql injection". it is reallt important, dont just
Yeah I just realised I was using a blank function. I changed that, but it still didn't work. I don't really understand what you mean I will look up SQL injection. Hopefully that will answer some questions
Try this instead: if($_SERVER['REQUEST_METHOD']=='POST') { foreach ($_POST as $key => $value) { $$key = mysql_real_escape_string($value); } $qur="insert into `links`(`moviename`,`divxurl`,`imdb`,`imageurl`,`backlink`)values ('$moviename','$divxlink','$imdblink','$imageurl','$backlink')"; $res=mysql_query($qur); } PHP:
Well at least it is going into the database now however its not injecting the contents of the text box. It is just inputting moviename, divxurl, ect...
I tried it out and it worked for me. Are you sure you're editing the contents of the textboxes and not just leaving them at their default values?