hi guys, as i am new to php so i was making a simple script which will take the data from text field and send it to the database but the data is not inserting in table.i don't know why please check. here is the coding of form. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>ADD Records</title> </head> <body> <form action="addresults.php" method="post"> <table align="center" border="1"> <? if(isset($_POST['Submit'])) { echo "<tr align=\"center\"><td colspan=2>Records Added, ADD Another</td></tr>"; } ?> <tr align="center"> <td colspan="2"><strong>::ENTER DATA IN RESPECTIVE FIELDS::</strong></td> </tr> <tr align="center"> <td width="104"><strong>Roll Number</strong></td> <td width="316"><input type="text" name="rollno" /></td> </tr> <tr align="center"> <td><strong>Name</strong></td> <td><input type="text" name="uname" /></td> </tr> <tr align="center"> <td><strong>Maths</strong></td> <td><input type="text" name="maths" /></td> </tr> <tr align="center"> <td><strong>Physics</strong></td> <td><input type="text" name="physics" /></td> </tr> <tr align="center"> <td><strong>Chemistry</strong></td> <td><input type="text" name="chemistry" /></td> </tr> <tr align="center"> <td><strong>English</strong></td> <td><input type="text" name="english" /></td> </tr> <tr align="center"> <td><strong>Hindi</strong></td> <td><input type="text" name="hindi" /></td> </tr> <tr align="center"> <td colspan="2"><input type="submit" name="Submit" /></td> </tr> </table> </form> </body> </html> Code (markup): and here is the script which recieves the data (addresults.php) <?php $connect = mysql_connect("localhost","root","******") or die(mysql_error()); $db = mysql_select_db("test",$connect) or die(mysql_error()); $sql = "INSERT INTO results(rollno,name,maths,physics,chemistry,enlish,hindi) VALUES({$_POST['rollno']},\"{$_POST['uname']}\",{$_POST['maths']},{$_POST['physics']},{$_POST['chemistry']},{$_POST['english']},{$_POST['hindi']}"; $execquery = mysql_query($sql) or die(mysql_error()); echo "Records Added"; ?> PHP:
Flaws/Errors which I can see within your code: 1. Escape all user submitted data to avoid sql parsing issues and sql injection, using mysql_real_escape_string() 2. Don't use die(), trigger_error() is more informative. (See the following article: http://www.phpfreaks.com/blog/or-die-must-die) 3. Your not closing the VALUES() <--- (echo out $sql to ensure the query is well formed). 4. Instead of <? (short tags) use the full php tags -> <?php (as not on every host, will their be short_tags enabled, furthermore is only 2 extra chars). Try the following, addresults.php: <?php $connect = mysql_connect("localhost", "root", "******") or trigger_error(mysql_error()); $db = mysql_select_db("test", $connect) or trigger_error(mysql_error()); $_POST = array_map('mysql_real_escape_string', $_POST); $sql = "INSERT INTO results(rollno,name,maths,physics,chemistry,enlish,hindi) VALUES('{$_POST['rollno']}', '{$_POST['uname']}', '{$_POST['maths']}', '{$_POST['physics']}', '{$_POST['chemistry']}', '{$_POST['english']}', '{$_POST['hindi']}')"; mysql_query($sql) or trigger_error(mysql_error()); echo "Records Added"; ?> PHP:
use extract($_POST); function to extract the post data and no need to use $_POST['rollno'].you can use directly $rollno