0

My code inserts an empty record into the MySQL table "activate" instead of getting the data activate.html. It calls upon activate.php which I stripped down. I also should add that I am new to php, but am aware of injection attacks. I originally had some of the security issues addressed, but as I said, have stripped down the code to get to the root of the problem. Also, when I echo the form fields, they populate, just not into the MySql table. Any ideas why? Thank you in advance.

<?php $host = "host"; // Host name $username = "user"; // Mysql username $password = "pass"; // Mysql password $db_name = "db"; // Database name $tbl_name = "activate"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password") or die("cannot connect"); mysql_select_db("$db_name") or die("cannot select DB"); // Get values from form if (isset($_POST['submit'])) { $esn = mysql_real_escape_string($_POST['esn']); $esnverify = mysql_real_escape_string($_POST['esnverify']); $zip = mysql_real_escape_string($_POST['zip']); $comments = mysql_real_escape_string($_POST['comments']); } // Insert data into mysql $sql = "INSERT INTO $tbl_name (esn, esnverify, zip, comments) VALUES ('$esn', '$esnverify', '$zip', '$comments')"; $result = mysql_query($sql); // if successfully insert data into database, displays message "Successful". if ($result) { echo "Successful"; echo "<br />"; echo $_POST['esn']; echo "<br />"; echo $_POST['esnverify']; echo "<br />"; echo $_POST['zip']; echo "<br />"; echo $_POST['comments']; echo "<br />"; echo "<a href='thankyou.html'>Back to main page</a>"; } else { echo "ERROR"; } ?> <?php // close connection mysql_close(); ?>

Activate.html

<form method="post" action="activate.php"> <p><b>ESN:</b> <input type="text" id="esn" name="esn" maxlength="50"><br/> <b>Confirm ESN:</b> <input type="text" name="esnverify" id="esnverify" maxlength="50"><br/> <b>Zip:</b> <input type="text" name="zip" id="zip" maxlength="5"><br/> <p>Your comments:<br /> <textarea name="comments" rows="10" cols="40" id="comments" maxlength="500"></textarea></p> <p><input type="submit" value="Send it!"></p></form>
Improve this question
4
  • From which page are you receiving the $_POST variables? Commented Jun 11, 2013 at 18:47
  • 1
    Since your submit button doesn't have the name attribute, this condition if (isset($_POST['submit'])) will never be satisfied. It should look like <input type="submit" id="submit" name="submit" value="Send it!">. Commented Jun 11, 2013 at 18:57
  • Thank you Lion!! in conjuction with moving my curly brackets it is corrected!! Thank you all again, I greatly appreciate the assistance. Commented Jun 11, 2013 at 19:11
  • I'd also look into migrating to mysqli; mysql is deprecated. Commented Jun 11, 2013 at 19:16

2 Answers 2

Reset to default
1 
 <?php $host = "host"; // Host name $username = "user"; // Mysql username $password = "pass"; // Mysql password $db_name = "db"; // Database name $tbl_name = "activate"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password") or die("cannot connect"); mysql_select_db("$db_name") or die("cannot select DB"); // Get values from form if (isset($_POST['submit'])) { $esn = mysql_real_escape_string($_POST['esn']); $esnverify = mysql_real_escape_string($_POST['esnverify']); $zip = mysql_real_escape_string($_POST['zip']); $comments = mysql_real_escape_string($_POST['comments']); // Insert data into mysql $sql = "INSERT INTO $tbl_name (esn, esnverify, zip, comments) VALUES ('$esn', '$esnverify', '$zip', '$comments')"; $result = mysql_query($sql); // if successfully insert data into database, displays message "Successful". if ($result) { echo "Successful"; echo "<br />"; echo $_POST['esn']; echo "<br />"; echo $_POST['esnverify']; echo "<br />"; echo $_POST['zip']; echo "<br />"; echo $_POST['comments']; echo "<br />"; echo "<a href='thankyou.html'>Back to main page</a>"; } else { echo "ERROR"; } } ?> <?php // close connection mysql_close(); ?>

Also, change this in html code:

add name='submit' to input field/submit button.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I changed the curly bracket but now the page does nothing, not even echo inputs???
@JuStin, reply edited - also, i see that Lion already answered. :)
1

Even if $_POST['submit'] is not set (in which case your variables will have no values), your code will still attempt to insert the data into the table. This is why there are blank rows.

As Lion said in his comment, since your submit button has no name attribute, $_POST['submit'] will never be set, and therefore you will always insert blank data.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.