PHP to MySQL


#1

I have a wesite with godaddy.com they provide myPHPadmin, the database and table were created easily.

Now, I’m trying to make a form that the end result is to have my form entered data be placed into my databases (gallinks) table (Links).

I have this and get no errors, however the information isn’t showing up in myPHPadmin or even when I export the information in .CSV.

[php]
$username=“";
$password="
”;
$database=“gallinks”;
$hostname="*************";

$name=$_POST[‘name’];
$date=$_POST[‘date’];
$url=$_POST[‘url’];
$desc=$_POST[‘desc’];
$pic=$_POST[‘pics’];

mysql_connect($hostname,$username,$password);
@mysql_select_db($database) or die(“This did not work, eh”);

$query=“INSERT INTO links (name, date, url, desc, pic) VALUES (’’,’$name’, ‘$date’, ‘$url’, ‘$desc’, ‘$pic’)”;
mysql_query($query);

mysql_close();
[/php]

Besides the opening and closing php tags, can anyone see if what could be wrong?

Thanks

Admin Edit: Added PHP tags for readability. Please see http://phphelp.com/guidelines.php for posting guidelines.


#2

mySQL errors will not show up in php unless there is an error with the PHP itself. so you should consider (after the mysql_query) command checking the Error messages from mySQL by using the mysql_error or mysql_errno functions.

Additionally, in your sql statement
[php]
$query=“INSERT INTO links (name, date, url, desc, pic) VALUES (’’,’$name’, ‘$date’, ‘$url’, ‘$desc’, ‘$pic’)”;
[/php]
you have too many fields in the VALUES section thatn you do in the INSERT INTO portion.

I suspectg you have an autonumber id but if you are going to write the query in this format you need to include the id as part of the declaration

[php]
$query=“INSERT INTO links (id, name, date, url, desc, pic) VALUES (’’,’$name’, ‘$date’, ‘$url’, ‘$desc’, ‘$pic’)”;
[/php]

Also, I am not 100 percent sure what advantage the back ticks give you and I rarely use them as I feel they cause confusion in this format and are not really needed. Thus you could end up with this:

[php]
$query=“INSERT INTO links (id, name, date, url, desc, pic) VALUES (’’,’$name’, ‘$date’, ‘$url’, ‘$desc’, ‘$pic’)”;
[/php]

Finally, if you are sure you are going to enter a piece of data for EACH field in your record, you can eliminate half of the query (the declaration portion of it) and be left with this:

[php]
$query=“INSERT INTO links (’’,’$name’, ‘$date’, ‘$url’, ‘$desc’, ‘$pic’)”;
[/php]

however, if you change the table layout and forget to update this query… the query won’t work and would generate and SQL error where by declaring the fields explicitly , you would not get that.

Just some suggestions. Hope this helps.


#3

The SQL error would have shown up if it wasn’t suppressed with the ‘@’ sign:

mysql_select_db($database) or die(“This did not work, eh”);

Also, watch out for SQL Injection here ;)


#4

By using the @ to suppress the error it allows one to use a custom error (in this case the DIE statement).

A better way would be to suppress the errors in the php.ini (as displaying errors can leak potentially valuable information about the system) on production machines.

On development machines, I would think that you would want to display ALL errors.


#5

The die() statement will only not be executed if a fatal PHP error has occurred ;) (at least, that’s the way I’ve learned it). In this case, the die() statement terminates the PHP script if the mysql_select_db() function fails, however, a MySQL error would still be displayed (or should).

You’re right when you say that on PROD servers, errors shouldn’t be shown directly to the frontend, however, I say it’s best to store them in a serverside log file (outside the server root of course). That way, specific issues that can’t be tested in a DEV environment (you can’t possibly test ALL possible forms of user input, after all), will show up on PROD, without giving away sensitive information to possibly malicious visitors.