Submitting numbers to a database

Beginners - Learning PHP
#1

I’m trying to code a simple form to enter some values into a database, but I just can’t get the form and the database to talk to one another. Every time I test the form, it just takes me back to the same page, without the error or success message I’ve set up, and the value doesn’t get entered into the database.

Here’s what I’ve got:

[php]<?php
if (isset($_POST[‘submit’])) {
$number = htmlspecialchars(strip_tags($_POST[‘number’]));

	mysql_connect('localhost', 'root');
	mysql_select_db('progressbar');
	
	$sql = "INSERT INTO progressbar (number) VALUES ('$number')";
	$result = mysql_query($sql) or print ("Something went horribly wrong here. Sorry.<br />" . $sql . "<br />" . mysql_error());
	
	if ($result != false) {
		print ("<p>SUCCESS!</p>");
	}
	
	mysql_close();
}

?>

What's your number?

[/php]
#2

in your first line of code you missed the capitalized S.

the button name is ‘Submit’ and you used it as ‘submit’ which are 2 different buttons.

good luck

#3

wilson is right but I wanted to point out something else.

[php]
$number = htmlspecialchars(strip_tags($_POST[‘number’]));
[/php]

What is your goal here? If you are truly expecting an integer you should use type casting or intval for example:
[php]
$number = intval($_POST[‘number’]);

OR

$number = (int) $_POST[‘number’];
[/php]

Also, on your insert you are specifying $number as a string.

[php]$sql = “INSERT INTO progressbar (number) VALUES (’$number’)”;[/php]

Should not include the quotes around $number.

Personally, I recommend using sprintf for queries like this. For example:

[php]
$sql = sprintf(“INSERT INTO progressbar (number) VALUES (%d)”, $number);
[/php]

Making these changes will help to prevent any SQL injection attempts.

Sponsor our Newsletter | Privacy Policy | Terms of Service