|
|
Posted by Jerry Stuckle on 05/15/07 21:09
shaggynuts24@gmail.com wrote:
> I am new to mysql and php. I am trying to learn this in order to
> implement a web based database to keep track of camera inventory along
> with RMA and cost information. I am not sure what I am doing wrong
> with this.
>
> I am trying to set this up so that when someone hits submit it enters
> the information into the database.
>
> I would also like to find a way to get it to append the information as
> well. I have no prior html, php, or mysql experience.
>
> <?php
> // database connection
> mysql_connect("localhost", "username", "password") or
> die(mysql_error());
> mysql_select_db("cameradb") or die(mysql_error());
>
> //$query definition
> $query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
> CAM_Name, RMA_Number, RMA_Description,
> RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, RMA_Cost)
>
> VALUES
> ('$_post[SN]','$_post[MAC_Adress]',
> '$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
> '$_post[RMA_Number]', '$_post[RMA_Description]',
> '$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
> '$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',
> '$_post[RMA_Cost]')";
>
> {
>
> ?>
> //form definition and assigning variables
> <form action ="<?php mysql_query($query) ?>" method="post">
> <p>Camera Serial Number: <input type="text" name="SN" /></p>
> <p>Mac Adress: <input type="text" name="Mac_adress" /></p>
> <p>Camera Types: <input type="text" name="cam_type" /></p>
> <p>Camera Loacation: <input type="text" name="cam_location" /></p>
> <p>Camera Name: <input type="text" name="cam_name" /></p>
> <p>RMA Number: <input type="text" name="RMA_Number" /></p>
> <p>RMA Description: <input type="text" name="RMA_Description" /></p>
> <p>RMA Request Date: <input type="text" name="RMA_Req_date" /></p>
> <p>RMA Recieve Date: <input type="text" name="RMA_Rec_date" /></p>
> <p>RMA Ship Date: <input type="text" name="RMA_Ship_Date" /></p>
> <p>RMA Return Date: <input type="text" name="RMA_Return_date" /></p>
> <p>RMA Cost: <input type="text" name="RMA_Cost" /></p>
> <p><input type="submit" /></p>
> </form>
>
> <?php
> }
>
> ?>
>
A couple of things.
First of all, it is $_POST, not $_post - case sensitive.
And you need to ALWAYS VALIDATE input from the user. Don't just
"assume" the data are correct.
Finally, all strings should be processed with mysql_real_escape_string()
before being inserted into the database - among other things it takes
care of apostrophes in the text - but also helps protect you if someone
tries some bad data (google for "SQL injection").
Something like:
$sn = $_POST['SN'];
.... validate here
$macaddr = $_post[MAC_Adress];
.... validate
(or get each one locally and validate it)
Finally,
$query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, " .
"CAM_Location, CAM_Name, RMA_Number, RMA_Description, " .
"RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, " .
"RMA_Cost) " .
"VALUES ('" . mysql_real_escape_string($sn) . "', '" .
mysql_real_escape_string($macaddr) . "', '" .
etc.
If course there are other ways to handle the actual syntax - but you get
the idea.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|