0

I have a html form, a php script and a mysql database I want the form to post to the mysql database through the php script. i fill out the form and submit but the table stays the same. I'm using Lamp setup with Ubuntu.

/var/www/add_review.php
<?
$username="user";
$password="password";
$database="database";
$review=$_POST['review'];
$Cname=$_POST['Cname'];
$picture=$_POST['picture'];
$profile=$_POST['Cprofile'];
$location=$_POST['location'];
$ratingImg=$_POST['ratingImg'];
$rating=$_POST['rating'];
$date=$_POST['date'];
$Creview=$_POST['Creview'];
$link=$_POST['link'];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO table VALUES ('$review','$Cname','$picture','$location','$ratingImg','$rating','$date','$Creview','$link')";
mysql_query($query);
if($query)
{
    echo "Success!";
}
else
{
    die(mysql_error());
}
mysql_close();
echo "Review Added!";
echo "<br />";
echo $review;
echo "<br />";
echo $name;
echo "<br />";
echo $picture;
echo "<br />";
echo $profile;
echo "<br />";
echo $location;
echo "<br />";
echo $ratingImg;
echo "<br />";
echo $rating;
echo "<br />";
echo $date;
echo "<br />";
echo $Creview;
echo "<br />";
echo $link;
?>

/var/www/add_review.html
<h1>Add A Drink</h1>
<form action="add_review.php" method="post">
<p>Review # <input type="text" name="review"><br></p>
<p>UserName <input type="text" name="Cname"><br></p>
<p>Picture URL <input type="text" name = "picture"><br></p>
<p>Users Profile URL <input type="text" name = "Cprofile"><br></p>
<p>Location <input type="text" name = "location"><br></p>
<p>Star URL <input type="text" name = "ratingImg"><br></p>
<p>Star Value <input type="text" name = "rating"><br></p>
<p>Date(MMDDYYYY) <input type="text" name = "date"><br></p>
<p>Users Review<br> <textarea name="Creview"></textarea><br></p>
<p>Review Link <input type="text" name = "link"><br></p>
<input type="submit" value="Submit">
</form>

MYSQL Table

+-----------+-------------+------+-----+---------+-------+
| Field     | Type        | Null | Key | Default | Extra |
+-----------+-------------+------+-----+---------+-------+
| review    | int(11)     | YES  |     | NULL    |       |
| Cname     | varchar(20) | YES  |     | NULL    |       |
| picture   | text        | YES  |     | NULL    |       |
| Cprofile  | text        | YES  |     | NULL    |       |
| location  | varchar(30) | YES  |     | NULL    |       |
| ratingImg | text        | YES  |     | NULL    |       |
| rating    | float       | YES  |     | NULL    |       |
| date      | int(11)     | YES  |     | NULL    |       |
| Creview   | text        | YES  |     | NULL    |       |
| link      | text        | YES  |     | NULL    |       |
+-----------+-------------+------+-----+---------+-------+

I can't figure out what I'm doing wrong! please help.

UnbrandedTech
  • 461
  • 6
  • 14
  • 3
    Please, don't use `mysql_*` functions for new code. They are no longer maintained and the community has begun the [deprecation process](http://goo.gl/KJveJ). See the [**red box**](http://goo.gl/GPmFd)? Instead you should learn about [prepared statements](http://goo.gl/vn8zQ) and use either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). If you can't decide, [this article](http://goo.gl/3gqF9) will help to choose. If you care to learn, [here is good PDO tutorial](http://goo.gl/vFWnC). – Madara's Ghost Jun 14 '12 at 13:41
  • @Truth, totally going to steal your comment for future use! – John Conde Jun 14 '12 at 13:47
  • well i had no idea, i just learned MYSQL 8 months ago... you know you slacking when your "go-to" solution is now being phased out and becoming "obsolete" lol well i will catch up on mysqli but in the mean time have any idea what up with this? – UnbrandedTech Jun 14 '12 at 13:47
  • it's a bad idea to name columns with reserved words like `date` – dnagirl Jun 14 '12 at 13:49
  • @JohnConde: All credit goes to teresko at PHP chat. You're welcome to join :) – Madara's Ghost Jun 14 '12 at 13:49
  • no errors, but the table is bone dry. – UnbrandedTech Jun 14 '12 at 13:51
  • i finally made the inserted the fields but it looks like this – UnbrandedTech Jun 14 '12 at 14:50
  • well its too long but it doesn't look like right – UnbrandedTech Jun 14 '12 at 14:54

4 Answers4

1

You don't seem to be supplying a value for CProfile which will probably cause an error of some kind.

Jaydee
  • 4,138
  • 1
  • 19
  • 20
1

In your INSERT sentence, the int values does not require quotes.

From now on, please supply error messages (if you don't see one, look for it on apache error log)

Alfabravo
  • 7,493
  • 6
  • 46
  • 82
1

try specifying your columns in your query:

$query = <<<EOQ

INSERT INTO yelpreviews(review, Cname, picture, location, 
                        ratingImg, rating, `date`, Creview, link)
VALUES('$review','$Cname','$picture','$location',
       '$ratingImg','$rating','$date','$Creview','$link')

EOQ;
dnagirl
  • 20,196
  • 13
  • 80
  • 123
0

What do you mean $_POST['image']? Is that you're uploading image? If so, i'm sure you use the enctype = multipart/form-data on the form attribute, and also you use $_FILE['image']['name'] to get the name of the image.

One more thing, you should use the mysql_real_escape_string($_POST['string']) to prevent mysql injection. And also do not use quote between integer values.

Tepken Vannkorn
  • 9,648
  • 14
  • 61
  • 86