Fields not being populated in INSERT INTO command.

[peterv12]

I have a PHP script that shows an input form, then passes the input field values to a MySQL script that is an INSERT INTO command. The table is updated, but the fields are all blank! I'm posting this here, because I'm not sure if it's a MySQL problem, or a PHP problem. If someone could point me in the right direction, I'd appreciate it. There are 3 fields in the record, authorid, which is an auto-increment key, that value is being populated correctly. The lname and fname fields are both blank. The code is below:

<?php
//leads_process_page.php - Updated: TUESDAY JUNE 30, 2009 - 5:57 PM
// Originally - delete_or_update_leads.php
include('dbconnect.php');
//
  $option=$_POST['process_what'];
//
  if ($option == "author") {
//
  $record_key=$_POST['authorid'];
//
$var1 = ($_POST['formoption']);
[b][COLOR=blue]echo "formoption: $formoption<br>";
echo "lname: $lname<br>";
echo "fname: $fname<br>";[/color][/b]
  switch($_POST['formoption']) {
[b][COLOR=red]  case 'Add':
             $lname = $_POST['lname'];
             $fname = $_POST['fname'];
//
             $query2 ="INSERT INTO MYAUTHORS (authorid, lname, fname)
                      VALUES ('0','$lname', '$fname')";
//
             $result = mysql_query($query2);
             $rows=mysql_affected_rows();
             if (!$result) {
                echo "<b>Update Failed:</b> <br>" . mysql_error();
                echo "<br>Whole query: " . $query2 . "<br>";
                die;
             } else {
[b][COLOR=green]                echo "rows: $rows<br>";
                echo "authorid: $authorid<br>";
                echo "lname: $lname<br>";
                echo "fname: $fname<br>";[/color][/b]
             }
//	 include('leads_message_display.php');
     break;[/color][/b]
   case 'Delete':
     $query ="DELETE from MYAUTHORS where authorid_name = '$record_key'";
     $result = mysql_query($query);
     $rows=mysql_affected_rows(); // returns number of rows produced by query.
     if (!$result) {
        $message  = 'Invalid query: ' . mysql_error() . "\n";
        $message .= 'Whole query: ' . $query;
        die($message);
     } else {
//        if ($rows > 0) {
//           echo "$rows record(s) deleted.<br>";
//        } else {
//           echo "Record not found.<br>";
//        }
        include('leads_message_display.php');
}
//     include('query_check.php');
     break;
  case 'Update':
     echo "Update 2";
     break; 
  case 'Search':
//
  $query = "SELECT * FROM MYAUTHORS where authorid_name = '$record_key'";
//
  $result = mysql_query($query);
//
  $rows=mysql_affected_rows(); // will return the number of rows produced by the query.
  if (!$result) {
     $message  = 'Invalid query: ' . mysql_error() . "\n";
     $message .= 'Whole query: ' . $query;
     die($message);
  } else {
     while ($_POST = mysql_fetch_array($result, MYSQL_ASSOC)) {
            $id  = $_POST['id'];
            $authorid = $_POST['authorid_name'];
            $title = $_POST['title'];
            $type = $_POST['type'];
            $cover_type = $_POST['cover_type'];
            $pages = $_POST['pages'];
            $copyright = $_POST['copyright'];
            $date_finished = $_POST['date_finished'];
            $has_been_finished = $_POST['has_been_finished'];
  }
}
	 include('leads_message_display.php');
	 break;
  default:
     echo "Default";
  }
  }else{
     echo "Process Book";
  }
?>

The echo statements output:

[b][COLOR=blue]
formoption: Add
lname: Kellerman
fname: Jonathan[/color][/b]
[b][COLOR=green]rows: 1
authorid: 
lname: Kellerman
fname: Jonathan[/color][/b]

Any and all assistance is greatly appreciated. Also, please let me know if this should be posted in the PHP board instead.

Thank you.

 

[vacunita]

this looks to be a PHP error. and should be posted in the forum434, but I'll get you started here.

Where are these variables getting set?:

echo "formoption: $formoption<br>";
echo "lname: $lname<br>";
echo "fname: $fname<br>";

You don't explicitly set them until a couple of lines down inside the "Add" case of your switch statement.

We'd also need to see the definitions for your table fields lname and fname. Are they big enough to hold the values? Are they of the correct type?


Have you echoed out your query2 variable to make sure it has the correct values?

 $query2 ="INSERT INTO MYAUTHORS (authorid, lname, fname)
                      VALUES ('0','$lname', '$fname')";
//
[blue]echo "<br>The query is: " . $query2 . "<br>";[/blue]
             $result = mysql_query($query2);

How are $_POST['lname'] and $_POST['fname'] populated?
If there's a form that goes with this it be good to see it.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[ChrisHunt]

I'd follow vacunita's advice on printing out $query2 to see if it's saying what you think it should. My guess is that it isn't.

Over and above that, by simply inserting the variables into your string you're running the risk of SQL injection attacks and/or the script failing when it hits awkward data values. What happens, for example, when $lname = O'Neill?

The PHP manual for mysql_query suggests that you do something like this instead:

$query2 = sprintf("INSERT INTO MYAUTHORS (authorid, lname, fname) VALUES ('0','%s', '%s')",
                  mysql_real_escape_string($lname),
                  mysql_real_escape_string($fname));

That won't solve your "it's not inserting anything" problem, but it could save you pain later on.



-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd