Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Update tables from forms

Status
Not open for further replies.

mondeoman

MIS
Dec 7, 2006
203
GB
I want to update (or add a new record) to a table in a form. I have managed to do this for a page that updates events but some reason my code in the new members page does not work. I have clearly got something wrong with this code but I simply can't see where. The code should add a new member's details to a table called tblMembers. I have a similar page for events which works fine. When the details are put into the form for members and submit button is pusshed the new record is not inserted. Can anyone have a look at my code and tell me where I have gone wrong.

Code:
<? include('LOCALHOST.PHP');?> 
<?php
/// query db and loop through rows example

$field2 = $_POST['member_id'];
$field3	= $_POST['FirstName'];
$field4	= $_POST['Surname'];
$field5	= $_POST['Role'];
$field6	= $_POST['Address1'];
$field7	= $_POST['Address2'];
$field8	= $_POST['Address3'];
$field9	= $_POST['Address4'];
$field10 = $_POST['PostCode'];
$field11 = $_POST['Telephone'];
$field12 = $_POST['email'];

/// query db and loop through rows example
if($field2){

	 $sql = "
    INSERT INTO
        `tblMembers` (
            `member_id`
            ,`FirstName`
            ,`Surname`
            ,`Role`
            ,`Address1`
            ,`Address2`
            ,`Address3`
            ,`Address4`
            ,`PostCode`
            ,`Telephone`
            ,`email`
        ) VALUES  (
            '".$field2."'
            ,'".$field3."'
            ,'".$field4."'
            ,'".$field5."'
            ,'".$field6."'
            ,'".$field7."'
            ,'".$field8."'
            ,'".$field9."'
            ,'".$field10."'
            ,'".$field11."'
            ,'".$field12."'
        )
    ;
";

//echo $sql; //debug line
mysql_query($sql); 

/// query db and loop through rows example
}

$query 	= mysql_query("SELECT * FROM tblMembers ORDER BY member_id;");

//$table = "<table border=\"1\">\n";
$table = "<table border=\"1\" cellspacing=\"10\" body bgcolor=\"#AABBCC\" Align=Center>\n";
$tableHead = "<tr>
				<th>Member No</th>
				<th>First Name</th>
				<th>Surname</th>
				<th>Role</th>
				
				</tr>\n";
while($row = mysql_fetch_array($query)){

	$tablerow .= "<tr><td>".$row['member_id']."</td><td>".$row['FirstName']."</td><td>".$row['Surname']."</td><td>".$row['Role']."</td></tr>\n";

}
$tableEnd = "</table>\n";  
$note1 = "The table below shows the current committee member list. To add a new member please enter a new 'UNIQUE' Member No (see from curent list)
and then fill in all relevant fields in the table and then click on the Submit button."
?>

Form Code:

Code:
<table cellpadding="0" cellspacing="0" width="100%">  <tr>    <td align="left" valign="top" width="100%" id="layout_zone1" style = ""><div>
<form id="form1" name="form1" method="post" action="">
  <table width="31%" border="0" align="center">
    <tr>
      <td>First Name</td>
      <td><input name="FirstName" type="text" id="FirstName" /></td>
    </tr>
    <tr>
      <td>Surname</td>
      <td><input name="Surname" type="text" id="Surname" /></td>
	</tr>
	<tr>
      <td>Role</td>
	<!-- <td><input name="Role" type="text" id="Role" /></td> -->
     <td><select name="Role" id="Role" />
	 <option value="Select an Option" selected=selected>Select an Option</option>
	  <option value="Committee Member" >Committee Member</option>
	  <option value="Associate Member">Associate Member</option>
     <option value="Volunteer">Volunteer</option>
		<option value="Chairman">Chairman</option>
		<option value="Treasurer">Treasurer</option>
		<option value="Secretary">Secretary</option>
		<option value="Press Liaison">Press Liason</option>
		<option value="Programme Coordinator">Programme Coordinator<option>
     </select>
	 </td>
    </tr>
      <td>Address</td>
      <td><input name="Address1" type="text" id="Address1" /></td>
    </tr>
    <tr>
      <td></td>
      <td><input name="Address2" type="Date" id="Address2" /></td>
    </tr>
	 <tr>
      <td></td>
      <td><input name="Address3" type="text" id="Address3" /></td>
    </tr>
	 <tr>
      <td></td>
      <td><input name="Address4" type="text" id="Address4" /></td>
    </tr>
    <tr>
      <td>Post Code</td>
      <td><input name="PostCode" type="text" id="PostCode" /></td>
    </tr>
	<tr>
      <td>Telephone</td>
      <td><input name="Telephone" type="text" id="Telephone" /></td>
    </tr>
	<tr>
      <td>email</td>
      <td><input name="email" type="text" id="email" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Submit" /></td>
    </tr>
  </table>
</form></div></td>  </tr></table>

There is clearly some type of error here but I can't see what it is.
 
you are using unescaped data.

read up on sql injection and try the script again after this.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top