why cannot insert?

[147896325]

hi all, i m new to php.
i hv copied some code and test.
"Record Inserted" returned, then i check the database, there is one row added, but all the values are null.
is there anything wrong with the script or with mysql?

anybody helps? thanks.


<?php
if ($_GET['post'] == &quot;yes&quot {

$dbuser = &quot;XXX&quot;;
$dbserver = &quot;localhost&quot;;
$dbpass = &quot;XXX&quot;;
$dbname = &quot;test_contri&quot;;


mysql_connect($dbserver)
or die (&quot;UNABLE TO CONNECT TO DATABASE&quot;
mysql_select_db($dbname)
or die (&quot;UNABLE TO SELECT DATABASE&quot;

$sql = &quot;INSERT INTO user (
username, password, gname, wonid, email ) VALUES (
'$username', '$password', '$gname', '$wonid', '$email')&quot;;
if ($sql_debug_mode==1) { echo &quot;<BR>SQL: $sql<BR>&quot;; }
$result = mysql_query($sql);
if ($result == 1) {
echo &quot;Record Inserted&quot;;
} else {
echo &quot;Error inserting record (9994SQL)&quot;;
}

}

if (!$_GET['post']) {
?>
<form method=&quot;post&quot; action=&quot;<?php echo $thispage; ?>?proc=New&post=yes&<?php echo $pagevars; ?>&quot;>
<center>
<TABLE>
<TR>
<td>
<B>USERNAME:</B>
</td>
<td>
<textarea name=&quot;username&quot; rows=&quot;4&quot; cols=&quot;35&quot;></textarea>
</TR>
<TR>
<td>
<B>PASSWORD:</B>
</td>
<td>
<input type=&quot;password&quot; name=&quot;password&quot; size=&quot;20&quot;>
</TR>
<TR>
<td>
<B>GNAME:</B>
</td>
<td>
<input type=&quot;gname&quot; name=&quot;gname&quot; size=&quot;20&quot;>
</TR>
<TR>
<td>
<B>WONID:</B>
</td>
<td>
<input type=&quot;wonid&quot; name=&quot;wonid&quot; size=&quot;20&quot;>
</TR>
<TR>
<td>
<B>EMAIL:</B>
</td>
<td>
<input type=&quot;email&quot; name=&quot;email&quot; size=&quot;20&quot;>
</TR>
<tr>
<td>
</td>
<td>
<input type=&quot;submit&quot; value=&quot;Add Record&quot; name=&quot;submit&quot;>
<input type=&quot;reset&quot; value=&quot;Reset&quot; name=&quot;reset&quot;>
</td>
</tr>
</table>
</center>
<BR>
</form>

<?php
}
?>

 

[DRJ478]

Don't use reserved words for database, table or column names: stay away from reserved SQL language such as PASSWORD. I know, even the MySQL permission system uses a field password, but it is best to stay away from reserved words. You can also quote them in backticks `password`.

Now to the issue:
I believe this is a register_globals OFF issue.
You assume that the posted variables are translated into plain vars - but that is probably not the case since register_globals probably is OFF (and that's good).

Your form POSTs to the script. You need not append a GET parameter to the end of the action URL. Thats superfluous.

When you hit the &quot;Submit&quot; button it will be in the $_POST array as $_POST['submit'] and the value will be &quot;Add Record&quot; or whatever the value specified is. Check if the submit button was pressed by making sure the variable isset() and not empty [Some older Netscape browsers always send all form element even if empty].

Refer to the variables posted using the superglobal $_POST array:

$sql = "INSERT INTO user ( 
username, password, gname, wonid, email ) VALUES ( 
'".$_POST['username']."','".$_POST['password']."','".$_POST['gname']."','".$_POST['wonid']."','".$_POST['email']."')";

It is also a good idea to conatenate the way shown above, because sometimes the PHP interpreter does not evaluate correctly the alpahnumeric array keys in structures with nested quotes/double quotes.

It's not A SQL issue, it's probably what I said above. Check out phpinfo() and ascertain the setting of register_globals.