Why is my Insert record code prompting a File Download window? 2

[malibu65k]

Hi All,

I'm trying to insert a record into a MYSQL table and I keep getting a File Download window comes up and asks me if I want to open the file or save it. I opened it once to see what its trying to download and its just the PHP file with the code in it. I researched the internet and found that the code is the same as everyone elses and I even tried rewriting it using another example and I still get the same thing. I'm starting to feel like it may not be the code but a setting I'm not familair with enough to fix myself. Any help will be appreciated.

***********************************************
My PHP Code:



<?php
mysql_connect('127.0.0.1','root','') or die('Could not connect to localhost');


mysql_select_db('VMMT204mc') or die('Could not select to Database');
echo "1 record added";

If(array_key_exists('type_submit', $_POST))
{
$query="SELECT MAX(TypeID) FROM tblType";
$result = mysql_query($query);
while ($row=mysql_fetch_assoc($result))

{
$TypeID = $row['MAX(TypeID)'] +1;
}

mysql_query("INSERT INTO tblType(TypeId, TypeName,StateAbbr) VALUES($TypeID,'$_POST[TypeName]')");
echo "1 record added";

}
If(array_key_exists('shop_submit', $_POST))
{
$query="SELECT MAX(ShopID) FROM tblShop";
$result = mysql_query($query);
while ($row=mysql_fetch_assoc($result))

{
$ShopID = $row['MAX(ShopID)'] +1;
}

mysql_query("INSERT INTO tblShop(ShopId, ShopName,ShopNumber) VALUES($ShopID,'$_POST[ShopName]','$_POST[ShopNumber]')");
echo "1 record added";

}
If(array_key_exists('make_submit', $_POST))
{
$query="SELECT MAX(MakeID) FROM tblMake";
$result = mysql_query($query);
while ($row=mysql_fetch_assoc($result))

{
$MakeID = $row['MAX(MakeID)'] +1;
}

mysql_query("INSERT INTO tblMake(MakeId, MakeName) VALUES($MakeID,'$_POST[MakeName]')");
echo "1 record added";

}
If(array_key_exists('model_submit', $_POST))
{
$query="SELECT MAX(ModelID) FROM tblModel";
$result = mysql_query($query);
while ($row=mysql_fetch_assoc($result))

{
$ModelID = $row['MAX(ModelID)'] +1;
}

mysql_query("INSERT INTO tblModel(ModelId,MakeId, ModelName) VALUES($ModelID,'$_POST [MakeId]','$_POST[ModelName]')");
echo "1 record added";

}
If(array_key_exists('Noticetype_submit', $_POST))
{
$query="SELECT MAX(NoticetypeID) FROM tblNoticetype";
$result = mysql_query($query);
while ($row=mysql_fetch_assoc($result))

{
$NoticetypeID = $row['MAX(NoticetypeID)']+1;
}

mysql_query("INSERT INTO tblNoticetype(NoticetypeId,NoticetypeName) VALUES($NoticetypeID,'$_POST [NoticetypeName]')");
echo "1 record added";

}
If(array_key_exists('Base_submit', $_POST))
{
$query="SELECT MAX(BaseID) FROM tblBase";
$result = mysql_query($query);
while ($row=mysql_fetch_assoc($result))

{
$BaseID = $row['MAX(BaseID)'] +1;
}

mysql_query("INSERT INTO tblBase(BaseId,BaseName,BaseAbbr) VALUES($BaseID,'$_POST [BaseName]','$_POST[BaseAbbr]')");
echo "1 record added";

}
If(array_key_exists('rank_submit', $_POST))
{
$query="SELECT MAX(RankID) FROM tblRank";
$result = mysql_query($query);
while ($row=mysql_fetch_assoc($result))

{
$RankID = $row['MAX(RankID)'] +1;
}

mysql_query("INSERT INTO tblRank(RankId,RankName, RankAbbr) VALUES($RankID,'$_POST [RankName]','$_POST[RankAbbr]')");
echo "1 record added";

}

?>


*************************************************

HTML Form code:

<html>
<body>

<form action="insert.php" method="post">

<B><Font size =5>New Vehicle Type</Font></B><BR><BR>
Enter vehicle type: <input type="text" name="TypeName" />
<input type= "submit" name = "Type_submit" value = "Save"

<BR>
<BR>
<BR>

<B><Font size =5>New Shop</Font></B><BR><BR>
Enter shop: <input type="text" name="ShopName" />
<input type= "submit" name = "Shop_submit" value = "Save"

<BR>
<BR>
<BR>

<B><Font size =5>New Make</Font></B><BR><BR>
Enter vehicle make: <input type="text" name="MakeName" />
<input type= "submit" name = "Make_submit" value = "Save"

<BR>
<BR>
<BR>

<B><Font size =5>New Model</Font></B><BR><BR>

<?php

mysql_connect('127.0.0.1','root','') or die('Could not connect to localhost');

mysql_select_db('VMMT204mc') or die('Could not select to Database');

$result = mysql_query("SELECT * FROM tblMake");

Select Vehicle Make:<select name='Name'>

while($row=mysql_fetch_array($result,MYSQL_ASSOC))

{
echo '<option value="'.$row['MakeId'].'"'.'>'.$row['Makename'].'</Option>';
}
?>
</select>

Enter vehicle Model: <input type="text" name="ModelName" />

<input type= "submit" name = "Model_submit" value = "Save"

</form>

</body>
</html>

 

[Geates]

Your not closing the tag?

<input type= "submit" name = "Type_submit" value = "Save"[red]>[/red]

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[Geates]

Also, PHP is case sensitive. Make sure your <input> names are the same as what you are testing against.

PHP:

If(array_key_exists('[red]type_submit'[/red], $_POST))

HTML:

<input type= "submit" name = "[red]Type_submit[/red]" value = "Save">

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[malibu65k]

I made both changes and still I get the File download window.

Any other suggestions, thanks for catching my mistakes.

 

[feherke]

Hi

its just the PHP file with the code in it.

That sounds like your web server is not configured correctly to handle PHP scripts. That would mean neither a basic

[teal]<?php[/teal]
[COLOR=darkgoldenrod]phpinfo[/color][teal]();[/teal]

will work. In that case you have to configure your web server first. The best place for such question would be the forum dedicated to your web server, if exists. But for now, just tell us if a test.php as above runs correctly.


Feherke.

http://free.rootshell.be/~feherke/

 

[Borvik]

If the downloaded file contains your source code, then the server is most likely not parsing it as PHP and is instead just delivering the file as requested.

I would check the file extension and the server's configuration (IIS or Apache) to make sure that that file type will be passed to PHP for parsing.

 

[jpadie]

[ol]
[li]none of your input type=submit tags are properly closed[/li]
[li]the line

Select Vehicle Make [COLOR=#990000 ]:[/color] [COLOR=#990000 ]<[/color]select name [COLOR=#990000 ]=[/color] [COLOR=#FF0000 ]'Name'[/color] [COLOR=#990000 ]>[/color]

either needs to be echo'd or put outside of php tags. you cannot simply have a text string sitting within php code.[/li]
[li] it is unclear why you have so many submit buttons. most people want users to make all the inputs and then press save. you seem to make them do it one field at a time. [/li]
[li]if you are trying to create many different separated forms then encapsulate each logically separate form in <form> </form>tags. [/li]
[li]always use the proper doctype and always validate your generated (x)html with an online validator.[/li]
[li]always post code blocks within [ignore]

[/ignore] tags on tek-tips. [/li]
[li]do not use array_key_exists() for this task. just do this

[b][COLOR=#0000FF ]if[/color][/b][COLOR=#990000 ]([/color][b][COLOR=#0000FF ]isset[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$_POST[/color][COLOR=#990000 ][[/color][COLOR=#FF0000 ]'some key'[/color][COLOR=#990000 ]]))[/color]

[/li]
[li]why are you doing two queries here? you can do this in one query

[COLOR=#009900 ]$query[/color] [COLOR=#990000 ]=[/color] [COLOR=#FF0000 ]"SELECT MAX(TypeID) FROM tblType"[/color][COLOR=#990000 ];[/color]
[tab][COLOR=#009900 ]$result[/color] [COLOR=#990000 ]=[/color] [b][COLOR=#000000 ]mysql_query[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$query[/color][COLOR=#990000 ]);[/color]
[tab][b][COLOR=#0000FF ]while[/color][/b] [COLOR=#990000 ]([/color][COLOR=#009900 ]$row[/color] [COLOR=#990000 ]=[/color] [b][COLOR=#000000 ]mysql_fetch_assoc[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$result[/color][COLOR=#990000 ]))[/color]
[tab][COLOR=#FF0000 ]{[/color]
[tab][tab][COLOR=#009900 ]$TypeID[/color] [COLOR=#990000 ]=[/color] [COLOR=#009900 ]$row[/color][COLOR=#990000 ][[/color][COLOR=#FF0000 ]'MAX(TypeID)'[/color][COLOR=#990000 ]][/color] [COLOR=#990000 ]+[/color] [COLOR=#993399 ]1[/color][COLOR=#990000 ];[/color]
[tab][COLOR=#FF0000 ]}[/color]
[tab]
[tab][b][COLOR=#000000 ]mysql_query[/color][/b][COLOR=#990000 ]([/color][COLOR=#FF0000 ]"INSERT INTO tblType(TypeId, TypeName,StateAbbr) VALUES($TypeID,'$_POST[TypeName]')"[/color][COLOR=#990000 ]);[/color]

[/li]
[li]in the same code segment you are opening your application to sqlinjection by not escaping the content. this will also cause the insert to fail if there are any single quotes there. [/li]
[li] see this code as an alternative

[b][COLOR=#0000FF ]if[/color][/b][COLOR=#990000 ]([/color][b][COLOR=#0000FF ]isset[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$_POST[/color][COLOR=#990000 ][[/color][COLOR=#FF0000 ]'Type_submit'[/color][COLOR=#990000 ]])):[/color]
[tab][COLOR=#009900 ]$result[/color] [COLOR=#990000 ]=[/color] [b][COLOR=#000000 ]mysql_query[/color][/b][COLOR=#990000 ]([/color][COLOR=#FF0000 ]"INSERT INTO tblType(TypeId, TypeName,StateAbbr) VALUES( max(TypeID) + 1, ,'"[/color][COLOR=#990000 ].[/color][b][COLOR=#000000 ]mysql_real_escape_string[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$_POST[/color][COLOR=#990000 ][[/color][COLOR=#FF0000 ]'TypeName'[/color][COLOR=#990000 ]])[/color] [COLOR=#990000 ].[/color][COLOR=#FF0000 ]" ')"[/color][COLOR=#990000 ]);[/color]
[tab][b][COLOR=#0000FF ]if[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$result[/color][COLOR=#990000 ])[/color] [b][COLOR=#0000FF ]echo[/color][/b] [b][COLOR=#000000 ]mysql_num_rows[/color][/b][COLOR=#990000 ]()[/color] [COLOR=#990000 ].[/color] [COLOR=#FF0000 ]" record added"[/color][COLOR=#990000 ];[/color]
[b][COLOR=#0000FF ]endif[/color][/b][COLOR=#990000 ];[/color]

[/li]
[li]the same points can be made on the other code blocks[/li]
[li]nstead of this

[b][COLOR=#000000 ]mysql_fetch_array[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$result[/color][COLOR=#990000 ],[/color] MYSQL_ASSOC[COLOR=#990000 ]))[/color]

use this (it is more efficient)

[b][COLOR=#000000 ]mysql_fetch_assoc[/color][/b][COLOR=#990000 ]([/color][COLOR=#009900 ]$result[/color][COLOR=#990000 ])[/color]

[/li]
[li]when debugging php code always make sure that, in your php.ini file, the display_errors is turned ON and the error_reporting is set to something like E_ALL. Remember to restart the web server after every change to your php.ini file. This will provide useful feedback to you which, in turn, would probably have enabled you to solve all these issues.[/li]
[/ol]

 

[vacunita]

I guess the only thing left to ask is how you are opening your script. Regardless of how many errors you have the screipt should not be just downloading.

If you are opening the script by simply boubel clicking the fiel then it won;t work.

You need to have a webserver and open the file via a poroper url such as

http://server/file.php

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[Geates]

Good point, Vacunita. A vital debugging starting point. Putting Occam's Razor to use.

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[vacunita]

Thanks Geates, How I wish there was an edit option.

Corrected for typos:

I guess the only thing left to ask is how you are opening your script? Regardless of how many errors you have the [red]script[/red] should not be just downloading.

If you are opening the script by simply [red]double[/red] clicking the [red]file[/red] then it [red]won't[/red] work.

You need to have a webserver and open the file via a [red]proper[/red] url such as

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[malibu65k]

vacunita,

I have an html form file, I'm double clicking on it, when it opens I type in the info and clcik the save button. The code is above in my first post. That being said, I can go through WAMP to localhost and click on the html file and go through the same process and it inserts a record just fine. I just discovered that by accident a few minutes ago. I'm a programmer trying to learn PHP. I was thinking I could insert from a webpage but didn't know I could only do it from within wamp. I would like to know how it would work if it were actually on the internet without trying to download the file instead of inserting a record.

 

[vacunita]

You need to call the PHP script as I said via the web server otherwise PHP does not get parsed and run, and the file simply downloads. That's the first basic step of any server side language.

In fact you could very well double click your html form file, and as long as your form's action is set to a proper URL it would run the PHP correctly.

action="

http://www.server.com/page.php"

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[malibu65k]

Hi Vacunita,

I'm not familiar enough with web server stuff

can you explain...

"call the PHP script via the web server

and

"as long as your form's action is set to a proper URL it would run the PHP"

What exactly am I missing in my code above or is it not actually something in the code? Or should I be asking where? I learn better by example's.

Thanks!

 

[Geates]

What is the name of the file with the PHP code? I hope it's "insert.php".

<form action="insert.php" method="post">

Also, I would heed jpardie's suggestions as well as (for debugging purposes) reduce your code to it's simplest form (One form, one input box, one submit button, one condition)

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[vacunita]

Hi Vacunita,

I'm not familiar enough with web server stuff

can you explain...

"call the PHP script via the web server

and

"as long as your form's action is set to a proper URL it would run the PHP"

What exactly am I missing in my code above or is it not actually something in the code? Or should I be asking where? I learn better by example's.

Thanks!

You have WAMP because you need to run the PHP files through it WAMP standing for Windows Apache MYSQL and PHP is a webserver package.
Apache is the webserver that uses the PHP interpreter to run and execute the PHP files.

Basically your browser requests a page from the server, the server then finds the page, has to decide what it needs to do with it. If it contains server-side code to parse and execute such as PHP code it hands the file to the parser/interpreter to be run. The Interpreter then returns the HTML that results after executing the code, back to the webserver which delivers it to the browser as HTML.

Without the webserver as an intermediary the code doesn't run.

Double clicking the file makes it open the html file through the file protocol locally and calls the PHP file locally as well, rather than through the webserver (WAMP)
Now, the browser understands HTML, but has no idea what to do with PHP that's where the server comes in. Since it doesn't know what a .php file is it attempts to download it.

Now if your action is set to a full URL through the wamp server then the PHP will get executed.

You action would need to look like this for wamp or a correct full URL

action="[red]

http://localhost/

[/red]insert.php"

This makes the PHP file go through the WAMP webserver and get executed, so only HTML gets delivered to the browser.


----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[vacunita]

ADDENDUM:

If you actually open the html file through WAMP such as

http://localhost/htmlfile.htm

Then the PHP file is called through there as well without the need of the full url.

Basically if you want PHP to get executed you need to call it through the WAMP server.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[malibu65k]

Thanks vacunita!!

Works!!!

I've been puzzled about this on and off for months. I finally understand!

 

[vacunita]

No Problem,. Thanks for the double star.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/