开发者

Adding to database via mysql query - form elements not adding to database

开发者 https://www.devze.com 2023-02-15 15:25 出处:网络
morning all - amended question, as data now enters db correctly, I\'m a newbie to php/mys开发者_Python百科ql, but through various articles and guides have built a form, which when submitted I want th

morning all - amended question, as data now enters db correctly,

I'm a newbie to php/mys开发者_Python百科ql, but through various articles and guides have built a form, which when submitted I want the user to be sent to a separate THANK YOU PAGE (so I can track conversions etc).

Here's the code I'm currently using, which when the form is submitted with no errors, delivers a 'THANK YOU' message on the same page:

   <?php
if(isset($error))
    {echo "<span id='Warning'>Please enter all areas marked with *</span>";}
else if (isset($sent))
    {echo "<span id='Normal'>Thank you for your enquiry, we will contact you shortly</span>";}
?>

Previously I was using the following after the mysql query (where the fields enter the db), but this sent users to the 'THANK YOU' page even if there were errors with the form they completed

header('Location: http://www.THANK-YOU-PAGE');
}
?>

Can anyone see anything glaringly wrong? I'm new to this, so any help is appreciated.

Thanks


Probably, you are missing some fields values in the INSERT INTO statement. If you don't specify the fields, you have to enter exactly one value for each field, or mysql won't know which value goes in wich field. So to avoid this, try to write your statement like the following, with the fields you want to populate written in the statement.:

INSERT INTO field1, field2 VALUES ('value1', 'value2');

Anyway, your query is very insecure. You should use at least mysql_real_escape_string to escape user input. You can read about SQL injections in the same link or here. There are other alternatives that I prefer, like using PDO class of PHP.

0

精彩评论

暂无评论...
验证码 换一张
取 消