No data is displayed on webstite, and mysql data being inserted 2 times with php_问答_开发者

Hey guys I'm having some trouble with this code. It's for a website for class. When I try to insert data via php, 2 blank rows get inserted into the db. And when I want to redisplay it on the website nothing shows up. I was hoping someone could lend a helping hand.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Results</title>
<link href="styles/style_sheet.css" rel="stylesheet" type="text/css" />



<style type="text/css">
a:link {
color: #0F0;
}
a:v开发者_如何学JAVAisited {
color: #0F0;
}
</style>
</head>
<body>

<div id="main_container">
<div id="header">

</div><!--End of header-->
<div class="shadow">
<div id="navbar"><a href="index.php">Home</a> &nbsp;&nbsp;&nbsp; <a     href="register.php">Register</a> &nbsp;&nbsp;&nbsp; <a href="login.php">Login</a> / <a     href="<?php echo $logoutAction ?>">Logout</a>&nbsp;&nbsp;&nbsp; <a     href="Search.php">Search&nbsp;&nbsp;&nbsp;<a href="CommentPage.php">Guest Book</a></div><!- -End of NavBar-->
</div><!--End of navbar shadow-->
<br />
<div class="shadow">
<div id="Content">
<h2> Results:</h2>
<p>&nbsp;</p>

<form action="" name="Movie_Search"method="get">
<p>
<?php
$dbread = mysql_connect("localhost","user","pw");
mysql_select_db("db", $dbread);

$id = $_GET['movie_name'];
$movie_results = mysql_query("SELECT MovieID, MovieName, Description, Genre, Rating     FROM movie WHERE MovieName='$id'");
$movie_values = mysql_fetch_assoc($movie_results);

echo 'Title: ' . $movie_values['MovieName'] . '';
echo '<p>Genre: ' . $movie_values['Genre'] . '</p>';
echo '<p>Description: ' . $movie_values['Description'] . '</p>';
echo '<p>Rating: ' . $movie_values['Rating'] . '</p>';

$movieID=$movie_values['MovieID'];
$review_results = mysql_query("SELECT Name, Review FROM reviews WHERE     MovieID='$movieID'");
$review_values =mysql_fetch_assoc($review_results);
 echo '--------------------------------------------------------------------------------------------------------------'. '<br> <br>';
while ($review_values = mysql_fetch_assoc($review_results)) {          
echo $review_values['Name'] . ' says:' .  '<br />' . $review_values['Review'] . '<br />    <br />' . '<hr>';    
 }

$name = $_POST['name'];
$comments =$_POST['comments'];
$result=mysql_query("INSERT INTO reviews (Name, Review, MovieID)
VALUES ('$POST[$name]', '$_POST[$comments]', '$movieID')");

$result_values =mysql_fetch_assoc($result);
?>
</p>
</form>
<p>&nbsp;</p>
<form id="insert_comments" style="border:thin" name="insert_comments" method="POST">
<label>Name:</label>
<br />
  <input type="text" name="name" id="name" />
<br>
  <label for="desc">Comments:<br /></label>
<textarea name="comments" id="comments" cols="45" rows="5"></textarea>
</p>
<p>
 <input type="submit" name="submit" id="submit" value="Submit" />
</p>
</form>
<p>&nbsp;</p>
<input name="" type="hidden" value="$movieID" />
<br />

</div>
<!--End of Contentr-->
</div><!--End of content shadow-->

<div class="footer">

<hr />© Nate Christensen<hr />
</div><!--End of footer-->
</div><!--End of Main Container-->


</body>
 </html>

Your insert statement at line 59:

$result=mysql_query("INSERT INTO reviews (Name, Review, MovieID) VALUES ('$POST[$name]', '$_POST[$comments]', '$movieID')");

You cannot put $_POST inside strings directly. Use the dot (.) PHP concat operator to insert variables in the middle. You should do it like this:

$result=mysql_query("INSERT INTO reviews (Name, Review, MovieID) VALUES ('".$_POST[$name]."', '".$_POST[$comments]."', '".$movieID."')");

Oh and also, you already put $_POST name and comment into a variable so the most correct way is:

$result=mysql_query("INSERT INTO reviews (Name, Review, MovieID) VALUES ('$name', '$comments', '$movieID')");

Also if movie ID is an INT type you shouldn't put apostrophe

It is inserting twice because you did not put an IF statement to detect if be already submitted. On your first load of the page, it inserts, once submitted, another insert. you should put:

if($_POST['submit']){
    // all php codes
}

One more thing, fix your comment in:

<!- -End of NavBar-->

(line 26)

I think the problem is you are using variables: $name, $comments as array keys.

$name = $_POST['name'];
$comments =$_POST['comments'];

Here you are reading $_POST values to $name and $commens.

$result=mysql_query("INSERT INTO reviews (Name, Review, MovieID)
VALUES ('$POST[$name]', '$_POST[$comments]', '$movieID')");

Yet you are using $POST[$name]

Nate, I know this is nitpicking, but why are you mixing a database call with display logic? The database call could easily be dumped into a separate class method (or at least a function call), which would clean up your code, make it easier to spot errors and make you look like a professional.

After looking at your code for a bit I noticed that one of your SQL query strings contains this: $POST[...] instead of $_POST[...], try adding the underscore in between the $ and POST.

Also don't forget to clean your input from the $_POST array by using mysql_escape_string(), or mysql_real_escape_string() NOTE: mysql_real_escape_string() can only be successfully called inside of an open mysql connection. If you don't clean your input you leave your database more or less open to SQL injection attacks.

I know you are a student and still learning, but it really is better to learn this now and develop good habits.

can you add this code or die(mysql_error()); in the end of this lines

$review_results = mysql_query("SELECT Name, Review FROM reviews WHERE MovieID='$movieID'");

AND

$movie_results = mysql_query("SELECT MovieID, MovieName, Description, Genre, Rating FROM movie WHERE MovieName='$id'");