Writing to SQL from PHP

blighter · 19 Oct 2007 at 00:19

Hey all,

I've been reading through various tutorials on this but am now completely confused.

I'm trying to do a form for the OcUK Members Map so people can add their Location.

I just need a form that adds the following to a MySQL table:
Name
Town
Latitude
Longitude
a 'Type' box (just normal text)

I also wanted to make a register bit so people can log on and change theirs if need be.

Any help will be mentioned on the site

blighter · 19 Oct 2007 at 01:46

Wow, thanks for that.
I've created two pages as follows:

page1:

Code:

<form name="userdata" method="POST" action="page2.php"><br>
Username: <input type="text" name="username" /><br>
Town: <input type="text" name="town" /><br>
Latitude: <input type="text" name="lat" /><br>
Longitude: <input type="text" name="lng" /><br>
Type: <input type="text" name="type" /><br>
Password: <input type="text" name="password" /><br>
<input type="submit" name="submit_form" value="Send" />
<input type="reset" name="reset_form" value="Clear Form" />
</form>

page2:

Code:

<?php
$name = $_POST['username'];
$town = $_POST['town'];
$lat = $_POST['lat'];
$lng = $_POST['lng'];
$type = $_POST['type'];
$password = $_POST['password'];

$address = localhost;
$username = "*****";
$password = "*****";
$database = "ocuk";

mysql_connect($address,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO markers VALUES ('','$username','$town','$lat,'$lng','$type','$password')";
mysql_query($query);

mysql_close();
?>

but it just displays a blank page and no data when i press submit

blighter · 19 Oct 2007 at 02:27

OK, have changed the username and password bits to user and pass

test1.html

Code:

<form name="userdata" method="POST" action="test2.php"><br>
Username: <input type="text" name="user" /><br>
Town: <input type="text" name="town" /><br>
Latitude: <input type="text" name="lat" /><br>
Longitude: <input type="text" name="lng" /><br>
Type: <input type="text" name="type" /><br>
Password: <input type="text" name="pass" /><br>
<input type="submit" name="submit_form" value="Send" />
<input type="reset" name="reset_form" value="Clear Form" />
</form>

test2.php

Code:

<?php
$name = $_POST['user'];
$town = $_POST['town'];
$lat = $_POST['lat'];
$lng = $_POST['lng'];
$type = $_POST['type'];
$pass = $_POST['pass'];

$address = localhost;
$username = "******";
$password = "******";
$database = "ocuk";

mysql_connect($address,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO maps VALUES ('$id','$name','$town','$lat,'$lng','$type','$pass')";
print($query);
mysql_query($query);

mysql_close();
?>

edit:
INSERT INTO maps VALUES ('','usernamee','townn','latt,'longg','typee','passs')

blighter · 19 Oct 2007 at 02:29

edit:
just changed the "username" and "password" rows to "user" and "pass"

phpmyadmin says:

Error

There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem

ERROR: Unclosed quote @ 76
STR: '
SQL: INSERT INTO maps VALUES ('','usernamee','townn','latt,'longg','typee','passs')

SQL query:

INSERT INTO maps VALUES ('','usernamee','townn','latt,'longg','typee','passs')

MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'longg','typee','passs')' at line 1

blighter · 19 Oct 2007 at 02:34

WOO! Fixed it.
There was a missing ' after the Latitude

blighter · 19 Oct 2007 at 02:45

marc2003 said:
now you've fixed it you want to....

have 2 passwords boxes - one to choose- one to confirm
set the input type to password so it's not plain text on screen
encrypt the password before adding it to the database
validate user input
protect yourself against sql injection

OK, just added the password input type, but have no idea how to do the others

I also need to find a way of converting (51.123456,0.123456) into two values. One being 51.123456 and the other being 0.123456 :eek:

blighter · 19 Oct 2007 at 02:58

RobH said:
For the conversion you can use:

$str = "51.123456,0.123456";
$splitstr = preg_split(",", $value);

$splitstr[0] // First value
$splitstr[1] // Second value

You can see the contents of an array easily by using:

print_r($splitstr);

Thanks

Will that also remove the brackets?

blighter · 19 Oct 2007 at 03:46

marc2003 said:
just use str_replace as it's only a simple replace....

Code:

$splitstr = explode(',', $_POST['lat_long']); $lat = str_replace('(', '', $splitstr[0]); $long = str_replace(')', '', $splitstr[1]);

i'm not familiar with preg_split - looks the same as explode.

That is working lovely! Thanks!

Once all the code is public-safe, I'll finish off the other bits (encrypting passwords etc) then launch it and put you all on the new credits page (http://ocuk.blighter.net/credits.php)

blighter · 19 Oct 2007 at 16:31

Thanks for all the help guys!

It's all working now.

http://ocuk.blighter.net/map

I'm going to give the main page a makeover, and will then launch it

blighter · 19 Oct 2007 at 16:37

Butters said:
Cool, and sorry for the recent hijack blighter

No problem

And have added Sic, marc2003 and RobH to the credits page