Please help a newbie

Hello,

I am new to the world of PHP and MySQL. My objective is to create a
table, insert values in it and read it back.

Here's the partial code to create a table from a PHP file:

if (!$table_exists) {
$query="CREATE TABLE contacts (id int(20) NOT NULL, name
varchar(15) NOT NULL, address varchar(15),PRIMARY KEY(id)
if (mysql_query($query, $con)) echo "Table contacts created";
else die('Unable to create table : '.mysql_error());
}


I input the values from a HTML form. Here is the partial code.
$phone = $_POST['phone'];
$name = $_POST['name'];
$address = $_POST['address'];
$query = "INSERT INTO contacts VALUES ('$phone', '$name', '$address')";
if (mysql_query($query, $con)) echo "Values inserted";
else die('Unable to create table : '.mysql_error());


Now the problem that I am facing is that when I make my first insert,
the id field shows a garbage value and not the number that I entered.
Subsequent entries into the table show up just fine. It's only the
first one.

What am I doing wrong?

Thanks, Rij

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Please help a newbie

Hello,

May be try something like this:

$query1=
CREATE TABLE contacts(
id int(16) NOT NULL auto_increment,
phone varchar(15) NOT NULL,
name varchar(15) NOT NULL,
address varchar(15) NOT NULL,
PRIMARY KEY (id)
);

$query2 = "INSERT INTO contacts VALUES ('NULL','$phone', '$name',
'$address')";

P:S
id incremented automatically by MYSQL now

GR
mrfroasty



Rij wrote:
> Hello,
>
> I am new to the world of PHP and MySQL. My objective is to create a
> table, insert values in it and read it back.
>
> Here's the partial code to create a table from a PHP file:
>
> if (!$table_exists) {
> $query="CREATE TABLE contacts (id int(20) NOT NULL, name
> varchar(15) NOT NULL, address varchar(15),PRIMARY KEY(id)
> if (mysql_query($query, $con)) echo "Table contacts created";
> else die('Unable to create table : '.mysql_error());
> }
>
>
> I input the values from a HTML form. Here is the partial code.
> $phone = $_POST['phone'];
> $name = $_POST['name'];
> $address = $_POST['address'];
> $query = "INSERT INTO contacts VALUES ('$phone', '$name', '$address')";
> if (mysql_query($query, $con)) echo "Values inserted";
> else die('Unable to create table : '.mysql_error());
>
>
> Now the problem that I am facing is that when I make my first insert,
> the id field shows a garbage value and not the number that I entered.
> Subsequent entries into the table show up just fine. It's only the
> first one.
>
> What am I doing wrong?
>
> Thanks, Rij
>
>


--
Extra details:
OSS:Gentoo Linux-2.6.25-r8
profile:x86
Hardware:msi geforce 8600GT asus p5k-se
location:/home/muhsin
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS
Typo:40WPM
url:http://mambo-tech.net
url:http://blog.mambo-tech.net


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Please help a newbie

Rij wrote:
> I input the values from a HTML form. Here is the partial code.
> $phone = $_POST['phone'];
> $name = $_POST['name'];
> $address = $_POST['address'];
> $query = "INSERT INTO contacts VALUES ('$phone', '$name', '$address')";
> if (mysql_query($query, $con)) echo "Values inserted";
> else die('Unable to create table : '.mysql_error());

This is unsafe code. I suggest you lookup "prepared statements" and the
PDO library (which is part of PHP).

Daniel.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Please help a newbie

mrfroasty wrote:
> Hello,
>
> May be try something like this:
>
> $query1=
> CREATE TABLE contacts(
> id int(16) NOT NULL auto_increment,
> phone varchar(15) NOT NULL,
> name varchar(15) NOT NULL,
> address varchar(15) NOT NULL,
> PRIMARY KEY (id)
> );
>
> $query2 = "INSERT INTO contacts VALUES ('NULL','$phone', '$name',
> '$address')";
>
> P:S
> id incremented automatically by MYSQL now

Maybe - but it's by accident. You're trying to insert the word NULL into
an int field (it's being treated as a word because of the single quotes
around it).

Don't specify the id field at all:

$query2 = "insert into contacts(phone, name, address) values ('" .
mysql_real_escape_string($_POST['phone']) . "', '" .
mysql_real_escape_string($_POST['name']) . "', '" .
mysql_real_escape_string($_POST['address']) . "')";

You should always use the field names (as above) because if your table
gets reordered, your inserts will now break - if you put "name" before
phone, the data is now going into the wrong fields.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Please help a newbie

Thanks....
Great tip there...

Gr
mrfroasty


Chris wrote:
> mrfroasty wrote:
>> Hello,
>>
>> May be try something like this:
>>
>> $query1=
>> CREATE TABLE contacts(
>> id int(16) NOT NULL auto_increment,
>> phone varchar(15) NOT NULL,
>> name varchar(15) NOT NULL,
>> address varchar(15) NOT NULL,
>> PRIMARY KEY (id)
>> );
>>
>> $query2 = "INSERT INTO contacts VALUES ('NULL','$phone', '$name',
>> '$address')";
>>
>> P:S
>> id incremented automatically by MYSQL now
>
> Maybe - but it's by accident. You're trying to insert the word NULL
> into an int field (it's being treated as a word because of the single
> quotes around it).
>
> Don't specify the id field at all:
>
> $query2 = "insert into contacts(phone, name, address) values ('" .
> mysql_real_escape_string($_POST['phone']) . "', '" .
> mysql_real_escape_string($_POST['name']) . "', '" .
> mysql_real_escape_string($_POST['address']) . "')";
>
> You should always use the field names (as above) because if your table
> gets reordered, your inserts will now break - if you put "name" before
> phone, the data is now going into the wrong fields.
>


--
Extra details:
OSS:Gentoo Linux-2.6.25-r8
profile:x86
Hardware:msi geforce 8600GT asus p5k-se
location:/home/muhsin
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS
Typo:40WPM
url:http://mambo-tech.net
url:http://blog.mambo-tech.net


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php