Home/ Questions/Q 3601196
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T20:35:28+00:00

When I try to enter data from a form I have made it adds

  • 0

When I try to enter data from a form I have made it adds a new entry as i can see from phpmyadmin but does not transfer other details across

I am using a simple form that collects 9 fileds post is to update.php. Here is what I have in update.php

<?php
$realname = $_POST['realname'];
$age = $_POST['age'];
$country = $_POST['country'];
$gamename = $_POST['gamename'];
$gamelevel = $_POST['gamelevel'];
$itemlevel = $_POST['itemlevel'];
$class = $_POST['class'];
$played = $_POST['played'];
$support = $_POST['support'];

mysql_connect ("localhost", "mydb_userid", "MYPASSWORD") or die ('Error: ' . mysql_error());
mysql_select_db ("mydb_recruitment");

$query="INSERT INTO applicants (ID, realname, age, country, gamename, gamelevel, itemlevel, class, played, support)VALUES ('NULL','".$realname."','".$age."','".$country."','".$gamename."','".$gamelevel."','".$itemlevel."','".$class."','".$played."','".$support."')";

mysql_query($query) or die ('Error updating DB');

echo "You have sucessfully sent an application. Your details will be reviewed and someone will get back to you";

?>

Hope someone can help, searching the net seems to sugest something about global variables – but i dont know if i have control of that as its an hosted site.

this is the signup form: 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Candidate Registration</title>
</head>

<body>

<form medthod="post" action="update.php">

Real Name:<br />
<input type="text" name="realname" size="50" /><br />

Age:<br />
<input type="text" name="age" size="10" /><br />

Country:<br />
<input type="text" name="country" size="20" /><br />

In Game Name:<br />
<input type="text" name="gamename" size="30" /><br />

In Game Level:<br />
<input type="text" name="gamelevel" size="10" /><br />

In Game Item Level:<br />
<input type="text" name="itemlevel" size="10" /><br />

Class Played:<br />
<input type="text" name="class" size="30" /><br />

How long have you played wow?:<br />
<input type="text" name="played" size="10" /><br />

Please enter a brief statement of why you want to join:<br />
<input type="text" name="support" size="5000" /><br />
<br />
<input type="submit" value="Update DB" />

</form>
</body>
</html>

this is the update.php form

<?php
$realname = $_POST['realname'];
$age = $_POST['age'];
$country = $_POST['country'];
$gamename = $_POST['gamename'];
$gamelevel = $_POST['gamelevel'];
$itemlevel = $_POST['itemlevel'];
$class = $_POST['class'];
$played = $_POST['played'];
$support = $_POST['support'];

mysql_connect ("localhost", "mydb_daniel", "mypwd") or die ('Error: ' . mysql_error());
mysql_select_db ("mydb_recruitment");

$query="INSERT INTO applicants (ID, realname, age, country, gamename, gamelevel, itemlevel, class, played, support)VALUES ('NULL','".$realname."','".$age."','".$country."','".$gamename."','".$gamelevel."','".$itemlevel."','".$class."','".$played."','".$support."')";

mysql_query($query) or die ('Error updating DB');

echo "You have sucessfully sent an application. Your details will be reviewed and someone will get back to you";

?>

I understand peoples concerns about sercurity, but please understand this only for me to mess around with and produce a basic signup form for my guild, i wont be requesting credit card details 🙂

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is your form method set to POST? – unless you have explicitly added this the variables will be within the $_GET superglobal so your variables would be like this:

    $realname = $_GET['realname'];

    If it is set to POST – please do a var_dump($_POST) at the top of your script and see if any variables are making it to your script.

    Something else that i’ve seen before is caused when people are redirecting in a .htaccess from domain.com to http://www.domain.com and they post a script explicity to domain.com/script.php and the script then redirects to http://www.domain.com/script.php and this empties the POST.

    EDIT

    You have spelt method wrong in your form tag – if you update this then it should work as your misspelling will be causing the variables to be sent as GET vars.

    You can fix your security issues in a basic way like this:

    $realname = mysql_real_escape_string($_POST['realname']);
$age = mysql_real_escape_string($_POST['age']);
$country = mysql_real_escape_string($_POST['country']);
$gamename = mysql_real_escape_string($_POST['gamename']);
$gamelevel = mysql_real_escape_string($_POST['gamelevel']);
$itemlevel = mysql_real_escape_string($_POST['itemlevel']);
$class = mysql_real_escape_string($_POST['class']);
$played = mysql_real_escape_string($_POST['played']);
$support = mysql_real_escape_string($_POST['support']);
    • 0