MySQL PHP Web Database Tutorial

Home

PHP

Name Generators

Perl

CSS

Javascript

Java

devTips

Resources

devTips Home

Free Linux Books
Programming for Linux (new)
Sys & Network Admin (new)
On the Desktop (new)

Tech Tips for Picking a Web Host

Database Tutorial (PHP & MySQL)

How to Instal Apache + PHP + MySQL

PHP vs. ASP vs. JSP

Introduction to Debugging

MySQL JDBC Drivers

Overview of Client Side

Margins Flush with Edges of Browser

Specifying Alternate Document to Print

Web App Security
Who Submit That?
Cookie Security
Passwords
Secure Web Development

Usage Info

about web.blazonry

MySQL PHP Web Database Tutorial: Insert Data

We need to get some data into the database. To do so we use an HTML form to collect the data, and then insert it into the database using PHP. Both these functions can be done on the same page.

The form can submit to the same page it is on. This page checks if the POST method is used. If so, insert into the database. I find it easier to have the form and database insert operation on the same page. Makes one less file to keep track of.

Here is the HTML for the form:

<FORM NAME="fa" ACTION="insert_link.php" METHOD="POST">
<B>Category: </B> <INPUT TYPE="text" NAME="category" SIZE=40>
<B>Site Name:</B> <INPUT TYPE="text" NAME="sitename" SIZE=40>
<B>Site URL: </B> <INPUT TYPE="text" NAME="siteurl" VALUE="http://" SIZE=40>
<B>Description: </B> <TEXTAREA NAME="description" ROWS=5 COLS=40></TEXTAREA>
<P><INPUT TYPE="submit" VALUE="Add Link"></P>
</FORM>

The above HTML snippet has the table elements removed because they are for display purpose only. The HTML for the form below is displayed using a table.

This form gathers the information we want to insert into the database and submits back to the same page it is on. We now need the PHP code to process this information. The first block of code is setting up the connection to the database. This is the same as used on the create table page.

<?php
$usr = "---username---";
$pwd = "---password---";
$db = "linksdb";
$host = "localhost";

$cid = mysql_connect($host,$usr,$pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

?>

The second part is run only when the request method on the page is a POST. This is when the form is submitted back to the page. We need to create our SQL statement for the insert. The SQL format for an INSERT is:

INSERT INTO -tablename-
(column_name1, column_name2, ...) VALUES
(data1, data2, ... )

Where the first column name matches to the first data in each of the sets. Remember PHP variables are automatically initialized with the form field names submitted to the page. So the PHP code to submit the query and check for errors is:

<?php

if ($_SERVER['REQUEST_METHOD'] == "POST") {

// the following 4 lines are needed if your server has register_globals set to Off
$category = $_POST['category'];
$sitename = $_POST['sitename'];
$siteurl = $_POST['siteurl'];
$description = $_POST['description'];

$SQL = " INSERT INTO links ";
$SQL = $SQL . " (category, sitename, siteurl, description) VALUES ";
$SQL = $SQL . " ('$category', '$sitename','$siteurl','$description') ";
$result = mysql_db_query($db,"$SQL",$cid);

if (!$result) {
echo("ERROR: " . mysql_error() . "\n$SQL\n"); }

echo ("New Link Added\n");

}

mysql_close($cid);
?>

Escaping Data
When creating SQL statements, string values are delimited using apostrophes (see above code). So what happens when there is an apostrophe in the data you are trying to insert? A SQL error will occur if, for example, the description variable included an apostrophe. Because you do not know what the user will type in, you must assume they are entering all sorts of bad data.

To insert an apostrophe into the database using SQL you need to "double-up" the apostrophes. That is, put two apostrophes in the text where you want just one. For example, to insert the phrase "what's up?" into a database, the SQL code looks like:

INSERT INTO mytable (phrases) VALUES ('what''s up?')

In PHP there is a string function which allows you to do just this on variables quite easily: str_replace This function replaces one value with another in a string. So before you insert data in the database you should replace all single apostrophes with double-apostrophes. For the example variable, the PHP code is:

$description = str_replace("'","''",$description);

Note: This does not insert two apostrophes into the database, just one. So when you pull the data out of the database, it will contain only single apostrophes.

Putting this together with the HTML code above gives us the complete script. Download this script here. (insert_link.phps) Load the page on your server and insert a couple of links into the database created previously. We will need some data in the database for the next section: View Data from Database

Tutorial Sections

Related Links

Newest Pages
Free Linux Admin Books
Free Linux Books for Programmers
Free Books for Linux on the Desktop
Free PHP Books
Free JavaScript Books
Free Java Books - Advanced
Free Java Books - Basic
Free Perl Books
Free Python Books
Quote of the Day (PHP)
Debugging Part 2
How to Test Google Ads
Source Code for Test Google Ads (PHP)

Most Popular Pages
U.S. Name Generator
Wu Name Generator
Baby Name Generator
Upload and Resize an Image (PHP)
Popup Windows (JavaScript)
How To Install Apache + PHP + MySQL
Simple Web Calendar (PHP)

Least Popular Pages
Image Load-Order (Javascript)
dHTML: Scrolling Layers
iNews Aplet (Java)
ProcLog Search Your Logs (Perl)