I'm trying to get the entry from a textbox code to go to a php form and have the php form send it to a database. THe problem I'm having is instead of posting the textbox value it posts $code. I'm using mysql and php.
PHP:
<?
if( $_POST )
{
$username="***";
$password="***";
$con = mysql_connect("***",$username,$password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("inmoti6_mysite", $con);
$code = $_POST['code'];
$code = htmlspecialchars($code);
$query = 'INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ("$code");';
mysql_query($query);
echo "<h2>Thank you for your Comment!</h2>";
mysql_close($con);
}
?>
Doubt this is the issue, but here's the html:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Database</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="/scripts/database2.php">
<label>Code:
<input name="code" type="text" id="code" value="" size="45" />
</label>
<p>
<label>
<input type="submit" name="submit" id="submit" value="Submit" />
</label>
</p>
</form>
</body>
</html>
You need to use double quotes for the variables to be recognized in a string, so change:
$query = 'INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ("$code");';
to
$query = "INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ('$code');";
You also have an sql injection problem; I recommend that you switch to PDO (or mysqli) with prepared statements and bound variables. At the very least you should use mysql_real_escape_string on your variables before you insert them in the database but as you can see in the manual, the mysql_* functions are deprecated.
it doesn't post $code, you use $code as a value instead of a variable. problem is related to quotes.
$query = "INSERT INTO `storycodes`.`storycodes` (`code`) VALUES (\"$code\");";
try this one.