I'm having problems with inserting into a database. the query completes successfully but when I look in the database the fields are empty.
Here's my HTML form:
<form action = "add_at.php" method = "post">
<input type = "text" class = "userip" name="userip">
<input type = "text" class = "coordinates" name="coordinates">
<input type = submit>
</form>
Here's my php script:
<?php
$mysql_host ='host';
$mysql_user ='user';
$mysql_pass ='pass';
$mysql_database = 'database';
$user_ip = $_POST['userip'];
$user_cords = $_POST['coordinates'];
mysql_connect($mysql_host, $mysql_user, $mysql_pass) or die('unable to connect.');
mysql_select_db($mysql_database);
$query = "INSERT INTO `userips` (ip,cord) VALUES ('$user_ip','$user_cords')";
mysql_query($query) or die('nope, sorz.');
mysql_close();
echo('woot wooooooooooooot')
?>
Update:
I found the problem. I needed to add a \ to one of my input fields in my HTML form. Simple mistake. Thank you all for your help, though.
You should check to see if your post variables are set before calling your SQL command.
Eg...
if (isset($_POST['userip']))
Also, you are open to SQL injection.
Try mysql_error() after your query. I think you have an SQL-Error in your query. And you should really have a look at SQL-Injections.
mysql_query($query) or die('nope, sorz.');
echo mysql_error();
mysql_close();
Edit:
$query = "INSERT INTO `userips` (ip,cord) VALUES ('".mysql_real_escape_string($user_ip)."','".mysql_real_escape_string($user_cords)."')";