# PHP insert to database help



## tmjhayward (Jul 17, 2005)

Hi. I created an online survey (survey.php) that uses check boxes, radio buttons and text areas. When it's submitted, it gets emailed. I have this on a website I'm developing, and everything on it works fine. Now I want to collect the responses in a MySQL database, rather than email them. I've read a lot of different ways to do this, but because of this, I think I've ended up 'mixing my metaphors,' so to speak!

One site I looked at suggested creating the following php scripts to use as includes in my survey.php script: config.php, opendb.php and closedb.php. So I have these. Then I created a function insert_db() in my survey.php that has the insert statement.

I've already created the database (something I'm actually familiar with!) but I'm getting confused as to what I now need to add to my survey.php script to accomplish the insert, and mostly, WHERE to put all of the new code. I've attached the 3 files mentioned above as well as my survey script. It's a bit messed up now cuz I tried to put the php code in it, but I'm sure it's in the wrong place (plus I changed a bunch of text information for security reasons).

If anyone can take my survey script and just show me where the php code goes - as well as anything else I'm totally missing - I'd really appreciate it!
Thanks!
MJ


----------



## treydx (Jan 4, 2006)

Alright, all of the includes are kind of confusing the way you have it set up now. It would probably be easier to separate your whole survey into two pages. The first page is just the HTML form, and the second page is what is placed in the "action" attribute of your form (which, right now, is insert.php).

So get rid of all that php/database code in your survey.php page. You just need the html form and make sure that the form posts to insert.php.

Now create that insert.php page. At the top you need to include the config variables, then open the database, then execute your insert statement, then close your database connection. If this is the only page you're going to do database access on, go on and get rid of the includes. They're only useful if the database name/username/password, etc is ever going to change.

Basically this insert.php page is going to look like this:
mysql_connect();
$query = INSERT INTO ....;
mysql_execute($query);
mysql_close();

Thanks for submitting your survey!

and you should do some error checking and all that mess. After you get this working, don't forget to escape all the "illegal" characters from the submitted variables, I think mysql_real_escape_string() or something like that. It stops weird characters like backslashes and quotation marks from messing up your query (and it's a big security hole if you don't escape bad characters).


----------



## tmjhayward (Jul 17, 2005)

Thanks, Treydx. I'll try what you said and see how it goes. Is it the usual practice to have a separate php page for the insert? or is this just because I'm only doing one insert on this site? If I was doing multiple database queries/inserts/updates from one site, but on different pages, would it make more sense to use includes? If so, where do the includes go - at the top where I had put them in my survey script? Could I have one php insert script for all inserts, but with multiple functions within the insert? If so, what is the syntax to call the php_insert/function from the html script - do I just include insert.php, and then call just the function within the html (within php tags)? If this can't be done, is a separate insert_xxx.php script for each insert necessary? 

Could you show me a brief example of an html script that uses an include or two (say for an insert and a query) and where the php code would fit within it? I'm still not comfortable with exactly how the code in the include is called.

Sorry for all the questions but I really appreciate your help!
Thanks
!
MJ


----------



## treydx (Jan 4, 2006)

It's a matter of personal preference. Some people post back to the same page and do the insert from there, but to me, that is just another place to add confusion for maintainers. When you post back to the same page, you have to carefully test all of your variables to find out which are null and if none are or not many are, then you can do the insert. It's just really easy to mess up your logic and try to insert when there is no data and things like that.

If you were doing queries on many pages, it would make sense to use includes in case your database parameters change. That way, if you change your username, for example, you only have to change it in the "config" include file and the change is propagated to all of your pages that interact with your database. I'm not really a big fan of includes for instantiating and closing the database connection because it's only a few lines of code, even with decent error checking. It's not worth it to me. Since PHP is an interpreted language (sort of) it goes from top to bottom, so the order of your includes would be that you need your "config" include file before you use any variable declared in it, then you need to use your "opendb" include before you try to execute any query, and you've got to execute all of your queries and do all your database interaction before you include your "closedb" file. The way your example was, the database connection was being closed before you ever could have called your insert function. So it would error out whenever it got to that point.

You could certainly have multiple insert functions on an insert.php page. I wouldn't suggest it. I think a separate insert page for every form on your site is easier to maintain. But if you wanted to go that route, every form would need an extra variable telling the insert.php page which function to run--so you'd want a hidden form variable to pass the form name or whatever to the insert page, then call your specific insert function based on that value. Basically: if($hiddenformname=="survey1") { insertfunction1(); } else if ($hiddenformname=="survey2") { insertfunction2(); }. something along those lines would work. But it's more difficult to test that way (in my opinion).

Oh, and you don't have to include("insert.php"), you only have to have it as the action attribute in your form. ... . I just wanted to clarify that. You don't have to have any php on the page that contains your form at all.

Basically when you include files, it just copies and pastes the text from the include file where you've asked php to include it for you. Think of it that way.


----------



## tmjhayward (Jul 17, 2005)

Thanks again! This info was really helpful to me. I've just read so much about being able to mix and match html and php that it was getting a bit confusing. It does seem much simpler to keep the php stuff separate. I'm going to make the changes you've suggested and hopefully I'll get it all to work.
MJ


----------

