PostgreSQL & PHP Tutorials - Adding data to your database

PHP »  Adding data to your database
PostgreSQL »  Adding data to your database
PostgreSQL »  Starting Out »  Adding data to your database
PHP »  Starting Out »  Adding data to your database

Posted By Chris Smith Posted on 07 Feb 2006, 05:47 AM
Adding data to a database is quite easy. The easiest way to do it with php is through a form on a website.

Here we'll create a basic "friends list" with a person's name and email address.

Here is a basic form that we can use to do what we want.


<html>
    <body>
        <form action="add.php" method="post">
            First Name : <input type="text" name="firstname" size="40" length="40" value="First Name"><BR>
            Surname : <input type="text" name="surname" size="40" length="40" value="Surname"><BR>
            Email Address : <input type="text" name="emailaddress" size="40" length="40" value="Email Address"><BR>
            <input type="submit" name="submit" value="Submit">
            <input type="reset" name="reset" value="Clear It">
        </form>
    </body>
</html>



<form action="add.php" method="post">


This line "posts" the information to the PHP script script named in "action", so change the action to the
name of the script you save it as.

This is our "action" script -


<html>
    <body>
        <?php
        $db 
pg_connect('host=localhost dbname=contacts user=contacts password=firstphp');

        
$firstname pg_escape_string($_POST['firstname']);
        
$surname pg_escape_string($_POST['surname']);
        
$emailaddress pg_escape_string($_POST['emailaddress']);

        
$query "INSERT INTO friends(firstname, surname, emailaddress) VALUES('" $firstname "', '" $surname "', '" $emailaddress "')";
        
$result pg_query($query);
        if (!
$result) {
            
$errormessage pg_last_error();
            echo 
"Error with query: " $errormessage;
            exit();
        }
        
printf ("These values were inserted into the database - %s %s %s"$firstname$surname$emailaddress);
        
pg_close();
        
?>
    </body>
</html>


Now we'll break it down into parts to see what's going on.


<?php
$db 
pg_connect('host=localhost dbname=contacts user=contacts password=firstphp');
?>


This line connects to our database. The database (dbname) is called 'contacts', it connects as postgresql user 'contacts' with the password 'firstphp'.

(We created this user in the "PostgreSQL User" tutorial).


<?php
$firstname 
pg_escape_string($_POST['firstname']);
$surname pg_escape_string($_POST['surname']);
$emailaddress pg_escape_string($_POST['emailaddress']);
?>


These 3 lines get the values from our form. Since the form is 'post'ing the values we use $_POST. PHP supports 'get'ting the values as well with $_GET (we'll deal with this a bit later).

The 'pg_escape_string' function "escapes" the string properly so it can go into the database. This stops something like O'Reilly creating a database error.

If you want to check what it does, you can do:


<?php
$firstname 
$_POST['firstname'];
$newfirstname pg_escape_string($_POST['firstname']);
echo 
'First name without escaping: ' $firstname '<br/>';
echo 
'First name with escaping: ' $newfirstname '<br/>';
?>


In most cases it won't be different, but it's better to be safe - this will stop SQL Injection attacks (which we'll cover another time).


Now we've created the query, we can run it against the database:


<?php
$result 
pg_query($query);
if (!
$result) {
    
$errormessage pg_last_error();
    echo 
"Error with query: " $errormessage;
    exit();
}
?>


We should always check to make sure the query works. If it fails (if pg_query returns false) then we're printing out the error message.

All done!
Avg Rating: 4
Vote Count: 48


              


Want to post a comment? Fill in the details below.

Your Name  : 
Your Email  : 
Your Website  : 
Spam Check! Please answer this question  : 2 + 4 =
Comment