0
Hello, I’m new in PHP and I’m doing a small scheduling page but I stuck in the input part of the data inside the database, below my codes:
Index.php
<html>
<head>
<title> Controle de Coleta </title>
<link rel="stylesheet" type="text/css" href="include/estilo.css"/>
</head>
<body>
<?php include("include/db.php") ?>
<form action="include/verifica.php" method="POST">
<pre>
Insira as informações da coleta:
<table width="100%" class="tabela2">
<thead bgcolor="#D1DCEB"><tr>
<th>Data da Coleta</th>
<th>Hora da Coleta</th>
<th>Unidade</th>
<th>Observação</th>
<th>Solicitante</th>
<th>Coletadora</th>
<th>Cadastrar</th>
</tr></thead>
<tbody>
<tr>
<td><input type="text" size="27" maxlenght="256" name="data_chamada"></td>
<td><input type="text" size="27" maxlenght="256" name="hora_coleta"></td>
<td><input type="text" size="27" maxlenght="256" name="unidade"></td>
<td><input type="text" size="26" maxlenght="256" name="observacao"></td>
<td><input type="text" size="26" maxlenght="256" name="solicitante"></td>
<td><input type="text" size="26" maxlenght="256" name="coletadora"></td>
<td><input type="submit" value="Cadastrar" name="enviar"></td>
</tr>
</pre>
</form>
<?php
echo '<table width="100%" class="tabela1">';
echo '<thead bgcolor="#D1DCEB"><tr>';
echo '<th><font size="2" color="#336699">Data Chamada</th>';
//echo '<th><font size="2" color="#336699">Hora Chamada</th>';
echo '<th><font size="2" color="#336699">Unidade</th>';
echo '<th><font size="2" color="#336699">Observação</th>';
echo '<th><font size="2" color="#336699">Solicitante</th>';
echo '<th><font size="2" color="#336699">Coletadora</th>';
echo '<th><font size="2" color="#336699">Hora Coleta</th>';
echo '<th><font size="2" color="#336699">Protocolo</th>';
echo '</tr></thead>';
echo '<tbody>';
$sql = mysql_query('SELECT *, date_format(data_chamada, "%d%/%m%/%Y") as data_chamada FROM coleta_hc_2017 ORDER BY id DESC LIMIT 100;');
while ($row = mysql_fetch_assoc($sql)) {
echo '<tr>';
echo '<td><font size="2">' . $row['data_chamada'] . '</td>';
// echo '<td><font size="2">' . $row['hora_chamada'] . '</td>';
echo '<td><font size="2">' . $row['unidade'] . '</td>';
echo '<td><font size="2">' . $row['observacao'] . '</td>';
echo '<td><font size="2">' . $row['solicitante'] . '</td>';
echo '<td><font size="2">' . $row['coletadora'] . '</td>';
echo '<td><font size="2">' . $row['hora_coleta'] . '</td>';
echo '<td><font size="2">' . $row['id'] . '</td>';
echo '</tr>';
}
echo '</tbody></table>';
?>
</body>
</html>
include/db.php
<?php
$servidor = "ipserver";
$usuario = "usrteste";
$banco = "minhadb";
$senha = "pwteste";
//Não Alterar abaixo:
$conmysql = mysql_connect($servidor,$usuario,$senha);
$db = mysql_select_db($banco, $conmysql);
if ($conmysql && $db){
echo "Parabens! A conexão ao banco de dados ocorreu normalmente!";
} else {
echo "Nao foi possivel conectar ao banco MYSQL";
}
?>
include/verifies.php
<html>
<body>
<?php
$data_chamada = $_POST["data_chamada"];
//$hora_chamada = $_POST["hora_chamada"];
$hora_coleta = $_POST["hora_coleta"];
$unidade = $_POST["unidade"];
$observacao = $_POST["observacao"];
$solicitante = $_POST["solicitante"];
$coletadora = $_POST["coletadora"];
$erro = 0;
// Verifica se os campos não estão em branco
if (empty($data_chamada))
{echo "Favor inserir a Data da Chamada.<br>"; $erro=1;}
if (empty($hora_coleta))
{echo "Favor inserir a Hora da Coleta.<br>"; $erro=1;}
if (empty($unidade))
{echo "Favor inserir a Unidade.<br>"; $erro=1;}
if (empty($observacao))
{echo "Favor inserir a Observação.<br>"; $erro=1;}
if (empty($solicitante))
{echo "Favor inserir o Solicitante.<br>"; $erro=1;}
if (empty($coletadora))
{echo "Favor inserir a Coletadora.<br>"; $erro=1;}
//Verifica se não houve erro
if($erro==0)
{echo "Todos os dados foram inseridos corretamente!";
include 'insere.php';
}
?>
</body>
</html>
include/insert.php
<?php
include 'db.php';
$data_chamada = $_POST['data_chamada'];
$hora_chamada = date("H:i:s");
$hora_coleta = $_POST['hora_coleta'];
$unidade = $_POST['unidade'];
$observacao = $_POST['observacao'];
$solicitante = $_POST['solicitante'];
$coletadora = $_POST['coletadora'];
$sql = "INSERT INTO minhatable VALUES";
$sql = "('$data_chamada', '$hora_chamada', '$hora_coleta', '$unidade', '$observacao', '$solicitante', '$coletadora')";
?>
I cannot identify where exactly the problem is, so what I saw is in the final step, it checks (verifies.php) the data but does not insert (inserts.php).
PS1 : There are two things that I do not know if they are correct, one of them is that I needed the "call time" column to save the server time at the time the registration was made, I did it the right way (look at the inserts.php)?
PS2: I have a column called "id", I needed it to count +1 in every new register.
Thanks in advance!
Your code does not call any function that does DB insertion. So it will not even insert. It is suggested to read at least the PHP manual and get basic examples.
– Bacco
In addition to what @Bacco already said. The last line of
insere.phpshould be$sql += " ('$data_chamada', '$hora_chamada', '$hora_coleta', '$unidade', '$observacao', '$solicitante', '$coletadora')";– Rene Freak
While I’m at it, I would also suggest a search for SQL Injection here on the site. If you use the code as it is (solving the insert part) you are giving virtually unrestricted access to your DB by the form.
– Bacco
I solved the problem of inse.php, now it is saving the data everything ok, but the issue of SQL Injection got me now, the system will be used only internally in the company, it is not absolutely scary, but it’s good to learn, there’s something specific leaving the system unsafe or it’s a sum of many things?
– Fernando Gross