We will start off by making our basic “Add New Person” type form. We will want to send all the data via POST, so we will set the method=”post”:

code:
<form name=”addPerson” action=”addPerson.php” method=”post”>
<div>First Name:</div>
<div><input type=”text” name=”firstName” size=”40″ maxlength=”255″ /></div>

<div>Last Name:</div>
<div><input type=”text” name=”lastName” size=”40″ maxlength=”255″ /></div>

<div>Email Address:</div>
<div><input type=”text” name=”email” size=”40″ maxlength=”255″ /></div>

<div>Phone Number:</div>
<div><input type=”text” name=”phone” size=”40″ maxlength=”255″ /></div>

<div><input type=”submit” value=”Add Person” /></div>
</form>

When the user fills out the form and clicks “Add Person,” they will send the data to a PHP page called “addPerson.php.” On this page, we will want to do some error checking to make sure all the data is valid before we try to put it in the database. Here is what the validation will look like:

php:
<?php
//get the form items.
$firstName = addslashes(htmlspecialchars($_POST['firstName']));
$lastName = addslashes(htmlspecialchars($_POST['lastName']));
$email = addslashes(htmlspecialchars($_POST['email']));
$phoneNum = addslashes(htmlspecialchars($_POST['phone']));

//this will be for the error message to display
//if they didn't fill out the form completely.
$errorMessage = "";

if(empty($firstName)) $errorMessage .= "You didn't enter a First Name<br/>";
if(empty($lastName)) $errorMessage .= "You didn't enter a Last Name<br/>";
if(empty($email)) $errorMessage .= "You didn't enter an Email Address<br/>";
if(empty($phoneNum)) $errorMessage .= "You didn't enter a Phone Number<br/>";

//now we check to see if there was an error
if(empty($errorMessage)) {
//everything is alright and we can now add it to the DB
} else {
//something was wrong.
echo $errorMessage;
}
?>

We do several things here to make sure there aren’t any problems with the submitted data. The first thing we do is run the functions addslashes() and htmlspecialchars() on the input. addslashes() will put slashes ‘\’ before all quotes. Trying to enter an “unescaped” quote into a database can sometimes cause problems. By putting the slash infront of the quotes we are ensuring there wont be any problems. htmlspecialchars() will convert greater-than and less-than symbols into an HTML entity so when you display the results, they wont convert into HTML.

The next thing we do is test to see if the variables are empty. If the variables are empty, that means that they were left blank in the form. We add an error on to the $errorMessage variable by the using “.=” statement.

Finally, we check to see if the $errorMessage variable is empty. If it’s empty, we know the variables have been cleaned up and nothing is wrong. If there was a problem, the error message will be shown.

Now that we’re able to add the data to the table, we should make sure we’re connected to the database and then run a query to insert the person. Here is what this will look like:

php:
<?php
//this is the if statement from the previous block of code:
if(empty($errorMessage)) {

//these variables are used for database connection
$host = "localhost";
$user = "db_user";
$pass = "db_pass";
$database = "db_name";

//connect to the database.
$db = mysql_connect($host, $user, $pass);
mysql_select_db ($database);

//set up the query to add the information.
$query = "INSERT INTO `people` (`firstName`, `lastName`, `email`, `phone`)
VALUES ('$firstName', '$lastName', '$email', '$phone');";
$result = mysql_query($query) OR die(mysql_error());

echo 'You have successfully added ' . $firstName . ' to the database!';

} else {
echo $errorMessage;
}
?>

Make sure your connection variables are set and then mysql_connect() and mysql_select_db() to connect and choose the database you’re going to be adding to. In the INSERT statement, we’re assuming there are 4 rows called firstName, lastName, email and phone. We then set those values to the ones obtained from the form.

Using mysql_query() and passing it the $query variable will execute the query. If it fails for any reason, die() will be executed and the reason for the failure will be shown. If everything goes correctly, the script will tell us that the person has been added to the database.

Here is the completed PHP script that handles data retreival, error checking and adding to the database:

php:

<?php
//get the form items.
$firstName = addslashes(htmlspecialchars($_POST['firstName']));
$lastName = addslashes(htmlspecialchars($_POST['lastName']));
$email = addslashes(htmlspecialchars($_POST['email']));
$phoneNum = addslashes(htmlspecialchars($_POST['phone']));

//this will be for the error message to display
//if they didn't fill out the form completely.
$errorMessage = "";

if(empty($firstName)) $errorMessage .= "You didn't enter a First Name<br/>";
if(empty($lastName)) $errorMessage .= "You didn't enter a Last Name<br/>";
if(empty($email)) $errorMessage .= "You didn't enter an Email Address<br/>";
if(empty($phoneNum)) $errorMessage .= "You didn't enter a Phone Number<br/>";

//now we check to see if there was an error
if(empty($errorMessage)) {
//everything is alright and we can now add it to the DB

//these variables are used for database connection
$host = "localhost";
$user = "db_user";
$pass = "db_pass";
$database = "db_name";

//connect to the database.
$db = mysql_connect($host, $user, $pass);
mysql_select_db ($database);

//set up the query to add the information.
$query = "INSERT INTO `people` (`firstName`, `lastName`, `email`, `phone`)
VALUES ('$firstName', '$lastName', '$email', '$phone');";
$result = mysql_query($query) OR die(mysql_error());

echo 'You have successfully added ' . $firstName . ' to the database!';
} else {
//something was wrong.
echo $errorMessage;
}
?>