Using Forms

You choose the form input mechanism you want to use for each column. When the user clicks on a submit button, all of the information is sent to the script specified in the <form> tag's action attribute:

  <form method="post" action="add_employee.php">
    Last Name: <input type="text" name="lastname">
    First Name: <input type="text" name="firstname">
    Birth Date: <input type="text" name="birthdate">
    Admin: <input type="radio" name="isadmin" value="yes">Yes
    <input type="radio" name="isadmin" value="no" checked>No
    <input type="submit" name="submit" value="Submit">
  </form>

which looks like this -- not pretty, but functional:


Last Name: First Name: Birth Date: Admin: Yes No

When the form's submit button is pressed, the add_employee.php script will be executed, and the values for lastname, firstname, birthdate, and isadmin will be available to the script, as follows:

$ln = $_POST["lastname"];
$fn = $_POST["firstname"];
$bd = $_POST["birthdate"];
$adm = $_POST["isadmin"]; // either "yes" or "no"

Short variable names (e.g., $ln) were used to emphasize that those variable names need not be the same as the posted values passed to the script. The values for lastname and firstname are arbitrary, but beware of quotes in the names, such as O'Brian. Quotes in strings are problematic for SQL -- a single quote needs to be doubled, as in this example:

$find_stmt = "select * from tblEmployees where lastname = 'O''Brian'";

This can be done via the script, using a function to replace single quotes with double quotes:

  function dquote($str){
         return str_replace("'","''",$str);
  }

  $ln = dquote($_POST["lastname"]);

  $find_stmt = "select * from tblEmployees where lastname = '$ln'";