Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 1 year ago.
Improve this question
I am new to PHP and I am trying to enter details into my database.
Session I want to insert data into database with
<form method="post" action="">
<input name="p_date" type="date">
<input name="r_date" type="date">
</form>
if (!empty($_POST)) {
$_SESSION['p_date'] = $_POST['p_date'];
$_SESSION['r_date'] = $_POST['r_date'];
}
This code, Url on the side True is spinning but can't add data to database.
Where could i be wrong?
if(isset($_POST['dateSearch'])) {
$insert=$connect->prepare("Insert Into test (p_date,r_date) VALUES ('{$_SESSION['p_date']}','{$_SESSION['r_date']}'");
if($insert) {
header("Location:cars.php?Status=True");
}
else {
header("Location:cars.php?Status=False");
}
}
Thanks in advance..
for pdo this is how it should be done:
$sql = "INSERT INTO test (p_date,r_date) VALUES (?,?)";
$stmt= $pdo->prepare($sql);
$stmt->execute([$p_date,$r_date]);
for mysqli you can do like this:
$stmt = $conn->prepare("INSERT INTO test (p_date,r_date) VALUES (?, ?)");
$stmt->bind_param("ss", $p_date,$r_date);
$p_date = 'string';
$r_date ='string';
$stmt->execute();
$stmt->close();
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
I Want to ask about input data to database.
<?php
include "koneksi.php";
if(isset($_POST['daftar'])){
$daftar = mysqli_query($conn, "INSERT INTO tb_daftar VALUES
('".$_POST['id']."',
'".$_POST['nama']."',
'".$_POST['asal_sekolah']."',
'".$_POST['jenis_kelamin']."',
'".$_POST['nama_ayah']."',
'".$_POST['nama_ibu']."',
'".$_POST['alamat']."',
'".$_POST['no_hp']."',
'')");
if($daftar){
$pesan1 = "Berhasil daftar";
echo "<script type='text/javascript'>alert('$pesan1');</script>";
}else{
$pesan2 = "Gagal daftar";
echo "<script type='text/javascript'>alert('$pesan2');</script>";
}
}
?>
That result always show " Gagal daftar "..
How to fix it? Thanks!
You have an extra comma after the last value. You should also use a prepared statement to prevent SQL injection.
if ($dafter = mysqli_prepare($conn, "INSERT INTO tb_dafter VALUES (?, ?, ?, ?, ?, ?, ?, ?)")) {
mysqli_stmt_bind_param($dafter, "ssssssss", $_POST['id'], $_POST['nama'], $_POST['asal_sekolah'], $_POST['jenis_kelamin'], $_POST['nama_ayah'], $_POST['nama_ibu'], $_POST['alamat'], $_POST['no_hp']);
mysqli_stmt_execute($dafter);
$pesan1 = "Berhasil daftar";
echo "<script type='text/javascript'>alert('$pesan1');</script>";
} else {
$pesan2 = htmlentities(mysqli_error($conn));
echo "<script type='text/javascript'>alert('$pesan2');</script>";
}
Your code is not in good condition, You need to think in many aspect like,
Integer value like id will not be in quotes.
Sequence matter if you not provided column names with table name, Highly risky without column name.
You query is easy to Inject, SQL Injection
You have not check $_POST variable value, with isset, Check my other answer about this
To cover your risk use mysqli or pdo
But I suggest to insert use mysqli or pdo. Here are some link to learn about mysqli:
mysqli_prepare
mysqli_stmt_bind_param
Prepared Statements in MySQLi
View errors from mysql query using mysqli_error
else{
$pesan2 = mysqli_error($conn);
echo "<script type='text/javascript'>alert('Error: '+$pesan2);</script>";
}
$daftar = mysqli_query($conn, "INSERT INTO tb_daftar((database columns))
VALUES
('".$_POST['id']."',
'".$_POST['nama']."',
'".$_POST['asal_sekolah']."',
'".$_POST['jenis_kelamin']."',
'".$_POST['nama_ayah']."',
'".$_POST['nama_ibu']."',
'".$_POST['alamat']."',
'".$_POST['no_hp']."',
'')");
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
this seems to be correct but I'm missing it somehow.
form in a demo-form.php file
<form action="test.php" method="post" />
<p>Name: <input type="text" name="name" /></p>
<p>Email: <input type="text" name="email" /></p>
<input type="submit" value="Submit" />
</form>
code in a test.php file
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "forms1";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO per_Info (name, email)
VALUES ('Test', 'test#example.com')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
The problem: it inserts 'Test', 'test#example.com' into the database (under "name" and "email") instead of whatever name I actually type into the form, in other words, if I type "John" and "John#test.com in the Name field on the form it will only insert 'Test', 'test#example.com' and not "John", etc.
You post data with a form and that data can be retrieved by using $_POST['inputname']
<?php
$stmt = $conn->prepare("
INSERT INTO per_Info
(name, email)
VALUES
(?, ?)
");
$stmt->bind_param("ss", $_POST['name'], $_POST['email']);
if($stmt->execute()){
echo "New record created successfully";
}
?>
Isn't that what you want ? Inserting "Test" as a name and "test#example.com" in your database whatever the users types in the form ? Because that's what this line says :
$sql = "INSERT INTO per_Info (name, email)
VALUES ('Test', 'test#example.com')";
Sorry for being sarcastic, it took me 5 minutes to figure out what was wrong and when I did I felt stupid :p. So what you need to do is to sanitize your $_POST['name'] and $_POST['email'] (more info on sanitizing post data). Say you already did that and you have two pefectly clean variables called $name and $email. What you want to do is :
$sql = "INSERT INTO per_Info (name, email)
VALUES ('$name', '$email')";
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I am trying to insert multiple records in a for loop like so:
$connection = mysqli_connect("localhost", "username", "password");
mysqli_select_db($connection, "database");
for ($i = 1; $i <= $_POST['people']; $i++) {
$stmt = "";
if ($stmt = $connection->prepare("INSERT INTO `table` (firstname, lastname, email, rsvp) VALUES (?,?,?,?)")) {
$stmt->bind_param('ssss', "James", "Smith", "smith#abc.com", "yes");
$stmt->execute();
$stmt->close();
}
}
mysql_close($connection);
But its not inserting, I put in an echo at the beginning of the loop and it only echos once. Please help.
Try assigning all of your customer data to variables first, like so:
$firstname = 'James';
$lastname = 'Smith';
$email = 'smith#abc.com';
$rsvp = 'yes';
$stmt->bind_param('ssss', $firstname, $lastname, $email, $rsvp);
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I have tried rewrite the code, i have looked on previously succesful codings i have made and i really cant find the problem.. i am going crazy.
I am trying to post some data from a form to a database.
The database i setup correctly as far as i can tell, but something is making the script fail every time.
IMAGE OF DATABASE: http://imgur.com/F93A9ot
(sry for the language being in danish.)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<?php
// defining database information
define("HOSTNAME", "localhost");
define("MYSQLUSER", "admin");
define("MYSQLPASS", "admin");
define("MYSQLDB", "lynx");
// establishing database connection
if(isset($_POST['submit'])){
$connection = new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB);
$name = mysqli_real_escape_string($connection, $_POST['name']);
$price = mysqli_real_escape_string($connection, $_POST['price']);
$desc = mysqli_real_escape_string($connection, $_POST['desc']);
$insert = "INSERT into products (id, name, price, desc) VALUES (NULL, '$name', '$price', '$desc')";
if($connection->query($insert)) {
echo "Succes";
} else {
echo "Something went wrong";
}
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" name="name">
<input type="text" name="price">
<input type="text" name="desc">
<input type="submit" name="submit">
</form>
</body>
</html>
Can you see what i am doing wrong?
products (id, name, price, desc)
Tried reading the manual as well? desc is a reserved word.
If you didnt have this useless piece of code
else {
echo "Something went wrong";
}
and had
else {
echo $connection-error;
}
You would find that out yourself
desc is reverse keyword of mysql you can use it using backtick
$insert = "INSERT into products (`id`, `name`, `price`, `desc`) VALUES (NULL, '$name', '$price', '$desc')";
This is with your field 'desc' . this is not allowed by MYSQL because it is reserved. So please rename it. It will solve your issue.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I'm trying to store this in the database but it's not working. Is there a better way to do this? It's picking up the user session but it won't insert the data into the database.
if($user)
{
$user_interest = $facebook->api('/me/interests');
for($i = 0; $i < sizeof($user_interest[data]); $i++)
{
$name = $user_interest[data][$i]['name'];
$category = $user_interest[data][$i]['category'];
$categoryId = $user_interest[data][$i]['id'];
$created_time = $user_interest[data][$i]['created_time'];
$strsql = "INSERT INTO `interests`(`fbId`,`categoryId`,`category`,`name`,`created_time`)
VALUES(\"$fbId\",\"$categoryId\",\"$category\",\"$name\",\"$created_time\")";
mysql_query($strsql, $connect) or die(mysql_error());
$chkrow1 = mysql_affected_rows($connect);
}
"INSERT INTO `interests`(`fbId`,`categoryId`,`category`,`name`,`created_time`)
VALUES(\"$fbId\",\"$categoryId\",\"$category\",\"$name\",\"$created_time\")";
Strings in MySQL (and other SQL) use single quotes.
"INSERT INTO `interests`(`fbId`,`categoryId`,`category`,`name`,`created_time`)
VALUES('$fbId', '$categoryId', '$category', '$name', '$created_time')";
Also, escape all of those values using mysql_real_escape_string before interpolating them, then stop using the deprecated mysql_ extensions and use parametrized queries with PDO.