I want to insert data from a form into a database.
I've searched for a long time but can't figure out what I am doing wrong. Any help will be appreciated
HTML
<!DOCTYPE html>
<html>
<head>
<title>PHP insertion</title>
<link href="css/insert.css" rel="stylesheet">
</head>
<body>
<div class="maindiv">
<!--HTML Form -->
<div class="form_div">
<div class="title">
<h2>Book Information</h2>
</div>
<form action="new 12.php" method="post">
<!-- Method can be set as POST for hiding values in URL-->
<h3>Enter the Details</h3>
<label>Access number</label>
<input class="input" name="access" type="text" value=""><br>
<label>Title</label>
<input class="input" name="title" type="text" value=""><br>
<label>Author</label>
<input class="input" name="author" type="text" value=""><br>
<label>Edition</label>
<input class="input" name="edition" type="text" value=""><br>
<label>Publisher</label>
<input class="input" name="publisher" type="text" value=""><br>
<input class="submit" name="submit" type="submit" value="Submit"><br>
</form>
</div>
</div>
</body>
</html>
PHP
<?php
$link = mysqli_connect("localhost", "root", "admin", "library");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "INSERT INTO library (access,title,author,edition,publisher) VALUES ('$access','$title','$author','$edition','$publisher')";
if(mysqli_query($link, $sql)){
echo "Records inserted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
$access is undefined. You need to refer to $_POST['access'] to get the value of your POSTed form. Same for all other fields.
First of all, I strongly recommend to make a PDO conection like:
<?php
$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
?>
Second: I would put id to all of the inputs
Third: You´re missing the $_POST["value"]So you are not sending information
The html should look like:
<!DOCTYPE html>
<html>
<head>
<title>PHP insertion
</title>
<link href="css/insert.css" rel="stylesheet">
</head>
<body> <div class="maindiv">
<!--HTML Form -->
<div class="form_div">
<div class="title">
<h2>Book Information</h2>
</div>
<form action="new 12.php" method="post">
<!-- Method can be set as POST for hiding values in URL-->
<h3>Enter the Details</h3>
<label>Access number</label> <input class="input" name="access" id="access" type="text" value=""><br>
<label>Title</label> <input class="input" name="title" id="title" type="text" value=""><br>
<label>Author</label> <input class="input" name="author" id="author" type="text" value=""><br>
<label>Edition</label> <input class="input" name="edition" id="edition" type="text" value=""><br>
<label>Publisher</label> <input class="input" name="publisher" id="publiser" type="text" value=""><br>
<input class="submit" name="submit" type="submit" value="Submit"><br>
</form>
</div>
</div>
</body>
</html>
And the php like this:
<?php
try {
$conn = new PDO("mysqli:server = yoursever; Database = yourdatabase", "user", "pass");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
print("Error connecting to Server.");
die(print_r($e));
}
$access= $_POST['access'];
$title= $_POST['title'];
$author= $_POST['author'];
$edition= $_POST['edition'];
$publisher= $_POST['publisher'];
$sql = "INSERT INTO library (access, title, author, edition, publisher) VALUES (?,?,?,?,?)";
$stmti= $conn->prepare($sql);
$stmti->execute([$access, $title, $author, $edition, $publisher]);
if ($stmti->error){
echo "ERROR";
}
else{
echo "Records inserted successfully.";
}
$conn->close();
?>
This is one safe way to insert info in your server to prevent SQL inyection, please read How does the SQL injection from the "Bobby Tables" XKCD comic work? to understand better how to prevent inyection into your server
Related
I am trying to store values to my database. This is the code I use to insert the code from my website:
<?php
$ident = $_POST['ident'];
$dato = $_POST['dato'];
$kundensnavn = $_POST['kundensnavn'];
$gsm = $_POST['gsm'];
$fodselsdato = $_POST['fodselsdato'];
$prisplan = $_POST['prisplan'];
$operator = $_POST['operator'];
$portering = $_POST['portering'];
$epost = $_POST['epost'];
// Database connection
$conn = new mysqli('localhost','my_username','my_password','id14293554_rw2');
if($conn->connect_error){
echo "$conn->connect_error";
die("Connection Failed : ". $conn->connect_error);
} else {
$stmt = $conn->prepare("INSERT INTO sales_table(ident_column, date_column, name_column, gsm_column, birthdate_column, pp_column, carrier_column, transfer_column, email_column) values(?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssssss", $ident, $dato, $kundensnavn, $gsm, $fodselsdato, $prisplan, $operator, $portering, $epost);
$execval = $stmt->execute();
echo $execval;
echo "Done!";
$stmt->close();
$conn->close();
}
?>
This is my index.html if needed:
<!DOCTYPE html>
<html lang="no" >
<head>
<meta charset="UTF-8">
<title>Test</title>
<link rel="stylesheet" href="./style.css">
</head>
<body>
<!-- partial:index.partial.html -->
<div class="container">
<form id="contact" action="insert.php" method="post">
<h3><center>Reg</center></h3>
<fieldset>
<input type="text" placeholder="Ident" name="ident" required autofocus>
</fieldset>
<fieldset>
<input type="text" placeholder="Dato" name="dato" required>
</fieldset>
<fieldset>
<input type="text" placeholder="Kundens navn" name="kundensnavn" required>
</fieldset>
<fieldset>
<input type="text" placeholder="GSM" name="gsm" required>
</fieldset>
<fieldset>
<input type="text" placeholder="Fødselsdato" name="fodselsdato" required>
</fieldset>
<fieldset>
<input type="text" placeholder="Prisplan" name="prisplan" required>
</fieldset>
<fieldset>
<input type="text" placeholder="Operatør" name="operator" required>
</fieldset>
<fieldset>
<input type="text" placeholder="Portering" name="portering" required>
</fieldset>
<fieldset>
<input type="email" placeholder="Epost" name="epost" required>
</fieldset>
<fieldset>
<button name="submit" type="submit" id="contact-submit" data-submit="...Sending">Save</button>
</fieldset>
</form>
</div>
<!-- partial -->
</body>
</html>
When I press my "Submit" button, this scripts run, and gives me "Done!", so no errors. But, when I check in my table, there is nothing there, even if I type in all the info needed:
Image here
Any tips why it won't work?
EDIT:
This is my db table structure:
Your table contain Integer column gsm_column
But you passing string value here:
$stmt->bind_param("sssssssss", $ident, $dato, $kundensnavn, $gsm, $fodselsdato, $prisplan, $operator, $portering, $epost); <---------
Try to change to this:
$stmt->bind_param("sssisssss", $ident, $dato, $kundensnavn, $gsm, $fodselsdato, $prisplan, $operator, $portering, $epost);
Also i would change the last section
if ($stmt->execute()) {
// it worked
echo "Done";
} else {
// it didn't
echo "Not inserted";
//Print error
echo $stmt->error;
}
$stmt->close();
$conn->close();
I'm new to creating mobile apps using phonegap. So I'm trying to create a small form and when the user click submit the data should go to the online server which I created in ServersFree.com
So I was going to put the php file only to the file manager and access it from html file which I'm going to put to my phone after I create the apk file using build phonegap. is it the correct way to do it?
<?php
$servername = "hin123.bugs3.com";
$username = "u137593186";
$password = "ulsdjj29822";
$dbname = "u137593186_user";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);}
$name = $_POST['Name'];
$age = $_POST['Age'];
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "INSERT INTO user (name, age, username, password)
VALUES ('$name', '$age','$username','$password')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
this is my html file
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/register.css" />
<title>Registration</title>
</head>
<body>
<form id='register' action='insert.php' method='POST'>
<fieldset >
<legend>Register</legend>
<form action="" method="post">
<label>Name :</label>
<br></br>
<input id="Name" name="Name" type="text">
<br></br>
<label>Age :</label>
<br></br>
<input id="Age" name="Age" type="text">
<br></br>
<label>UserName :</label>
<br></br>
<input id="username" name="username" placeholder="username" type="text">
<br></br>
<label>Password :</label>
<br></br>
<input id="password" name="password" placeholder="**********" type="password">
<br></br>
<input name="submit" type="submit" value="Submit">
<br></br>
<span><?php echo $error; ?></span>
</form>
</body>
</html>
Yes you have to change url OR
if your both files in same folder then just use
<form action="insert.php" method="post">
It will work for both local and live server.
try this code
<form action="insert.php" method="post">
This is the code for saving the information into mysql database from a FORM.
In the HTML section the form is being handled i.e. retrieving required data from user.
In the PHP section storing data has been handled.
But the problem is it doesn't store data.
I'm using XAMPP server.
<html>
<head>
<title>signup</title>
<link rel="stylesheet" href="css/insert.css" />
</head>
<body>
<div class="maindiv">
<!--HTML form -->
<div class="form_div">
<div class="title"><h2>Insert Data In Database Using PHP.</h2> </div>
<form action="signup.php" method="post"> <!-- method can be set POST for hiding values in URL-->
<h2>Form</h2>
<label>Name:</label>
<br />
<input class="input" type="text" name="name" value="" />
<br />
<label>Email:</label><br />
<input class="input" type="text" name="mail" value="" />
<br />
<label>Phone:</label><br />
<input class="input" type="text" name="phone" value="" />
<br />
<label>Password:</label><br />
<input class="input" type="text" name="pass" value="" />
<br />
<label>Address:</label><br />
<textarea rows="5" cols="25" name="add"></textarea>
<br />
<input class="submit" type="submit" name="submit" value="Insert" />
<?php
//Establishing Connection with Server
$connection = mysql_connect("localhost", "root", "buet2010");
//Selecting Database from Server
$db = mysql_select_db("tanni", $connection);
if(isset($_POST['submit'])){
//Fetching variables of the form which travels in URL
$name = $_POST['name'];
$mail = $_POST['mail'];
$phone = $_POST['phone'];
$pass = $_POST['pass'];
$add = $_POST['add'];
if($name !=''||$email !=''){
//Insert Query of SQL
$query = mysql_query($db, "INSERT INTO user (name, mail, phone, pass, add)VALUES('$name', '$mail', '$phone', '$pass', '$add')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
}
else{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
}
}
//Closing Connection with Server
mysql_close($connection);
?>
</form>
</div>
</div>
</body>
I don't understand what can be the problem.
Thanks all. I got the problem.
Actually the sequence of the column in my database was not matching with the query in php code.
I have solved this by changing the variable sequence in the query which is maintained in the database.
$query = mysql_query("INSERT INTO user (`name`, `mail`, `pass`, `address`, `phone`)VALUES('".$name."', '".$mail."', '".$pass."', '".$address."', '".$phone."')");
Here is the code and it will work for your..
I have passed connection link in your mysql_query. and used PHP_SELF for current page.
<html>
<head>
<title>signup</title>
<link rel="stylesheet" href="css/insert.css" />
</head>
<body>
<div class="maindiv">
<!--HTML form -->
<div class="form_div">
<div class="title"><h2>Insert Data In Database Using PHP.</h2> </div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <!-- method can be set POST for hiding values in URL-->
<h2>Form</h2>
<label>Name:</label>
<br />
<input class="input" type="text" name="name" value="" />
<br />
<label>Email:</label><br />
<input class="input" type="text" name="mail" value="" />
<br />
<label>Phone:</label><br />
<input class="input" type="text" name="phone" value="" />
<br />
<label>Password:</label><br />
<input class="input" type="text" name="pass" value="" />
<br />
<label>Address:</label><br />
<textarea rows="5" cols="25" name="add"></textarea>
<br />
<input class="submit" type="submit" name="submit" value="Insert" />
<?php
//Establishing Connection with Server
$connection = mysql_connect("localhost", "root", "buet2010");
//Selecting Database from Server
$db = mysql_select_db("tanni", $connection);
if(isset($_POST['submit'])){
//Fetching variables of the form which travels in URL
$name = $_POST['name'];
$mail = $_POST['mail'];
$phone = $_POST['phone'];
$pass = $_POST['pass'];
$add = $_POST['add'];
if($name !=''||$email !=''){
//Insert Query of SQL
$query = mysql_query($db, "INSERT INTO user (name, mail, phone, pass, add)VALUES('$name', '$mail', '$phone', '$pass', '$add')",$connection);
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
}
else{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
}
}
//Closing Connection with Server
mysql_close($connection);
?>
</form>
</div>
</div>
</body>
I am quite new to HTML/PHP code.
I am trying to build a form that will search a MySQL database based on a key value (Vehicle VRN) being provided. As it stands I have sorted the submit code and I am able to add a new customer to the Customers database by clicking 'Submit New'
However, I cannot get the search function to work e.g. enter the vehicle VRN and fill in the rest of the form with that customers information
Here's the HTML form:
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ABC Autorite Ltd</title>
<link rel="stylesheet" href="style/style.css" type="text/css" media="screen" />
<script type="text/javascript" src="style/accordian.pack.js"></script>
</head>
<body onload="new Accordian('basic-accordian',5,'header_highlight');">
<div id="logo"><h1>ABC Autorite</h1></div>
<div id="basic-accordian" >
<div id="test-header" class="accordion_headings header_highlight">Customers</div>
<div id="test-content">
<div class="accordion_child">
<h1>Search customer database or submit new details</h1>
<div class="form_layout">
<form method="post" id="Customer">
<select name="title">
<option>Mr.</option>
<option>Dr.</option>
<option>Ms.</option>
<option>Mrs.</option>
</select>
<input type="text" name="first_name" placeholder="First Name" value="<?php echo $first_name; ?>">
<input type="text" name="last_name" placeholder="Last Name">
<input type="text" name="phone_number" placeholder="Phone">
<input type="text" name="email_address" placeholder="Email Address">
<input type="text" name="address_line_1" placeholder="Address">
<input type="text" name="postcode" placeholder="Postcode">
<input type="text" name="vrn" placeholder="VRN">
<input type="text" name="make" placeholder="Make">
<input type="text" name="model" placeholder="Model">
<input type="text" name="year" placeholder="Year">
<div class="form_buttons">
<input type="submit" name="search" Value="Search" onclick="form.action='search.php';"/>
<input type="submit" name="submit" Value="Submit New" onclick="form.action='submit.php';"/>
</div>
</form>
</div>
</div></div>
<div id="test1-header" class="accordion_headings">New Job Card</div>
<div id="test1-content">
<div class="accordion_child">
<h1>Create a new Job Card</h1>
</div>
</div>
<div id="test2-header" class="accordion_headings">Job Cards</div>
<div id="test2-content">
<div class="accordion_child">
<h1>Search for a previous Job Card</h1>
</div>
</div>
</div>
</div>
<div id="footer">
<p>Copyright ABC Autorite Ltd</p>
</div>
</body>
</html>
Here's the PHP search script:
<?php
$servername="192.168.0.8";
$username="my_admin";
$password="my_password";
$dbname="ABCAUTORITE";
// Opens a connection to a MySQL server
$connection=mysql_connect ($servername, $username, $password);
if (!$connection) { die('Not connected : ' . mysql_error());}
// Set the active MySQL database
$db_selected = mysql_select_db($dbname, $connection);
if (!$db_selected) {
die ('Can\'t use db : ' . mysql_error());
}
$vrn = $_POST['vrn'];
$sql = mysql_query("SELECT * FROM Customers WHERE vrn like '%$vrn%'");
while($row = mysql_fetch_array($sql))
{
echo $row['first_name'];
echo $row['last_name'];
}
?>
I am just returning first_name and last_name for now as a 'test' before I add the rest of the values.
This has caused me a few hours of head scratching so I am on here looking for any help.
Thanks.
You can separate a form by checking to see what $_POST[] variable isset
<?php # customer.php
if(isset($_POST['search'])){
echo 'pressed the search button.';
while($row = mysql_fetch_assoc($sql)){
$form[] = '<input type="text" name="first_name" value="'.$row['first_name'].'">';
$form[] = '<input type="text" name="last_name" value="'.$row['last_name'].'">';
// etc
}
} elseif(isset($_POST['submit'])){
# execute code to submit user.
} else {
# render the form normally.
$form[] = '<input type="text" name="first_name" placeholder="First Name" value="">';
$form[] = '<input type="text" name="last_name" placeholder="Last Name" value="">';
// etc.
}
?>
And just use a standard form.
<!-- Still in customer.php -->
<form method="post" id="Customer" action="./customer.php">
<?php
foreach($form as $v){
echo $v;
}
?>
<div class="form_buttons">
<input type="submit" name="search" Value="Search" />
<input type="submit" name="submit" Value="Submit New" />
</div>
</form>
And now your question:
To do with PHP and HTML alone, you would need to do everything in 1 page meaning you would need to generate the form with your desired values.
Okay.. you don't have to if you don't want to but I would really recommend it. This way your code is together and not split apart.
Now there's a million ways to code this, I just picked one that you might be able to easily understand.
There is an alternative
A combination of Javascript and PHP. Use Javascript (I would really recommend jQuery) to request a single php file on the server and let it return a json format object. Then use jQuery to update your already rendered form.
On a side note..
Switch over to PDO for your database to allow for binding your post data to your prepared statement. Currently your code is open to SQL injection.
I am making a form which will input details into a mysql database.
I have one problem.
I have used the "required" attribute in my html form, but still everytime I load the page it gives an entry into the database (even though the fields are empty).
This is the code (php):
<!DOCTYPE html>
<?php
$cnn = mysqli_connect("localhost", "root", "abc123", "usercake");
// Check connection
if (mysqli_connect_errno($cnn)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$qry = "INSERT INTO usercake.huffaz (country) VALUES ('$_POST[country]')";
mysqli_query($cnn, $qry)
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
</head>
<body>
<form action="huffaz.php" method="post" >
<fieldset>
<legend>
Your Personal Details
</legend>
<label>First Name:</label>
<input type="text" name="firstname" required />
<label>Surname:</label>
<input type="text" name="surname" required />
<label>Age at 1st Ramadhan:</label>
<input type="number" name="age" min="15" required />
</fieldset>
<fieldset>
<legend>
Your Contact Details
</legend>
<label>City:</label>
<input type="text" name="city" required/>
<label>County/State:</label>
<input type="text" name="state" required/>
<label>Country:</label>
<input type="text" name="country" required/>
</fieldset>
<fieldset>
<legend>
Your Qualifications
</legend>
<input type=""/>
</fieldset>
<input type="submit" />
</form>
</body>
</html>
You are not checking if there is any post set/fired.
Chenge like this:
if(isset($_POST)){
$cnn = mysqli_connect("localhost", "root", "abc123", "usercake");
// Check connection
if (mysqli_connect_errno($cnn)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$qry = "INSERT INTO usercake.huffaz (country) VALUES ('$_POST[country]')";
mysqli_query($cnn, $qry)
}