i have created a receival table that will store user's information. but the values do not get inserted into the database.
This is my connection to the database and sql statements to inserted the values the user will post.
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="l3tme1N#123"; // Mysql password
$db_name="shipping_pro"; // Database name
$tbl_name="receiver"; // Table name
// Connect to server and select database.
$con = mysql_connect("$host", "$username", "$password")or die("cannot
connect");
if(!$con){
die ('cannot connect to the server')
}
if (!mysql_select_db("$db_name", $con))
{
echo"no db selected";
}
if(isset($_POST['save']))
{
$name = $_POST['name'];
$cc = $_POST['cc'];
$sender = $_POST['sender-name'];
$address=$_POST['address'];
$tracker = $_POST['tracker'];
$code_phone = $_POST['code_phone'];
$phone = $_POST['phone'];
$code_phone1 = $_POST['code_phone1'];
$telefono = $_POST['telefono'];
$sql1="INSERT INTO 'receival' (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES
('$name','$cc','$sender','$address', '$tracker', '$code_phone$phone',
'$code_phone1$telefono')";
$result = mysql_query($con,$sql1);
}
?>
the html codes
this is the form that i have created for take user input.
I have looked at most solutions here and on google but i still cannot find any solution
<form action="receive.php" method="post" class="form-horizontal" data-
parsley-validate novalidate >
<div class="form-group " id="gnombre">
<label for="office" class="col-sm-2 control-label">Name of Recipient</label>
<div class="col-sm-10">
<input type="text" class="form-control office" parsley-trigger="change"
required name="name" placeholder="Name of Recipient">
</div>
</div>
<div class="form-group " id="gnombre">
<label for="officer_name" class="col-sm-2 control-label"><?php echo $CEDULA;
?></label>
<div class="col-sm-10">
<input type="number" class="form-control officer_name" parsley-
trigger="change" required name="cc" placeholder="<?php echo $numbercedula; ?
>">
</div>
</div>
<div class="form-group " id="gnombre">
<label for="officer_name" class="col-sm-2 control-label">Sender</label>
<div class="col-sm-10">
<input type="text" class="form-control officer_name" iparsley-
trigger="change" required name="sender-name" placeholder="Name of Sender">
</div>
</div>
<div class="form-group" id="gapellido">
<label for="address" class="col-sm-2 control-
label"><?php echo $direccion; ?></label>
<div class="col-sm-10">
<input type="text" class="form-control address" parsley-trigger="change"
required name="address" placeholder="Receiver Address">
</div>
</div>
<div class="form-group" id="gapellido">
<label for="address" class="col-sm-2 control-label">Tracker Number</label>
<div class="col-sm-10">
<form name="form2" action="" method="">
<!--<strong><?php echo $codeproducto; ?></strong><br> -->
<input type="text" autofocus list="browsers" name="" autocomplete="off" class="form-control" required>
<datalist id="browsers">
<?php
$pa=mysql_query("SELECT tracking FROM courier
");
while($row=mysql_fetch_array($pa)){
echo '<option value="'.$row['tracking'].'">';
}
?>
</datalist>
</div>
</div>
<div class="form-group" id="ptelefonos">
<label for="address" class="col-sm-2 control-label"><?php echo $telefono; ?></label>
<div class="col-sm-4">
<select type="number" class="form-control ph_no" parsley-trigger="change" required name="code_phone" placeholder="<?php echo $telefonocustomer2; ?>">
<option data-countrycode="GH" value="233">Ghana (+233)</option>
</select>
</div>
<div class="col-sm-6">
<input type="number" class="form-control ph_no" parsley-trigger="change" required name="phone" placeholder="Receiver's Phone Number">
</div>
</div>
<div class="form-group" id="ptelefonos">
<label for="address" class="col-sm-2 control-label"><?php echo $telefono; ?></label>
<div class="col-sm-4">
<select type="number" class="form-control ph_no" parsley-trigger="change" required name="code_phone1" placeholder="Sender's phone Number">
<option data-countrycode="GH" value="233">Ghana (+233)</option>
</select>
</div>
<div class="col-sm-6">
<input type="number" class="form-control ph_no" parsley-trigger="change" required name="telefono" placeholder="Sender's phone Number">
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i>
<?php echo $cerrar; ?></button>
<input class="btn btn-success" name="save" type="submit" id="submit" value="Save">
</div>
</form>
Try this code , you need to replace 'receival' with receival :
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="l3tme1N#123"; // Mysql password
$db_name="shipping_pro"; // Database name
$tbl_name="receiver"; // Table name
// Connect to server and select database.
$con = mysql_connect("$host", "$username", "$password")or die("cannot
connect");
if(!$con){
die ('cannot connect to the server')
}
if (!mysql_select_db("$db_name", $con))
{
echo"no db selected";
}
if(isset($_POST['save']))
{
$name = $_POST['name'];
$cc = $_POST['cc'];
$sender = $_POST['sender-name'];
$address=$_POST['address'];
$tracker = $_POST['tracker'];
$code_phone = $_POST['code_phone'];
$phone = $_POST['phone'];
$code_phone1 = $_POST['code_phone1'];
$telefono = $_POST['telefono'];
$sql1="INSERT INTO receival (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES('$name','$cc','$sender','$address', '$tracker', '$code_phone$phone',
'$code_phone1$telefono')";
$result = mysql_query($con,$sql1);
}
?>
It has already been pointed out in comments that you have to use mysqli_* or PDO with prepared statements. So I will just look at your most trivial error (assuming it is the only one)
Your insert query has many errors: values are not correctly inserted and your table name is wrapped in quotes.
Change it to:
$sql1="INSERT INTO receival (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES
('$name','$cc','$sender','$address', '$tracker', '$code_phone.$phone',
'$code_phone1.$telefono')";
This should fix it and make your insert work.
Related
Here is my HTML and PHP code that I'm trying to use to write the form into the table.
Once submit is being pressed its loading up the PHP but it is being returned as a blank screen.
Any help would be appreciated to help me move forward from this problem.
Here is the HTML code for the contact section of the page.
</div>
<!-- Contact Info -->
<div class="row">
</div> <!-- information end -->
<!--Contact Form-->
<div class="col-md-8 col-md-offset-2 wow fadeInUp" data-wow-delay="1s">
<form class="col-md-12 contact-form" method="POST" action="beerewarded.php">
<div class="row">
<!--Name-->
<!--Email-->
<div class="col-md-8">
<input id="Email_Address" name="Email_Address" class="form-inp requie" type="text" placeholder="Email">
</div>
<div class="col-md-8">
<input id="First_Name" name="First_Name" class="form-inp requie" type="text" placeholder="First Name">
</div>
<div class="col-md-8">
<input id="Last_Name" name="Last_Name" class="form-inp requie" type="text" placeholder="Last Name">
</div>
<div class="col-md-8">
<input id="Phone_Number" name="Phone_Number" class="form-inp requie" type="text" placeholder="Phone Number">
</div>
<div class="col-md-8">
<input id="Birthday" name="Birthday" class="form-inp requie" type="date" placeholder="Birthday ">
</div>
<div class="col-md-12">
<input id="con_submit" class="site-button" type="submit">
</div>
</div>
</form>
</div> <!-- contact form end -->
Here is the PHP section of the file.
<?php
$servername = "localhost";
$username = "beeskneesbars_com";
$password = "123456";
$dbname = "beeskneesbars_com";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['insert'])) {
$Email_Address = $_POST['Email_Address'];
$First_Name = $_POST['First_Name'];
$Last_Name = $_POST['Last_Name'];
$Phone_Number = $_POST['Phone_Numebr'];
$Birthday = $_POST['Birthday'];
$insert_data = mysql_query('INSERT INTO Bee_Rewarded VALUES("$Email_Address", "$First_Name","$Last_Name","$Phone_Number","$Birthday",)');
echo "Data are successfully save..."; }
?>
Keeping in mind, you have already added the name attribute for your submit button, please update your code in php file to execute an sql query to this:
$sql = "INSERT INTO Bee_Rewarded VALUES('$Email_Address','$First_Name','$Last_Name','$Phone_Number','$Birthday') ";
$insert_data = mysql_query($conn,$sql);
if($insert_data)
{
echo 'Data Added Successfuly';
}
else
{
echo 'Error In Adding Data';
}
how do I foreach through html input form and insert multiple rows or one based on a selected date field? in other words when a user enters "name" "description" and "shift" and then selects either one date or more then one. PHP will then enter the same information for either one new row or multiples based on how many dates were selected.
<?php
if(isset($_REQUEST['submit']))
{
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link = mysqli_connect("localhost", "xxxx", "xxxx", "xxxx");
// Check connection
if($link === false){
die("| ERROR: Could not connect. " . mysqli_connect_error());
}
$name = mysqli_real_escape_string($link, $_REQUEST['name']);
$desc = mysqli_real_escape_string($link, $_REQUEST['description']);
$shift = mysqli_real_escape_string($link, $_REQUEST['shift']);
$date = mysqli_real_escape_string($link, $_REQUEST['daterange']);
$sql = "insert into db (name,description,shift,evdate) values ('$name', ' $desc','$shift','$date')";
$sql2 = "insert into db (name,description,shift,evdate) values ('$name', ' '$desc','$shift','$insert')";
if ($date=0) {
$result = mysqli_query($link, $sql);
}else{
$daterange = explode(',',$date);
foreach($daterange as $insert) {
$result = mysqli_query($link, $sql2);
}
}
if(mysqli_query($link, $sql)){
echo "";
} else{
echo "| ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
if ($link->multi_query($sql) === TRUE) {
echo "It Worked..... Maybe!!!!!!";
} else {
echo "Error: " . $sql . "<br>" . $link->error;
}
}
$link->close();
?>
<form action="test_insert.php" method="post">
<div class="col col-lg-2 col-lg-offset-0">
<div class="form-group col-lg-offset-0 col-lg-12">
<label for="Name">Employee Name:</label>
<input type="text" name="name" placeholder="First & Last Name" id="name" required>
<p class="help-block col-lg-12">First and Last Name Please.</p>
</div>
</div>
<div class="col col-lg-offset-0 col-lg-2">
<div class="form-group col-lg-12">
<label for="description">Description:</label>
<input type="text" name="description" id="description" placeholder="description..." required>
<p class="help-block">For Example: "Vacation Full Day" or "PTO 2 Hours." </p>
</div>
</div>
<div class="col col-lg-offset-0 col-lg-3">
<label for="shift">Shift:</label><br>
<input type="radio" name="shift" value="First Shift" id="shift" checked> First Shift |
<input type="radio" name="shift" value="Second Shift" id="shift"> Second Shift |
<input type="radio" name="shift" value="Third Shift" id="shift"> Third Shift
<p class="help-block">Select Correct Shift Worked.</p>
</div>
<div class="col col-lg-offset-0 col-lg-3">
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker1" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker2" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker3" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker4" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker5" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-6">
<input type="submit" name="submit" class= "btn btn-primary">
</div>
</div>
</div>
</form>
Think the best way is to use AJAX,
Then with the response as a string you make a table or foreach in php as a string and then use the .html adapter to output the newly made data.
function submitForm(form){
var url = form.attr("action");
var formData = {};
$(form).find("input[name]").each(function (index, node) {
formData[node.name] = node.value;
});
$.post(url, formData).done(function (data) {
$('#showresults').html(result);
});
}
<?php
if(isset($_POST["submit"]))
if (!empty($_FILES["uploadImage"]["name"])) {
//Including dbconfig file.
require 'config.php';
$ImageSavefolder = "images/student/";
move_uploaded_file($_FILES["uploadImage"]["tmp_name"] ,
"$ImageSavefolder".$_FILES["uploadImage"]["name"]);
$name = mysqli_real_escape_string($conn, $_POST['name']);
$fathername = mysqli_real_escape_string($conn, $_POST['fathername']);
$htno = mysqli_real_escape_string($conn, $_POST['htno']);
$phoneno = mysqli_real_escape_string($conn, $_POST['phoneno']);
$department = mysqli_real_escape_string($conn, $_POST['department']);
$class = mysqli_real_escape_string($conn, $_POST['class']);
$address = mysqli_real_escape_string($conn, $_POST['address1']);
$address2 = mysqli_real_escape_string($conn, $_POST['address2']);
$city = mysqli_real_escape_string($conn, $_POST['city']);
$state = mysqli_real_escape_string($conn, $_POST['state']);
$zip = mysqli_real_escape_string($conn, $_POST['zip']);
$sql= "INSERT INTO student_detail(name,fathername,htno,phoneno,department,class,address1,address2,city,state,zip) VALUES ('$name','$fathername','$htno','$phoneno','$department','$class','$address','$address2','$city','$state','$zip','".$_FILES['uploadImage']['name']."')";
if(!mysqli_query($conn,$sql))
{
echo "Not Updated";
}
else
{
echo "<br><div class='alert alert-success' role='alert'>Added Sucessfully !</div>";
}
}
?>
This code is not working for adding the following data into database. Did I do anything wrong? Please help me sort the problem.
I already created database with config.php
Form Data
<form method="post" action="" enctype="multipart/form-data">
<div class="form-row">
<div class="form-group col-md-6">
<label for="name">Name</label>
<input type="text" class="form-control" placeholder="Please Enter Name" name="name">
</div>
<div class="form-group col-md-6">
<label for="fathername">Father's Name</label>
<input type="text" class="form-control" placeholder="Please Enter Father's Name" name="fathername">
</div>
<div class="form-group col-md-6">
<label for="htno">Hall Ticket/ Roll No.</label>
<input type="text" class="form-control" placeholder="Please Enter Hall Ticket/ Roll No." name="htno">
</div>
<div class="form-group col-md-6">
<label for="phoneno">Phone Number</label>
<input type="text" class="form-control" placeholder="Please Enter Phone No." name="phoneno">
</div>
<div class="form-group col-md-6">
<label for="department">Department</label>
<select class="form-control" name="department">
<option selected="selected">Choose your Department</option>
<?php
require('config.php');
$result = mysqli_query($conn,"SELECT * FROM department");
while($test= mysqli_fetch_array($result))
{
echo "<option value='".$test['department_name']."'>".$test['department_name']."</option>";
}
?>
</select>
</div>
<div class="form-group col-md-6">
<label for="class">Class</label>
<select class="form-control" name="class">
<option selected="selected">Choose your Class</option>
<?php
require('config.php');
$result = mysqli_query($conn,"SELECT * FROM class");
while($test= mysqli_fetch_array($result))
{
echo "<option value='".$test['class_name']."'>".$test['class_name']."
</option>";
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="address">Address</label>
<input type="text" class="form-control" placeholder="House No./Flat No." name="address1">
</div>
<div class="form-group">
<label for="address2">Address 2 (Optional)</label>
<input type="text" class="form-control" placeholder="Locality/Area/Street" name="address2">
</div>
<div class="form-row">
<div class="form-group col-md-6">
<label for="city">City</label>
<input type="text" class="form-control" name="city">
</div>
<div class="form-group col-md-4">
<label for="state">State</label>
<select class="form-control" name="state">
<option selected="selected"name="bihar">bihar</option>
<option>...</option>
</select>
</div>
<div class="form-group col-md-2">
<label for="zip">Zip</label>
<input type="text" class="form-control" name="zip">
</div>
<div class="form-group col-md-6">
<label for="profile">Profile Pic</label><br>
<input type="file" accept="image/*" onchange="loadFile(event)" name="uploadImage" id="uploadImage">
<img id="output" style="width:20%;"/>
<script>
var loadFile = function(event) {
var reader = new FileReader();
reader.onload = function(){
var output = document.getElementById('output');
output.src = reader.result;
};
reader.readAsDataURL(event.target.files[0]);
};
</script>
</div>
</div>
<button type="submit" name="submit" class="btn btn-primary">Submit</button>
</form>
you are trying to insert extra value which is not exist in query see here.
your field
(name,fathername,htno,phoneno,department,class,address1,address2,city,state,zip)
and your values
('$name','$fathername','$htno','$phoneno','$department','$class','$address','$address2','$city','$state','$zip','".$_FILES['uploadImage']['name']."')
you need to do add image field also
your full query
$sql= "INSERT INTO student_detail(name,fathername,htno,phoneno,department,class,address1,address2,city,state,zip,imageFieldName) VALUES ('$name','$fathername','$htno','$phoneno','$department','$class','$address','$address2','$city','$state','$zip','".$_FILES['uploadImage']['name']."')";
<?php
/* dbconnection.php file
$conn = mysqli_connect("localhost","root","12345") or die (mysqli_error());
mysqli_select_db($conn,"student") or die (mysqli_error());
*/
//Including dbconnection file here
include('dbconnection.php');
if(isset($_POST["submit"]))
{
if (!empty($_FILES["uploadImage"]["name"]))
{
$ImageSavefolder = "images/student/";
$name = $_FILES["uploadImage"]["name"];
$tmp_name = $_FILES["uploadImage"]["tmp_name"];
move_uploaded_file(tmp_name, $ImageSavefolder.$name);
$sql = "INSERT INTO students (name,fathername,htno,phoneno,department,class,address1,address2,city,state,zip,image) VALUES ('".$_POST["name"]."','".$_POST["fathername"]."','".$_POST["htno"]."','".$_POST["phoneno"]."','".$_POST["department"]."','".$_POST["class"]."','".$_POST["address1"]."','".$_POST["address2"]."','".$_POST["city"]."','".$_POST["state"]."','".$_POST["zip"]."','".$name."')";
if ($conn->query($sql) === TRUE)
{
echo "<script type= 'text/javascript'>alert('Record Inserted Successfully');</script>";
}
else
{
echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}
}
}
?>
I'm trying to insert data into a database, the script executes all the way down and redirect the user to the page but no record gets inserted. I've been trying to figure out why for hours. I keep creating new scripts but i'm missing something apparently.
init.php
<?php
/*for error 1045 config.inc.php*/
define("DB_HOST", "localhost");
define("DB_USER", "root");
define("DB_PASSWORD", "");
define("DB_DATABASE", "databasename");
$db = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE);
if(mysqli_connect_errno()){
echo "database failed to connect with following errors:". mysqli_connect_error();
die();
}
require_once $_SERVER['DOCUMENT_ROOT'].'/ecommerce/config.php';
require_once BASEURL.'helpers/helpers.php';
form.php
<?php
ob_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
require_once $_SERVER['DOCUMENT_ROOT'].'/HeleneQuirion/core/init.php';
include 'includes/header.php';
if(isset($_GET['add'])){
$parentQuery = $db->query("SELECT * FROM categories WHERE parent= 0" );
if (isset($_POST['submit'])) {
// prepare and bind
$stmt = $db->prepare("INSERT INTO product (prod_name, categories, list_price, price,prod_width,prod_depth,prod_height,prod_material,quantity,image_1,image_2,image_3,image_4,description,care_instructions) VALUES (?,?, ?,?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param("ssiiiiisissssss" ,$prod_name, $child,$list_price,$price,$prod_width,$prod_depth,$prod_height,$prod_material,$quantity,$image_1,$image_2,$image_3,$image_4,$description,$care_instructions);
// set parameters and execute
if(isset($_POST['prod_name']))
{
$prod_name = sanitize($_POST)['prod_name'];
}
if(isset($_POST['child']))
{
$categories = sanitize($_POST)['child'];
}
if(isset($_POST['list_price']))
{
$prod_name = sanitize($_POST)['list_price'];
}
if(isset($_POST['price']))
{
$price = sanitize($_POST)['price'];
}
if(isset($_POST['prod_width']))
{
$prod_width = sanitize($_POST)['prod_width'];
}
if(isset($_POST['prod_depth']))
{
$prod_depth = sanitize($_POST)['prod_depth'];
}
if(isset($_POST['prod_height']))
{
$prod_height = sanitize($_POST)['prod_height'];
}
if(isset($_POST['prod_material']))
{
$prod_material = sanitize($_POST)['prod_material'];
}
if(isset($_POST['quantity']))
{
$quantity = sanitize($_POST)['quantity'];
}
if(isset($_POST['care_instructions']))
{
$care_instructions = sanitize($_POST)['care_instructions'];
}
if(isset($_POST['image_1']))
{
$image_1 = $_FILES['image_1'];
}
if(isset($_POST['image_2']))
{
$image_2 = $_FILES['image_2'];
}
if(isset($_POST['image_3']))
{
$image_3 = $_FILES['image_3'];
}
if(isset($_POST['image_4']))
{
$image_4 = $_FILES['image_4'];
}
if(isset($_POST['description']))
{
$description = sanitize($_POST)['description'];
}
$stmt->execute() or die(mysqli_error($db));
header('Location: products.php');
$stmt->close();
$conn->close();
}
?>
<form action="products.php?add=1" method="POST" enctype="multipart/form-data">
<div class='container_12'>
<div class="form-group col-md-3">
<label for="prod_name">Product Name*:</label>
<input type="text" name="prod_name" id="prod_name" class="form-control" value="<?=((isset($_POST['prod_name']))?sanitize($_POST['prod_name']):' ');?>">
</div>
<div class="form-group col-md-3">
<label for="parent">Parent Category*:</label>
<select class="form-control" id="parent" name="parent">
<option value=""<?=((isset($_POST['parent']) && $_POST['parent'] == '')?'selected':'');?>></option>
<?php while($parent = mysqli_fetch_assoc($parentQuery)): ?>
<option value=" <?=$parent['id'];?>"<?=((isset($_POST['parent']) && $_POST['parent'] == $parent['id'])?' select':'');?>><?=$parent['category_name'];?></option>
<?php endwhile; ?>
</select>
</div>
<div class='form-group col-md-3'>
<label for='child'>Second Category*:</label>
<select id='child' name='child' class='form-control'></select>
</div>
</div>
<div class='container_12'>
<div class='form-group col-md-3'>
<label for='list_price'>List Price(OPTIONAL): </label>
<input type="text" id="list_price" name="list_price" class="form-control" value="<?=((isset($_POST['list_price']))?sanitize($_POST['list_price']):'');?>">
</div>
<div class="form-group col-md-3">
<label for="price">Price*:</label>
<input type="text" id="price" name="price" class="form-control" value="<?=((isset($_POST['price']))?sanitize($_POST['price']):'');?>">
</div>
<div class='form-group col-md-3'>
<label for='prod_width'>Width* (in inches):</label>
<input type="text" id="prod_width" name="prod_width" class="form-control" value="<?=((isset($_POST['prod_width']))?sanitize($_POST['prod_width']):'');?>">
</div>
<div class='form-group col-md-3'>
<label for='prod_depth'>Height*(in inches):</label>
<input type="text" id="'prod_depth" name="'prod_depth" class="form-control" value="<?=((isset($_POST['prod_depth']))?sanitize($_POST['prod_depth']):'');?>">
</div>
</div>
<div class='container_12'>
<div class='form-group col-md-3'>
<label for='prod_height'>Depth*(in inches):</label>
<input type="text" id="prod_height" name="prod_height" class="form-control" value="<?=((isset($_POST['prod_height']))?sanitize($_POST['prod_height']):'');?>">
</div>
<div class='form-group col-md-3'>
<label for='prod_material'>Construction Material:</label>
<input type="text" id="prod_material" name="prod_material" class="form-control" value="<?=((isset($_POST['prod_material']))?sanitize($_POST['prod_material']):'');?>">
</div>
<div class='form-group col-md-6'>
<label>Quantity * :</label>
<input type="text" id="quantity" name="quantity" class="form-control" value="<?=((isset($_POST['quantity']))?sanitize($_POST['quantity']):'');?>">
</div>
</div>
<div class='container_12'>
<div class="form-group col-md-3"> <label for="image_1">Product Photo #1:</label>
<input type="file" name="image_1" id="image_1" class="form-control">
</div>
<div class="form-group col-md-3"> <label for="image_2">Product Photo #2:</label>
<input type="file" name="image_2" id="image_2" class="form-control">
</div>
<div class="form-group col-md-3"> <label for="image_3">Product Photo #3:</label>
<input type="file" name="image_3" id="image_3" class="form-control">
</div>
<div class="form-group col-md-3"> <label for="image_4">Product Photo#4:</label>
<input type="file" name="image_4" id="image_4" class="form-control">
</div>
</div>
<div class='container_12'>
<div class="form-group col-md-6">
<label for="description">Description:</label>
<textarea id="description" name="description" class="form-control" rows="6"><?=((isset($_POST['description']))?sanitize($_POST['description']):'');?></textarea>
</div>
<div class="form-group col-md-6">
<label for="care_instructions">Care Instructions*:</label>
<textarea id="care_instructions" name="care_instructions" class="form-control" rows="6"><?=((isset($_POST['care_instructions']))?sanitize($_POST['care_instructions']):'');?></textarea>
</div></div>
<div class='container_12'>
<div class="form-group pull-right">
<input type='submit' name='submit' value='Add Product' class='form-control btn-success pull-right'>
</div></div>
</form>
This is just to clarify one of the points in the comments above...
So I knocked up some test code to check what is going on...
<?php
$_POST['prod_name'] = 'fred';
function sanitize($thing){
var_dump("Inside Sanitize- ", $thing);
return $thing;
}
// Original Code - sends an array to sanitize
if(isset( $_POST['prod_name'] )) {
$prod_name = sanitize($_POST)['prod_name'];
}
var_dump('Original Version '.$prod_name);
// New Code 1 - Sends a String to sanitize
if(isset( $_POST['prod_name'] )) {
$prod_name = sanitize($_POST['prod_name']);
}
// New Code 2 - Should use this one, or could make this a function.
$prod_name = isset($_POST['prod_name'])? sanitize($_POST['prod_name']):'';
var_dump($prod_name);
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am trying to make a simple appeal form that the data gets posted to a SQL database. But when i submit, either nothing happens, or blank data gets submitted.
Heres my form:
<form class="form-horizontal" role="form" action="insert.php" method="post">
<div class="form-group">
<label for="user" class="col-sm-2 control-label">
Username:
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="user" id="user" placeholder="DiscordTag#0000" />
</div>
</div>
<div class="form-group">
<label for="date" class="col-sm-2 control-label">
Date of ban:
</label>
<div class="col-sm-10">
<input type="date" class="form-control" name="date" id="date" placeholder="mm/dd/yy" />
</div>
</div>
<div class="form-group">
<label for="admin" class="col-sm-2 control-label">
Who banned you?
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="admin" id="admin" />
</div>
</div>
<div class="form-group">
<label for="appeal" class="col-sm-2 control-label">
Appeal:
</label>
<div class="col-sm-10">
<textarea class="form-control" rows="4" name="appeal" id="appeal"></textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">
Submit
</button>
</div>
</div>
</form>
And here is my insert.php
<html>
<?
error_reporting(E_ALL);
$db_host = 'redacted';
$db_username = 'redacted';
$db_password = 'redacted';
$db_name = 'redacted';
if( $_POST )
{
$conn = mysql_connect( $db_host, $db_username, $db_password);
if (!$conn)
{
die('Could not connect: ' . mysql_error());
} else {
mysql_select_db("redacted");
}
$user = $_POST['user'];
$date = $_POST['date'];
$admin = $_POST['admin'];
$appeal = $_POST['appeal'];
$sql = 'INSERT INTO appeals' . '(user, date, admin, appeal)'
.'VALUES ($user, $date, $admin, $appeal)';
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
echo "<h2>Your appeal has been submitted.</h2>";
mysql_close($conn);
}
?>
</html>
How can i make it submit all of the form data directly into my SQL table?
Use "INSERT INTO appeals (user, date, admin, appeal) VALUES ('".$user."', '".$date."', '".$admin."', '".$appeal."')";
And sanitize, because you are asking for an sql injection.