php - form submit button doesn't work - php

I want to do simple CRUD operations. I created a form for this and I am doing data entry. but when I refresh the page it automatically registers itself. I tried to solve this logic error with the "isset" function, but it did not. where can the error be?
$ad = isset($_POST['ad']) ? $_POST['ad'] : '';
$soyad = isset($_POST['soyad']) ? $_POST['soyad'] : '';
$adres = isset($_POST['adres']) ? $_POST['adres'] : '';
$tur = isset($_POST['tur']) ? $_POST['tur'] : '';
if(isset($_POST["submit"])){
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// bağlantı özelliklerinden hata modunu aktifleştirdik
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO `kisiler` (`ad`, `soyad`, `adres`, `tur`) VALUES ('$ad', '$soyad', '$adres', '$tur')";
// use exec() because no results are returned
$conn->exec($sql);
echo "işte şimdi oldu";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
}
<html>
<body>
<form action="" method="POST">
<p>
Ad: <input type="text" name="ad"/>
Soyad: <input type="text" name="soyad"/>
Adres:<input type="text" name="adres"/>
Tur: <input type="text" name="tur"/>
<input type="submit"name="submit"/>
</p>
</form>
</body>

Related

In my script SQL, row empty in the database

I am trying to pinpoint the problem in these form scripts.
I would like to create a line in the SQL server with the data that will be inserted into the HTML form, but each time only the empty line is created without also inserting the form inputs.
HTML
<form action="insert2.php" method="post">
<label for="First_name">First_name:</label>
<input type="text" name="First_name" id="First_name">
<label for="PASSWORD">PASSWORD:</label>
<input type="text" name=value name="pass" id="pass">
<label for="Emailaddress">Emailaddress:</label>
<input type="text" name=value name="email" id="email">
<input name="submit" type="submit" value="Submit">
</form>
PHP
<?php
if(isset($_POST['submit'])){
$First_name = $_REQUEST['First_name'];
$pass = $_REQUEST['password'];
$email = $_REQUEST['Emailaddress'];
}
$servername = "host";
$username = "user";
$password = "";
$dbname = "dbname";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO users(First_name, PASSWORD, Emailaddress)
VALUES ('$First_name', '$pass', '$email')";
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>

The posted values should be set as $_POST['ExampleField'] not just a variable with that name.
Ex: $First_name should be $_POST['First_name']
If you look in your error logs you are likely getting undefined variable errors with the code as it is now, because $First_name, $PASSWORD and $Emailaddress are never defined.
Also you should avoid directly putting variables into queries like that, it opens you up to large security risks. I would recommend reading up on SQL Injection (https://www.w3schools.com/sql/sql_injection.asp) and binding parameters (https://www.php.net/manual/en/pdostatement.bindparam.php) to see how to avoid those risks.

You need to retrieve the values after a submit of some sort. You have a submit button but you'll want to give it a name (I named it submit). This code should work but you'll be vulnerable to injection attacks.
PHP
<?php
if(isset($_POST['submit'])){
$First_name = $_REQUEST['First_name'];
$pass = $_REQUEST['PASSWORD'];
$email = $_REQUEST['Emailaddress'];
}
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO users(First_name, PASSWORD, Emailaddress)
VALUES('$First_name','$pass','$email')";
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
HTML
<form action="insert2.php" method="post">
<label for="First_name">First_name:</label>
<input type="text" name="First_name" id="First_name">
<label for="PASSWORD">PASSWORD:</label>
<input type="text" name="PASSWORD" id="PASSWORD">
<label for="Emailaddress">Emailaddress:</label>
<input type="text" name="Emailaddress" id="Emailaddress">
<input name="submit" type="submit" value="Submit">
</form>

Insert into sql table with php from html form

I am trying to insert into my table (courses) in my sql database. But when I run my code (by clicking submit) I get this error:
I am no longer getting an error, I get the message:
New course created successfully
But when I check the database, the course has not been added
This is my code:
<?php
if (isset($_POST['submit'])) {
try {
require "../config.php";
require "../common.php";
$connection = new PDO($dsn, $username, $password);
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO course (courseName, cDescription, programID, programYear, credit)
VALUES (:courseName, :cDescription, :programID, :programYear, :credit)";
$courseName = $_POST['courseName'];
$cDescription = $_POST['cDescription'];
$programID = $_POST['programID'];
$programYear = $_POST['programYear'];
$credit = $_POST['credit'];
$statement = $connection->prepare($sql);
$statement->bindParam(':courseName', $courseName, PDO::PARAM_STR);
$statement->bindParam(':cDescription', $cDescription, PDO::PARAM_STR);
$statement->bindParam(':programID', $programID, PDO::PARAM_STR);
$statement->bindParam(':programYear', $programYear, PDO::PARAM_STR);
$statement->bindParam(':credit', $credit, PDO::PARAM_STR);
$connection->exec($statement);
echo "New course created successfully";
} catch(PDOException $error) {
echo $statement. "<br>" . $error->getMessage();
}
}
?>
<?php include "templates/header.php"; ?>
<h2>Add a course</h2>
<form method="post">
<label for="courseName">Course Name:</label>
<input type="text" name="courseName" id="courseName" required>
<label for="cDescription">Course Description:</label>
<input type="text" name="cDescription" id="cDescription" size="40" required>
<label for="programID">Program ID:</label>
<input type="number" name="programID" id="programID" required>
<label for="programYear">Program Year:</label>
<input type="number" name="programYear" id="programYear" required>
<label for="credit">credit:</label>
<input type="number" name="credit" id="credit" required>
<input type="submit" name="submit" value="Submit">
</form>
Back to home
<?php include "templates/footer.php"; ?>
To try and see what was wrong, I tried simplifying this to, which works
<?php
if (isset($_POST['submit'])) {
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "courseselector";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO course (courseName, cDescription, programID, programYear, credit)
VALUES ('courseName', 'cDescription', 1, 4, 1)";
// use exec() because no results are returned
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
}
?>
<?php include "templates/header.php"; ?>
<h2>Add a course</h2>
<form method="post">
<input type="submit" name="submit" value="Submit">
</form>
Back to home
<?php include "templates/footer.php"; ?>

I was missing
$statement->execute();
Above
$connection->exec($statement);

writing in a mysql table using POST & php

I'm trying to register the e-mail entered in my form by users in my SQL table. but I'm not receiving any errors and the data are not saved either!
<?php
echo "I was here !!!";
if(!empty($_POST['mail']))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "mailing";
echo "I was here !!!";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = 'INSERT INTO contact VALUES ("","'.$_POST['mail'].'")';
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
and my html code:
<div class="form">
<p>Rester notifié par toutes les nouveautés !</p>
<form method="post" action="index.php" class="mainform">
<div class="field"><input type="text" class="field" name="mail" /></div>
<div class="submit"><input class="submit" type="button" value="Envoyer" /></div>
</form>
</div>
can you tell me what's the problem ?

change your button type .because if you want to submit the data by form then button type should be submit like that
<input class="submit" type="submit" value="Envoyer" />

Check if there's a value for $_POST['mail']. Your condition didn't handle empty value for $_POST['mail']. If there is a value. Change your query
INSERT INTO contact(email) VALUES ("'.$_POST['mail'].'")
Try this. Since you only need to add an email. Hope it helps.

<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?> not working, but hard coded form name works fine

<?php
$dsn = '';
$user = '';
$password = '';
try {
$dbh = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
?>
<?php
require 'mysqli_connect.php';
if(isset($_POST['submit']) && !empty($_POST['submit'])){
$sth = $dbh->prepare('INSERT INTO test_table(comment) VALUES(?);');
$comment = $_POST['comment'];
$sth->execute(Array($comment));
}
?>
the code below will refresh the page, but not post to my database (nor will REQUEST_URI). If I put the actual php form name in place of the <?php echo htmlspecialchars($_SERVER['PHP_SELF']);?> it works fine. I have tried double quotes, single quotes, and everything in between. What's up with this not working?
<form action = "<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method = "post">
<p>Comment</p>
<textarea name= "comment" rows="6" cols="50"></textarea><br />
<input type="submit" name= "submit" value="submit" id = "submit">
</form>

Why this code inserts blank?

I´m trying to create a form connected to a database but when I fill out the form and I refer to the table in phpMyAdmin I see that it have entered a blank record instead of form data. I´m using PhpStorm.
I think all this code is correct...
That is the form of the .html:
<form id="form1" name="form1" method="post" action="index.php">
<label for="userSignUp">Email</label>
<input type="text" name="userSign" id="userSignUp" />
<label for="passwordSignUp">Password</label>
<input type="password" name="passwordSign" id="passwordSignUp" />
<input type="submit" name="Submit" id="Submit" value="Submit" />
</form>
I have the following .php:
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$db_selected = mysqli_select_db($conn, $dbname);
$userSignUp = ""; // If I substitute "" with characters at this time the table is well updated
$passwordSignUp = ""; // Same as before
if(isset($_POST['userSign'])){
$userSignUp = $_POST['userSign'];
}
if (isset($_POST['passwordSign'])) {
$passwordSignUp = $_POST['passwordSign'];
}
$sql = "INSERT INTO test.person (FirstName, Password) VALUES ('$userSignUp', '$passwordSignUp')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();

Categories