I'm trying to insert into my local sqlserver. The problem is that it doesnt seems to run php code. It opens page in browser with all my code:
Html
<!DOCTYPE html>
<html>
<head>
<title>Form linked to database</title>
</head>
<body>
<form action="insert.php" method="post">
Name: <input type="text" name="username">
<br>
Email: <input type="text" name="email">
<br>
<input type="submit" value="insert">
</form>
</body>
</html>
Php
<?php
$servername = "(local)\sqlexpress";
$username = "sa";
$password = "1234";
$dbname = "MyCalendar";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO customermaster(code, name, email)
VALUES ('1234', 'Doe', 'john#example.com')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
I'm begginer on this. Souldnt i take only the exception if something will go wrong?
You can not directly open php files. You need to install a local server on your computer for your php codes to be executed. Try XAMPP it is easy to install.
You need to first set up a web server. AppServ can recommend about it is simple and fast. Check the incoming POST when we come to your code.
Example :
if(extract($_POST)) {
$sql = "INSERT INTO customermaster(code, name, email) VALUES ('1234', 'Doe', 'john#example.com')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
Also : After installation is complete in the url portion of the run, type http://localhost.
Related
I'm Not so good about PHP, I m still learning that language, so I have made Form which one will add data to mysql using PHP and Method POST. But in when i click on submit nothings happens in the database, no data added.
This is config.php
$SETTINGS["hostname"]='localhost';
$SETTINGS["mysql_user"]='username';
$SETTINGS["mysql_pass"]='passw';
$SETTINGS["mysql_database"]='database';
$SETTINGS["data_table"]='defaulttable'; // this is the default database name that we used
/* Connect to MySQL */
if (!isset($install) or $install != '1') {
$connection = mysql_connect($SETTINGS["hostname"], $SETTINGS["mysql_user"], $SETTINGS["mysql_pass"]) or die ('Unable to connect to MySQL server.<br ><br >Please make sure your MySQL login details are correct.');
$db = mysql_select_db($SETTINGS["mysql_database"], $connection) or die ('request "Unable to select database."');
};
?>
and here is my HTML FORM
<form action="insert.php" method="post">
<li>Place Name: <input type="text" name="plname" /></li>
<li>City: <input type="text" name="plcity" /></li>
<li>Address: <input type="text" name="pladdress" /></li>
<li>Terminal QTY: <input type="number" name="plqty" /></li>
<li><input type="submit" name="save" value="Add Place" /></li>
And What About insert.php
<?php
include ("config.php");
$current_user = wp_get_current_user();
$UserID = $current_user->user_login ;
// Check connection
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
//$sql="INSERT INTO wp_telemetry_place (plUserID, plName, plCity, plAddress, plTerminalQ) VALUES ('".$UserID."','".$_POST['plname']."','".$_POST['plcity']."','".$_POST['pladdress']."','".$_POST['plqty']."')";
$sql = "INSERT INTO wp_telemetry_place (plUserID, plName, plCity, plAddress, plTerminalQ) VALUES ('{$UserID}','{$_POST['plname']}','{$_POST['plcity']}','{$_POST['pladdress']}','{$_POST['plqty']}')";
if (mysqli_query($connection, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($connection);
}
mysqli_close($connection);
?>
And when I klick to Button for add data, it does not works. No Errors, No Data updated or added in mysql database. What about Passwords, Host, Usernames, Table names etc... I Checked twice :( I would appreciate any helps from your side guys, Thanks in advance and SORRY FOR MY BAD ENGLISH
Your SQL query is not formatted properly. Try this:
$sql = "INSERT INTO wp_telemetry_place (plUserID, plName, plCity, plAddress, plTerminalQ) VALUES ('{$UserID}','{$_POST['plname']}','{$_POST['plcity']}','{$_POST['pladdress']}','{$_POST['plqty']}')";
Your query is probably giving you an error message, but you have a typo in your code, replace $conn with $connection to read it, like so:
echo "Error: " . $sql . "<br>" . mysqli_error($connection);
Finally, and this is important, the way you're writing your code is hugely dangerous, because you're accepting user input without any filtering. I recommend you google SQL injection to learn more about it.
The main Problem was 'i' I changed
if (mysqli_query($connection, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($connection);}
to
if (mysql_query($connection, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysql_error($connection);}
Now it works perfect, Just I need to look at SQL Injection thats all. Thank you guys anyway :))
A HTML form has been created that should (when filled) send the data it's holding to a database inserting a new row so it can be used later on. However, I can't seem to get it to work, I'm getting the following error:
Notice: Use of undefined constant con - assumed 'con' in C:\xampp\htdocs\form\insert.php on line 4
Warning: mysql_query() expects parameter 1 to be string, object given in C:\xampp\htdocs\form\insert.php on line 17
Data not inserted
HTML Code
<!DOCTYPE html>
<html>
<head>
<title>Form linked to database</title>
</head>
<body>
<form action="insert.php" method="post">
Name: <input type="text" name="username">
<br>
Email: <input type="text" name="email">
<br>
<input type="submit" value="insert">
</form>
</body>
</html>
PHP Code
<?php
$con = mysqli_connect('localhost','[retracted]','[retracted]');
if(!con) {
echo 'Not connected to server!';
}
if(!mysqli_select_db($con,'tutorial')) {
echo 'Database not selected!';
}
$Name = $_POST['username'];
$Email = $_POST['email'];
$sql = "INSERT INTO person (Name,Email) VALUES ('$Name','$Email')";
if(!mysql_query($con,$sql)) {
echo 'Data not inserted';
} else {
echo 'Data inserted';
}
//header("refresh:2; url=form.html");
?>
I'm new to PHP and followed the following YouTube tutorial.
I'm also using XAMPP for this, on a localhost. Any help is appreciated. Thank you.
You should change:
if(!con){
echo 'Not connected to server!';
}
to:
if(!$con){
echo 'Not connected to server!';
}
as you're missing a dollar sign there.
Additionally, you're using a mysql_ function here, on the mysqli_ object $con:
if(!mysql_query($con,$sql))
Change this to
if(!mysqli_query($con,$sql))
SQL injection
As your query is vulnerable to SQL injection, then I'd like to recommend you take a look at using prepared statements, or using mysqli_real_escape_string()-- though, this comes with a few gotcha's: https://stackoverflow.com/a/12118602/7374549
You have done two small mistakes ie
1) forgot to add $ before the variable name ie changes is
if(!$con){
echo 'Not connected to server!';
}
2) you are connected with mysqli_connect but you are trying to use mysql_query functions in it. so please change and use mysqli_query
if(!mysqli_query($con,$sql)){ }
This is issue in your case. My suggestion is to use mysqli or PDO that is good practice.
You are not using the correct mySQL query function, you have used:
mysql_query($con
You should use:
mysqli_query
instead. Let me know if you still have issues.
Altough you have a lot of answers right now, I think none of those is the right one. I've written your code new, procedural as you did, but with prepared statements, so you're going to be save to SQL injections.
<?php
$con = mysqli_connect('localhost','[retracted]','[retracted]');
if(!$con){
echo 'Not connected to server!';
}
if(!mysqli_select_db($con,'tutorial')){
echo 'Database not selected!';
}
$Name = $_POST['username'];
$Email = $_POST['email'];
if ($stmt = mysqli_prepare($con, "INSERT INTO person (Name, Email) VALUES (?, ?"))) {
mysqli_stmt_bind_param($stmt, "ss", $Name, $Email);
mysqli_stmt_execute($stmt);
echo "Data inserted";
}
else {
echo "Error";
}
mysqli_close($con);
//header("refresh:2; url=form.html");
?>
I think it should work, if not let me know.
Try this :
<?php
// Create connection
$conn = new mysqli("localhost", "username", "password", "databasename");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO MyGuests (firstname, lastname, email)
VALUES ('test fname', 'test lname', 'test#example.com')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
I have this code and I am using the latest version of XAMPP:
filename: store.html
<!DOCTYPE html>
<html>
<body>
<form action="store.php" method="post">
User input: <input type="text" name="userinput"><br>
<input type="submit">
</form>
</body>
</html>
filename: store.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
$input = $_POST["userinput"];
$sql = "INSERT INTO table_1 (s_num)
VALUES ('$input')";
?>
Whatever I do, no data is added to the database. Please help. Thank you.
The problem here is that you never executed the query.
$sql = mysqli_query($conn,"INSERT INTO table_1 (s_num)
VALUES ('$input')");
if(!sql){
echo "Error: " . mysqli_error($conn);
}
else{
echo "Success";
}
Reference:
http://php.net/manual/en/mysqli.query.php
Your present code is open to SQL injection if user-input (other than yourself) ever gets involved.
Use prepared statements, or PDO with prepared statements, they're much safer.
Plus, seeing you are running this from your own machine, make sure you are accessing as http://localhost/file.php as opposed to file:///file.php.
You are not executing your sql insertcode.
After this line:
$sql = "INSERT INTO table_1 (s_num)
VALUES ('$input')";
Add these line:
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
i am trying to capture some data from a IOT device. The problem isto capture the data you have to feed in the ip to the device so that data is [posted to that ip address.
To process the data,i came up with this script and aptly named it index.php
<?php
$servername = "94.049.947.776";
$username = "droid";
$password = "!#nord";
$dbname = "atree";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$data = $_POST;
$sql = "INSERT INTO gps (data)
VALUES ('$data')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
To test it out,i have this html page
<form method="post" action="972.245.119.017">
<input type="text" name="ed" value="jsonstring" />
<input type="submit" value="submit" />
</form>
However,no data is inserted to the database. What could be wrong with my script?.
$_POST is php variable in form of an Array, maybe try to :
replace :
$data = $_POST;
with :
$data = $_POST['ed']; // the value from the form
or some other value that you posted to the index.php like :
$data = $_POST['VALUE_NAME'];
consider working with PDO (http://php.net/manual/en/book.pdo.php) for the sql part
You should replace :
$data = $_POST;
by :
$data=$_POST['ed'];
This is my form:
<form action="add.php" method="post" enctype="multipart/form-data">
<input type="url" name="url"><br>
<input type="submit" value="Upload">
</form>
Here is my add.php:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "addimage";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "INSERT INTO addimage (url)
VALUES ('')";
if (mysqli_query($conn, $sql)) {
echo "New txt added successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
Now when I upload text, it shows
txt added successfully
BUT IN PHP MY ADMIN it shows no text in Url column.
I have created 2 columns in my data base Id and Url.
It shows id number(1,2,3....) but not inserted text in php my admin.
Now when I set the value in add.php as http:\
It shows http:\ in all the fields of Url
$sql = "INSERT INTO addimage (url) VALUES ('')";
You insert an empty string into your database...
Please add $_POST['url'], and sanitize it.