Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I am new to php and have written the following php script to write from a FORM. However, the database is not updating. I know that the database connection is okay. Any help would be appreciated.
$name = $_POST["name"];
$lastName = $_POST["last_name"];
$email = $_POST["email"];
$location = $_POST["location"];
$timestamp = date("Y-m-d H:i:s");
$sql = "INSERT INTO club.users (name, last_name, email, location, created_at) VALUES ('$name', '$lastName', '$email', '$location', '$timestamp')";
Try this
You have to use the SQL injection for security something like this
$conn->real_escape_string($_POST['name']);
Check your table name.I haven't use table name club.users before because it will display the error like table does't exist. Just use the table name club or users
Time to learn the PHP
https://www.w3schools.com/php/php_mysql_insert.asp
index.php
I hope your HTML code looks like this
<form action="register.php" method="POST" name="register">
<input type="text" name="name" placeholder="Name">
<input type="text" name="lastname" placeholder="Lastname">
<input type="email" name="email" placeholder="Email">
<input type="text" name="location" placeholder="Location">
<input type="submit" name="submit" value="Register">
</form>
Connection.php
If you are working on the local server the used root as username and password should be blank.
$servername = "localhost";
$username = "root";//if you are working on local server
$password = ""; //set blank if you are working on local server
$dbname = "myDB";//your database name
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
register.php
<?php
include('connection.php');// added the connection here
if (isset($_POST['submit'])) {
$name = $conn->real_escape_string($_POST["name"]);
$lastName = $conn->real_escape_string($_POST["lastname"]);
$email =$conn->real_escape_string($_POST["email"]);
$location = $conn->real_escape_string($_POST["location"]);
$timestamp = date("Y-m-d H:i:s");
$sql = "INSERT INTO club (name, lastname, email, location, created_at) VALUES ('$name', '$lastName', '$email', '$location', '$timestamp')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
First of all define the db server connection in same php page or you may include the connection. Php file for this purpose.
Secondly it you wish to use MySQL db simple use musql_query($sql, $con) then write below lines of after inserting results.
Sorry I posted it from my mobile if you need I can post you entire code sample from my PC.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
So, I am trying to validate whether username and email entered by a user in an html form are correct according to Database
I have a database called testing and a table called info which has two fields:
name and email.
this is the code
<html>
<body>
<form action="conn.php" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname="testing";
$name=$_POST['name'];
$mail=$_POST['email'];
// Create connection
$conn1 = new mysqli($servername, $username, $password, $dbname);
$query='select email from info where name= "$name"';
$results = mysqli_query($conn1,$query);
$row= mysqli_fetch_assoc($results);
echo $row["email"];
$email=$row["email"];
if($mail==$email){
echo " correct values";
}
else
echo " incorrect";
//echo $name, $email;
// Check connection
//if ($conn1->connect_error) {
// die("Connection failed: " . $conn1->connect_error);
//}
//echo "Connected successfully";
$conn1->close();
?>
but the result is always incorrect. The values that i enter in the text boxes match the values in the database.
You should use placeholders, the code would be something like this:
$query = 'SELECT emal FROM info WHERE name = ?';
$stmt = mysqli_stmt_prepare($conn1, $query);
mysqli_stmt_bind_param($stmt, 's', $name);
mysqli_stmt_execute($stmt);
$results = mysqli_stmt_get_result($stmt);
For better readable code, read up on the object-oriented mysqli-interface, or better yet use PDO.
alternatively you can use string concatenation like
Update this line
$query='select email from info where name= "$name"';
with
$query='select email from info where name= "'.$name.'" ';
or with
$query="select email from info where name= '".$name."' ";
I've been using php and mysql for my computing project and I've just run into this small problem. I've tried countless numbers of variations to this line of code but I always seem to receive an SQL Error.
Background Information:
HTML Document that contains a form, allowing the Admin to upload an image path, a name for the photo and a comment as well
PHP Document containing SQL that runs the code for this. I've worked out how to insert either an image path, a name or a comment but not all three at once...
Here's the line of code that causes the problem, specifically inserting the data into the database.
$sql="INSERT INTO image_tbl (image, name, comment) VALUES ('{$_POST{[ VALUES GO HERE, WHAT SYNTAX/HOW??? ]}')";
The HTML Form is here (for anyone interested):
<form action="insertTest.php" method="POST" enctype="multipart/form-data">
Image: <input type="text" name="image" /><br>
Name: <input type="text" name="name" /><br>
Comment: <input type="text" name="comment" /><br>
<input type="submit">
</form>
PHP Doc (whole upload file, quite small, changed password for security xD):
<?php
$servername = "localhost";
$username = "root";
$password = "password";
$dbname = "admin_db";
// Create connection
$conn = new mysqli($servername = "localhost", $username = "root", $password = "password", $dbname = "admin_db");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql="INSERT INTO image_tbl (image, name, comment) VALUES ('{$_POST{[]}')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
$image = $_POST['image'];
$name = $_POST['name'];
$comment = $_POST['comment'];
$sql="INSERT INTO image_tbl (image, name, comment) VALUES ('$image', '$name', '$comment')";
you can set variables to the associative array (with name from html form) and include each in the sql query. Something like this:
$image = $_POST['image'];
$name = $_POST['name'];
$comment = $_POST['comment'];
$sql="INSERT INTO image_tbl (image, name, comment) VALUES ('$image','$name','$comment')";
Separate your variables $imgpath=$_POST["path"]; $imgname=$_POST["name"]; $imgcomment=$_POST["comment"]; now insert into table.... INSERT INTO imgtable(path,name,comment) VALUES('$imgpath','$imgname','$imgcomment')
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
this seems to be correct but I'm missing it somehow.
form in a demo-form.php file
<form action="test.php" method="post" />
<p>Name: <input type="text" name="name" /></p>
<p>Email: <input type="text" name="email" /></p>
<input type="submit" value="Submit" />
</form>
code in a test.php file
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "forms1";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO per_Info (name, email)
VALUES ('Test', 'test#example.com')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
The problem: it inserts 'Test', 'test#example.com' into the database (under "name" and "email") instead of whatever name I actually type into the form, in other words, if I type "John" and "John#test.com in the Name field on the form it will only insert 'Test', 'test#example.com' and not "John", etc.
You post data with a form and that data can be retrieved by using $_POST['inputname']
<?php
$stmt = $conn->prepare("
INSERT INTO per_Info
(name, email)
VALUES
(?, ?)
");
$stmt->bind_param("ss", $_POST['name'], $_POST['email']);
if($stmt->execute()){
echo "New record created successfully";
}
?>
Isn't that what you want ? Inserting "Test" as a name and "test#example.com" in your database whatever the users types in the form ? Because that's what this line says :
$sql = "INSERT INTO per_Info (name, email)
VALUES ('Test', 'test#example.com')";
Sorry for being sarcastic, it took me 5 minutes to figure out what was wrong and when I did I felt stupid :p. So what you need to do is to sanitize your $_POST['name'] and $_POST['email'] (more info on sanitizing post data). Say you already did that and you have two pefectly clean variables called $name and $email. What you want to do is :
$sql = "INSERT INTO per_Info (name, email)
VALUES ('$name', '$email')";
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
Hey there i have searched but can not find the answer i am looking for. My form will not post to my database i started getting sql injected so i changed my code around to use $mysqli->real_escape_string but it does not seem to want to still post all i am getting is the error in the code any help would be greatly appreciated.
<form action="" method="post">
<br/>
<input type="text" name="Key" class="dap_text_box" placeholder="Enter Key"/><br/>
<br/>
<input type="text" name="Name" class="dap_text_box" placeholder="Name"/><br/>
<br/>
<input type="text" name="Email" class="dap_text_box" placeholder="Email"/><br/>
<br/>
<input type="text" name="IP_s_" class="dap_text_box" placeholder="Enter IP"/><br/>
<br/>
<input type="submit" name="submit" value="Key Activation" class="sendbutton"/> </form> <hr/> </body> </html>
<?php
if (isset($_POST['submit'])) {
$mysqli = new mysqli("localhost", "root", "rkPJNwe0cI", "key");
// Check
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
// Set charset for correct escaping
$mysqli->set_charset('utf8');
echo $_SERVER["REMOTE_ADDR"]; // mmm?
$key = $mysqli->real_escape_string($_POST['Key']);
$IP = $mysqli->real_escape_string($_POST['IP']);
$name = $mysqli->real_escape_string($_POST['Name']);
$email = $mysqli->real_escape_string($_POST['Email']);
$IP_s = $mysqli->real_escape_string($_POST["IP_s_"]);
// (ID, Key, Activated, IP, Banned)
$sql = "INSERT INTO keys (ID, Key, Activated, IP, Banned, Name, Email) VALUES ('$ID1', '$key', 1, '$IP', 0, '$name', '$email')";
$sql1 = "SELECT ID, Key, Activated, IP, Name, Email FROM Keys";
$sql = "UPDATE Keys set IP='$IP_s_', Name='$name', Email='$email', Activated='1' WHERE Key='$key'";
if ($mysqli->multi_query($sql) === TRUE) {
echo "Activated";
} else {
echo "Error";
}
$mysqli->close(); }
You have quite a few things wrong from what I can see. Too long for a comment.
You use multi_query() but only have one query defined in $sql. Your insert statement and select statement don't appear to be doing anything, you overwrite the insert statement before you call multi_query().
$ID1 doesn't appear to be defined anywhere for your insert statement.
Why not use prepared statements? So much easier and efficient than trying to escape each individual string.
I have installed lamp on Ubuntu and everything is working fine i tried localhost/testphp() that works fine but when I put that code it shows the values if i echo them but it doesnt insert them in the db and it doesnt give error on mysql connection either.
using POST method to send form data
<form action="form.php" method="POST">
<label>Email:</label>
<input type="text" name="name">
<label>Password</label>
<input type="password" name="pass">
</form>
and here is the php code
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
echo "hello I am here !<br/>";
$con=mysqli_connect("localhost","root","123","login");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$name = $_POST['name'];
$password = $_POST['pass'];
echo " Name: ".$name." <br/>Password: ".$password;
mysqli_query($con,"INSERT INTO login_data (username, password) VALUES ('". $name ."', '". $password ."')");
//it doesnt insert the data
//how do i check the error of that query ?
mysqli_close($con);
?>
Help !
$sql="INSERT INTO login_data(username,password) values(".$_POST['name'].",".$_POST['password'].")";
mysqli_query( mysqli $link , string $query)
First connection, then the query. And use mysqli
$a=mysqli_query($con, $sql );
First of all you can enable PHP errors with your php.ini with :
display_errors = on
Or by using a .htaccess file.
Then the sql may be :
$sql = "INSERT INTO login_data(username, password) VALUES ('". $name ."', '". $password ."')";
As Don said, you use mysqli and then mysql. You have to use mysqli_query();
your sql statement is incorrect :
$sql="Insert into login_data(username,password) values("$name","$password")";
It should be
$sql="Insert into login_data(username,password) values("'".$name."'","'".$password."'")";
since $name and $password are predefined, you just need to pass them with proper quotes.