i try to creat a table with html and php
when i insert data into my db i get num 1 like a values in all column
this my code
<html dir="rtl">
<form action="" method="post">
<label for="Nom">الاسم:</label>
<center><input type="text" name="Nom"></center>
<label for="Cin">البطاقة الوطنية:</label>
<center><input type="text" name="Cin"></center>
<label for="Tel">الهاتف:</label>
<center> <input type="text" name="Tel"></center>
<label for="DATE_donation"> تاريخ التبرع:</label>
<center><input type="date" name="DATE_donation"></center>
<center><input type="submit" value="إدخال"></center>
</form>
</html>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "ikhlas";
$con= mysqli_connect($servername, $username, $password, $dbname);
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
$Name =isset($_POST['Nom']);
$CIN = isset($_POST['Cin']);
$TEL = isset($_POST['Tel']);
$date = isset($_POST['DATE_donation']);
$sql="INSERT INTO persone(Nom, Cin, Tel, DATE_donation) value ('$Name','$CIN','$TEL','$date')";
if (mysqli_query($con, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($con);
}
?>
and this my ressult in dbenter image description here
Sure because you define all variable with $foo = isset($bar) instead of
if(isset($bar))
$foo = $bar;
Take a look to the doc about SQL injection too: http://php.net/manual/en/security.database.sql-injection.php
Remove your isset()
http://php.net/manual/en/function.isset.php
Replace to:
if(isset($_POST['إدخال']))
{
$Name = (!empty($_POST['Nom']))?$_POST['Nom']:"";
$CIN = (!empty($_POST['Cin']))?$_POST['Cin']:"";
$TEL = (!empty($_POST['Tel']))?$_POST['Tel']:"";
$date = (!empty($_POST['DATE_donation']))?$_POST['DATE_donation']:"";
}
Related
"I have read a lot of problem been solved in stackoverflow similar to my problem, and have seen a lot of example, yet still my code is not inserting in to mysql. however if i hard feed the php it would insert. my info is coming as submit from html post.I have good server connection and also connection to the database, can any one help me if i miss any thing. here is my code below."
<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query("INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
echo "Data Inserted successfully...!!";
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="text" name="image" />
<input type="submit" />
</form>
</body>
</html>
" i expect output of 5/2 to be 2.5"
Write the name for submit button
<input type="submit" name="submit" />
then in php file
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
}
this if statement will run
you not given name attribute to button so give name="submit" and if you want to upload file then change type="file"
<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query("INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
echo "Data Inserted successfully...!!";
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="file" name="image" />
<input type="submit" name="submit" />
</form>
</body>
</html>
You're checking isset($_POST['submit']) but there is no input field which is posted with submit name.. you need to add the name attribute in the submit button. also you're not passing the $connection in the mysqli_query.
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query($connection, "INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
if($query !== false){
echo "Data Inserted successfully...!!";
}
else{
echo "Query failed";
}
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="text" name="image" />
<input type="submit" name = "submit" />
</form>
</body>
</html>
One more suggestion always use PDO in code to prevent SQL injection. Your code is vulnerable to sql injection.
I try to do input number form and make search in page grapht.php. For example I write code:
<form action="grapht.php" method="post">
Name: <input type="text" name="number" autocomplete="off"><br>
<input type="submit">
</td>
</form>
<? $number= $_POST["number"]; ?>
And then make query my MySQL table:
$shipmin = 1;
$shipmax=$number;
$uzklausimas ="SELECT * FROM MyGuests WHERE id >= '$shipmin' AND id<= '$shipmax'";
$minmax=mysqli_query($conn,$uzklausimas);
while($ru=mysqli_fetch_assoc($minmax)){
echo "$ru[id] <br>";
}
But my code doesn't work. Maybe somebody could give me advice how need solve this my problem?
Do you initialize your db connection ($conn) before this line ?
$minmax=mysqli_query($conn,$uzklausimas);
if I write line $shipmax=45; it is working well, but I have static date from 1 to 45. If I write $shipmax=$number; It is not work.
all my code
<?php
$servername = "localhost";
$username = "xxxxx";
$password = "xxxx";
$dbname = "xxxxx";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$shipmin = 1;
$shipmax=$number;
$uzklausimas ="SELECT * FROM MyGuests WHERE id >= '$shipmin' AND id<='$number'";
$minmax=mysqli_query($conn,$uzklausimas);
while($ru=mysqli_fetch_assoc($minmax)){
echo "$ru[id] <br>";
}
mysqli_close($conn);
?>
<form action="forum.php" method="post">
Name: <input type="text" name="name" autocomplete="off"><br>
<input type="submit">
</td></form>
<? $number= (int)$_POST["name"]; ?>
<?php echo $number; ?>
<br>
Page where you could see it is http://ortex.lt/forum.php
I'm trying to execute an sql query that insert a record into a database on WAMP server, but when after pressing the submit button on form, that calls the php code, nothing happens. it just shows the message "Record insertion failed" i provided in the script. after trying and searching for a period of time, i'm unable to find WHERE IS THE ERROR IN QUERY. the code is give below:
<?php
$server="localhost";
$user="root";
$password="";
$database="dbname";
$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//variables getting values from HTML form
if(isset($_POST['Submit-Personal'])){
$name = $_POST['name'];
$cnic = $_POST['cnic'];
$date = $_POST['booking-date'];
$ocassion = $_POST['ocassion'];
$address = $_POST['address'];
$phoneno = $_POST['phone-no'];
$bridemobile = $_POST['bride-mobile'];
$groommobile = $_POST['groom-mobile'];
$familymobile = $_POST['family-mobile'];
$email = $_POST['email'];
$refering = $_POST['refering'];
$share = $_POST['share'];
$permission = $_POST['permission'];
// attempt insert query execution
$qry = "insert into personal_detail (Name, CNIC, Date, Ocassion, Address,
Phone_No, Bride_Mobile, Groom_Mobile,
Family_Mobile,EMail,Referring,Share,Permission) values
('$name','$cnic','$date','$ocassion','$address','$phoneno','$bridemobile','$gro
ommobile','$familymobile','$email','$refering','$share','$permission')";
if(mysqli_query($con,$qry))
{
$message = "Record Saved Successfully";
echo "<script type='text/javascript'>alert('$message');</script>";
}
else
{
$message = "Record Insertion Failed!";
echo "<script type='text/javascript'>alert('$message');</script>";
}
I have another table it's working completely fine. Means saves records into the table if the entries in the form are made as required.To me the syntax of both is looking completely same, but don't why the one not working: the PHP code that' working fine for other table is given below:
<?php
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";
$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){
$name = $_POST['name'];
$cn = $_POST['contact-number'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
//query
$qry = "insert into contact_us (Name,Contact_No,EMail,Subject,Message) values ('$name','$cn','$email','$subject','$message')";
if(mysqli_query($con,$qry))
{
$message = "Record Saved Successfully";
echo "<script type='text/javascript'>alert('$message');</script>";
}
else
{
$message = "Record Insertion Failed!";
echo "<script type='text/javascript'>alert('$message');</script>";
}
}
mysqli_close($con);
?>
#Muhammad Aatif here i have a similar example of your with same column and table name.
I have used mysqli_real_escape_string($conn, $_POST['name_of_form']) against SQL INJECTION to know more you can visit this site sql injection link
HERE IS THE HTML FORM CODE IN FILE NAME: INDEX.PHP
<!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
</head>
<body>
<form action="process.php" method="post">
<p>enter name</p>
<input type="text" name="name"><br>
<p>enter cnic</p>
<input type="text" name="cnic"><br>
<p>enter data</p>
<input type="date" name="date"><br>
<p>enter Occassion</p>
<input type="text" name="ocassion"><br>
<p>enter Address</p>
<input type="text" name="address"><br>
<p>enter phone_no</p>
<input type="text" name="phone_no"><br>
<p>enter Bride mobil</p>
<input type="text" name="bride_mobile"><br>
<p>enter Groom mobile</p>
<input type="text" name="groom_mobile"><br>
<p>enter family mobile</p>
<input type="text" name="family_mobile"><br>
<p>enter email</p>
<input type="text" name="email"><br>
<p>enter Referring</p>
<input type="text" name="referring"><br>
<p>enter share</p>
<input type="text" name="share"><br>
<p>enter permission</p>
<input type="text" name="permission"><br>
<input type="submit" name="Submit-Personal"><br>
</form>
</body>
</html>
HERE IS THE PHP CODE IN FILE NAME: PROCESS.PHP
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "demo";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['Submit-Personal'])){
$name = mysqli_real_escape_string($conn, $_POST['name']);
$cnic = mysqli_real_escape_string($conn, $_POST['cnic']);
$date = mysqli_real_escape_string($conn, $_POST['date']);
$ocassion = mysqli_real_escape_string($conn, $_POST['ocassion']);
$address = mysqli_real_escape_string($conn, $_POST['address']);
$phone_no = mysqli_real_escape_string($conn, $_POST['phone_no']);
$bride_mobile = mysqli_real_escape_string($conn, $_POST['bride_mobile']);
$groom_mobile = mysqli_real_escape_string($conn, $_POST['groom_mobile']);
$family_mobile = mysqli_real_escape_string($conn, $_POST['family_mobile']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$referring = mysqli_real_escape_string($conn, $_POST['referring']);
$share = mysqli_real_escape_string($conn, $_POST['share']);
$permission = mysqli_real_escape_string($conn, $_POST['permission']);
$sql = "INSERT INTO personal_detail (Name,CNIC, Date,Ocassion,Address,Phone_No,Bride_Mobile,Groom_Mobile,Family_Mobile,EMail,Referring,Share,Permission) VALUES ('$name','$cnic','$date','$ocassion','$address','$phone_no','$bride_mobile','$groom_mobile', '$family_mobile','$email','$referring','$share','$permission')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
echo "<script type='text/javascript'>alert('sucess');</script>";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
?>
HERE IS THE OUTPUT RESULT
HERE IS THE TABLE IMAGE
FEEL FREE TO ASK MORE QUESTIONS
The proper way to prevent sql injection is to use MYSQLI->PREPARED STATEMENT CLICK ON THIS LINK TO GET BREIF DETAIL SQL INJECTION
I am having an issue in inserting into a table. The connection file is correct and is coming from the header.php. There are no errors but when I go within the table no records are being inserted.
<?php
include('header2.php');
if(isset($_POST['done'])) {
$title = $_POST['title'];
$description = $_POST['description'];
$link = $_POST['link'];
$company = $_POST['company'];
$sql = "INSERT INTO placements (title, description, link, company)
VALUES ('$title', '$description', '$link','$company')";
// use exec() because no results are returned
echo "New record created successfully";
}
?>
<html>
<head>
<title> Add a Placement </title>
</head>
<body>
<form method="post">
<input type="text" name="title" placeholder="title">
<input type="text" name="description" placeholder="description">
<input type="text" name="company" placeholder="company">
<input type="text" name="link" placeholder="link">
<input type="submit" name="done">
</form>
</body>
</html>
You are not executing the query at all. I assume your database connection as below and run your query. It should work.
Tested.
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(isset($_POST['done'])) {
$title = $_POST['title'];
$description = $_POST['description'];
$link = $_POST['link'];
$company = $_POST['company'];
$sql = "INSERT INTO placements (title, description, link, company)
VALUES ('$title', '$description', '$link','$company')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
I´m trying to create a form connected to a database but when I fill out the form and I refer to the table in phpMyAdmin I see that it have entered a blank record instead of form data. I´m using PhpStorm.
I think all this code is correct...
That is the form of the .html:
<form id="form1" name="form1" method="post" action="index.php">
<label for="userSignUp">Email</label>
<input type="text" name="userSign" id="userSignUp" />
<label for="passwordSignUp">Password</label>
<input type="password" name="passwordSign" id="passwordSignUp" />
<input type="submit" name="Submit" id="Submit" value="Submit" />
</form>
I have the following .php:
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$db_selected = mysqli_select_db($conn, $dbname);
$userSignUp = ""; // If I substitute "" with characters at this time the table is well updated
$passwordSignUp = ""; // Same as before
if(isset($_POST['userSign'])){
$userSignUp = $_POST['userSign'];
}
if (isset($_POST['passwordSign'])) {
$passwordSignUp = $_POST['passwordSign'];
}
$sql = "INSERT INTO test.person (FirstName, Password) VALUES ('$userSignUp', '$passwordSignUp')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();