I have a PHP script that is attempting to INSERT form data into a MSSQL database. When I run the script, the script runs successfully, but the INSERT doesn't seem to post the data. Here is the relevant code:
<?php
//collect data from form
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$telephone = $_POST['telephone'];
$email = $_POST['email'];
$password = $_POST['password'];
$serverName = "192.168.1.1"; //serverName\instanceName
$connectionInfo = array( "Database"=>"mydatabase", "UID"=>"username", "PWD"=>"password");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
$sql = "INSERT INTO Member_Details (FirstName,LastName,Address,City,State,Zip_Code,Telephone,Email,User_Name,Password,Is_Validated) VALUES (?,?,?,?,?,?,?,?,?,?,?)";
$params = array($firstname,$lastname,$address,$city,$state,$zip,$telephone,$email,username,$password,0);
$stmt = sqlsrv_query( $conn, $sql, $params);
echo "You were successfully registered for user name " . $username;
}else {
echo "Something went wrong";
}
?>
I have confirmed that form data is being passed successfully via the message passed upon the running of the script.
Any suggestions would be appreciated!
Mike
As far as i remember, you have to prepend the dbo. (or whatever the owner of the table is) to the table name.
like
insert into dbo.tablename (cols) values (vals)
Related
when it try to submit the form content to the database i get the following error :
{"code":"MethodNotAllowedError","message":"POST is not allowed"}
I am using Dreamweaver cc 2017 and xampp v3.2.2 to run Apache and Mysql on windows 10.
html form :
<form action="register.php" id="form1" name="form1" method="post">
and register.php content is :
<?php
$hostname_conn = "localhost";
$database_conn = "hotels";
$username_conn = "root";
$password_conn = "";
$conn = mysqli_connect($hostname_conn, $username_conn, $password_conn) or trigger_error(mysqli_error(),E_USER_ERROR);
$db=mysqli_select_db($conn,$database_conn);
$q1= "insert into users(username,email,password,number)values('$_POST[textfield]','$_POST[email]','$_POST[password]','$_POST[number]')";
$q2=mysqli_query($conn,$q1);
if(mysqli_query($conn,$q1))
{
$msg = 'User information saved successfully.';
}
else
{
$msg = 'Error: We encountered an error while inserting the new record.';
}
echo $msg;
mysqli_close($conn);
?>
</body>
</html>
using PDO:
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "hotels";
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$stmt = $conn->prepare("INSERT INTO users (username, email, password, number)
VALUES (:username, :email, :password, :number)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':password', $password);
$stmt->bindParam(':number', $number);
$username = $_POST['textfield'];
$email = $_POST['email'];
$password = $_POST['password'];
$number = $_POST['number'];
$stmt->execute();
The problem is for syntax. Anyway you should to use good practices. Check this post How can I prevent SQL injection in PHP?
$username = $_POST["textfield"]; //unsafe
$username = mysql_real_escape_string($username); //safe
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$number = mysql_real_escape_string($_POST["number"]);
$db=mysqli_select_db($conn,$database_conn);
$q1= "insert into users(username,email,password,number)values('".$username ."','".$email."','".$password."','".$number."')";
$q2=mysqli_query($conn,$q1);
So I have a simple website that adds you to a sql database. Right now my database only contains a table that takes in the firstName, lastName and email of a user(this will be added upon later). But my main problem is that I'm not quite sure how to establish a connection.
I know that my php code is surely contains a lot of mistakes but these will hopefully be fixed once I can add users.
I am hosting my sql and apache server through XAMPP.
My jsfiddle: https://jsfiddle.net/2knt74r5/
My php code:
<?php
/*
IF CITIZEN FORM WAS SUBMITED
*/
if ($_POST["citEnter"]){
$title = $_POST["title"];
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];
$email = $_POST["citEmail"];
}
/*
IF ORGANISATION FORM WAS SUBMITED
*/
if ($_POST["orgEnter"]){
$title = $_POST["title"];
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];
$email = $_POST["orgEmail"];
}
/*
IF ANONYMOUS FORM WAS SUBMITED
*/
if ($_POST["anonEnter"]){
$title = "";
$firstName = "Anonymous";
$lastName = "";
if ($_POST["anonEmail"])
$email = $_POST["anonEmail"];
else
$email = "";
}
// I know that I need to establish a connection first..
$sql = "INSERT INTO MyGuests (firstname, lastname, email) VALUES ($firstName, $lastName, $email)";
?>
to establish database connection in php you could use PDO class.
for example
$connection = new PDO("mysql:host=localhost;dbname=database_name;user=username;password=password");
$sql = "Insert into table xyz(z,b) values('a','b')";
$statement = $connection->prepare($sql);
$statement->execute();
After running a SELECT * FROM users, there is no difference to the table.
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];
$dateOfBirth = $_POST["dateOfBirth"];
$gender = $_POST["gender"];
$fitnessLevel = $_POST["fitnessLevel"];
$number = $_POST["number"];
$address = $_POST["address"];
$password = $_POST["password"];
$user = 'root';
$pass = 'root';
$db = 'gymmembers';
$db = new mysqli('localhost',$user,$pass,$db) or die("Error, try again");
mysqli_query($db, "INSERT INTO users(`firstName`,`lastName`,`dateOfBirth`,`gender`,`fitnessLevel`,`number`,`address`,`password`)
VALUES('$firstName','$lastName','$dateOfBirth','$gender','$fitnessLevel','$number','$address','$password')" or die(mysqli_error()));
I can echo any of the variables and they show, so the data from the form is being passed to here.
Thanks :-)
Actually you putted die(mysqli_error()) inside mysqli_query() which is not correct, do like below:-
mysqli_query($db, "INSERT INTO users(`firstName`,`lastName`,`dateOfBirth`,`gender`,`fitnessLevel`,`number`,`address`,`password`)
VALUES('$firstName','$lastName','$dateOfBirth','$gender','$fitnessLevel','$number','$address','$password')") or die(mysqli_error($db));
Note:- add $db in mysqli_error() so that if any error occur you will come to know.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$databasename = "test";
$conn = new mysqli($servername , $username , $password, $databasename);
$name = $_POST["firstname"];
$last = $_POST["lastname"];
$statement = mysqli_prepare($conn, "INSERT INTO user(firstname ,lastname) VALUES(?,?)");
mysqli_stmt_bind_param($statement ,"si", $name,$last);
mysqli_stmt_execute($statement);
$response = array();
$response["success"] = true;
echo json_encode($response);
?>
where is the problem in above php script that it save the first name in database while cannot save the lastname.
The problem is because of this line,
mysqli_stmt_bind_param($statement ,"si", $name,$last);
^ see here
It should be,
mysqli_stmt_bind_param($statement ,"ss", $name,$last);
I am getting an error in my php code for database linking.I am trying to link my website login page with my database hosted on server.Here is the code
init.php
<?php
define('HOST','##########');
define('USER','##########');
define('PASS','##########');
define('DB','##########');
$con = mysqli_connect(HOST,USER,PASS,DB) or die('Unable to Connect');
?>
<?php
require "init.php";
$username = $_POST["username"];
$password = $_POST["password"];
$fullname = $_POST["fullname"];
$sex = $_POST["sex"];
$country = $_POST["country"];
$address = $_POST["address"];
$contact = $_POST["contact"];
$email = $_POST["email"];
$dob = $_POST["dob"];
$flag = $_POST["flag"];
$sql = "insert into signup('".$username."','".$password."','".$fullname."','".$sex."','".$country."','".$address."','".$contact."','".$email."','".$dob."','".$flag."');";
if(mysqli_query($con,$sql))
{ echo"<br><h3>One row inserted....</h3>"; }
else
{ echo "Error in insertion...." . mysqli_error($con);
}
?>
ERROR
Error in insertion....You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''','','','','','','','','','')' at
line 1
Your insert query should be like:
$sql = "insert into signup values('".$username."','".$password."','".$fullname."','".$sex."','".$country."','".$address."','".$contact."','".$email."','".$dob."','".$flag."');";
You missed VALUES in insert query. And use bind_param() to bind the values in query instead of directly including.
$sql = "insert into signup VALUES('".$username."','".$password."','".$fullname."','".$sex."','".$country."','".$address."','".$contact."','".$email."','".$dob."','".$flag."');";