This is the php file that going to enter data into the mysql database. When I run it, browser shows "connected successfully selected successfully Executing inside fileNot Inserted". but it's not going to show any errors. And data is not insert in to the database. What's wrong with this code.
*dbConnection.php
<?php
$dbhost="localhost";
$dbuser="root";
$dbPassword="123";
$database="medicalcenter";
$connection = mysqli_connect($dbhost,$dbuser,$dbPassword) or die("unable to connect");
if($connection){
echo 'connected successfully ';
}else{
echo 'not connected';
}
$dbSelect=mysqli_select_db($connection,$database);
if($dbSelect){
echo 'selected successfully';
}else{
echo 'not selected';
}
?>
*insert.php
<?php
include 'dbConnection.php';
echo "Executing inside file";
$firstName = filter_input(INPUT_POST,'firstname');
$secondName = filter_input(INPUT_POST,'lastname');
$address1 =filter_input(INPUT_POST,'address1');
$address2 =filter_input(INPUT_POST,'address2');
$city =filter_input(INPUT_POST,'city');
$email =filter_input(INPUT_POST,'email');
$age =filter_input(INPUT_POST,'age');
$gender =filter_input(INPUT_POST,'gender');
$sql= "INSERT INTO patient(FirstName,LastName,AddressLine1,AddressLine2,City,Email,Age,Gender) VALUES ('$firstName','$secondName','$address1','$address2','$city',$email','$age','$gender')";
if(mysqli_query($connection,$sql)){
echo 'Inserted successfully';
}else{
echo 'Not Inserted';
}
mysqli_close($connection);
?>
$sql= "INSERT INTO patient(FirstName,LastName,AddressLine1,AddressLine2,City,Email,Age,Gender) VALUES ('$firstName','$secondName','$address1','$address2','$city',$email','$age','$gender')";
check your above line you have forgot ' before email please check with below line. may it helps you.
$sql= "INSERT INTO patient(FirstName,LastName,AddressLine1,AddressLine2,City,Email,Age,Gender) VALUES ('$firstName','$secondName','$address1','$address2','$city','$email','$age','$gender')";
Related
I am trying to redirect to thanks webpage after stored on data on mysql using header("Location: success.html");
exit;
but when i open that link it will automatically goes into success.html page without entering or Storing any data on form and mysql.
<?php
$con=mysqli_connect("localhost","root","","vdl");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])) // Fetching variables of the form which travels in URL
{
$company_name = $_POST['company_name'];
$since = $_POST['since'];
$strength = $_POST['strength'];
$head_quarter = $_POST['head_quarter'];
if($company_name !=''||$since !='')
{
mysqli_query($con,"insert into digital_library(company_name, since, strength, head_quarter) values ('$company_name', '$since', '$strength', '$head_quarter')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
mysqli_close($con);
}
else
{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
}
}
header("Location: success.html");
exit;
?>
$con=mysqli_connect("localhost","root","","libro");
// Check connection
if (mysqli_error($con))
{
echo "Failed to connect to MySQL: " . mysqli_error($con);
exit();
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$company_name = $_POST['company_name'];
$since = $_POST['since'];
$strength = $_POST['strength'];
$head_quarter = $_POST['head_quarter'];
if($company_name !== ''||$since !== ''){
mysqli_query($con,"insert into digital_library(company_name, since, strength, head_quarter) values ('$company_name', '$since', '$strength', '$head_quarter')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
header("Location: success.html");
exit();
}
else{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
exit();
}
}
Please Use PDO or mysqli. I have just edited your existing code so that you get redirected to your success page after successful insertion.
$con=mysqli_connect("localhost","root","","vdl");
$i = 0;
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$company_name = $_POST['company_name'];
$since = $_POST['since'];
$strength = $_POST['strength'];
$head_quarter = $_POST['head_quarter'];
if($company_name !=''||$since !=''){
mysqli_query($con,"insert into digital_library(company_name, since, strength, head_quarter) values ('$company_name', '$since', '$strength', '$head_quarter')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
mysqli_close($con);
}
else{
$i++;
}
}
if($i==0){
header("Location: success.html");
}else{
echo "Error msg";
}
This code does not insert value in to the database. I am not able to find any problem in this code. I am new in this era. Please help guys.
<?php
$con = mysqli_connect('localhost', 'root', '');
if(!$con)
{
echo 'Not Connected To Server';
}
if (!mysqli_select_db ($con,'db_name'))
{
echo 'Database Not Selected';
}
$salutation = $_POST['salutation'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$sql= "INSERT INTO `db_name`.`tb_name` (`salutation`, `first_name`, `last_name`, `email`, `phone`) VALUES (`$salutation`, `$first_name`, `$last_name`, `$email`, `$phone`);";
if (!mysqli_query($con,$sql))
{
echo 'Not Inserted';
}
else
{
echo 'Inserted Successfully';
}
?>
After submit it shows the result "Not Inserted".
Trying to build an email list in a database. I made this code, but it's not working and i'm not getting any errors. Am I on the right track?
HTML:
<div id="signup">
<h1>Sign-Up For Our Newsletter!</h1>
<form method="post" action="scripts/php/addSubscription.php">
<label for="email">E-mail: </label><input type="email" name="email" size="75"> <input type="submit">
</form>
</div>
PHP:
require('settings/globalVariables.php');
require('settings/mysqli_connect.php');
mysqli_select_db($conn,"newsletterlist");
$email = mysqli_real_escape_string($conn, $_POST['email']);
$sql = "INSERT INTO newsletterusers (email) VALUES ($email)";
if (mysqli_query($conn, $sql)) {
echo 'You have successfully subscribed!';
}
else {
echo 'Sorry, An error occured. Please try again.';
}
mysqli_close($conn);
$conn is a variable in mysqli_connect.php
Adding contents of mysqli_connect.php just for reference:
<?php
$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASS);
?>
I use this on several databases and it connects each time.
EDIT:
Updated code per answers/comments and still nothing is happening.
require('settings/globalVariables.php');
require('settings/mysqli_connect.php');
mysqli_select_db($conn,"newsletterlist");
$email = mysqli_real_escape_string($conn, $_POST['email']);
$sql = "INSERT INTO newsletterusers (email) VALUES ('$email')";
if (mysqli_query($conn, $sql)) {
echo 'You have successfully subscribed!';
}
else {
echo "Error: ".mysqli_error($conn);
}
mysqli_close($conn);
SOLVED:
require('/home/jollyrogerpcs/public_html/settings/globalVariables.php');
require('/home/jollyrogerpcs/public_html/settings/mysqli_connect.php');
mysqli_select_db($conn,"newsletterlist");
$email = mysqli_real_escape_string($conn, $_POST['email']);
$sql = "INSERT INTO newsletterusers (email) VALUES ('$email')";
if (mysqli_query($conn, $sql)) {
echo 'You have successfully subscribed!';
}
else {
echo "Error: ".mysqli_error($conn);
}
mysqli_close($conn);
You are currently getting an error but your code doesn't show you. Print the error for a start:
if (mysqli_query($conn, $sql)) {
echo 'You have successfully subscribed!';
}
else {
echo "Error: ".mysqli_error($conn);
}
The real error you are getting is a syntax error. This is how your generated SQL looks like:
INSERT INTO newsletterusers (email) VALUES (hello#email.com)
Note that there are no quotes around it, you can fix it by surrounding $email with quotes:
$sql = "INSERT INTO newsletterusers (email) VALUES ('$email')";
How can I use mysqli_real_escape_string in my script to prevent SQL injection. I was working on some code and asking some questions here and I was advised to use mysqli_real_escape_string instead of mysql_real_escape_string, the problem is my code does not make a connection until after the variables I want to secure. It was suggested that I should used prepared statements instead but after some searching http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php I feel more confused. Right now the code if doing exactly what it is not supposed to do, it is inserting empty values/rows into my table, which from my reading is probably because of the use of mysqli_real_escaape_string
Any thoughts or help is appreciated, I am so frustrated and confused but still trying to learn. Here is the code:
<?php
//Form fields passed to variables
$manu = mysqli_real_escape_string($_POST['inputManu']);
$model = mysqli_real_escape_string($_POST['inputModel']);
$desc = mysqli_real_escape_string($_POST['inputDesc']);
//Connect to database using $conn
include ('connection.php');
//Insert record into table
$sql = "INSERT INTO gear (`id`,`manu`,`model`,`desc`)
VALUES (NULL,'$manu','$model','$desc')";
//Check for empty fields
if (isset($_POST['submit']))
{
foreach($_POST as $val)
{
if(trim($val) == '' || empty($val))
{
die('Error: ' . mysqli_error());
echo "Please complete all form fields!";
echo "<meta http-equiv='Refresh' content='3; URL=../add.php'>";
}
}
if (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error($conn));
}
else
{
//echo "1 record added";
echo "Success, You added the ".$manu." ".$model."";
echo "<meta http-equiv='Refresh' content='3; URL=../index.php'>";
}
}
else
{
echo "some error";
}
mysqli_close($conn);
?>
<?php
//Connect to database using $conn
include ('connection.php');
//Form fields passed to variables
$manu = mysqli_real_escape_string($conn, $_POST['inputManu']);
$model = mysqli_real_escape_string($conn, $_POST['inputModel']);
$desc = mysqli_real_escape_string($conn, $_POST['inputDesc']);
Hope Below code will help you.
<?php
//Connect to database using $conn
/*in connection.php
$link = mysqli_connect("localhost", "root", "", "test");
*/
include ('connection.php');
//Check for empty fields
if (isset($_POST['submit']))
{
//Form fields passed to variables
$manu = mysqli_real_escape_string($link,$_POST['inputManu']);
$model = mysqli_real_escape_string($link,$_POST['inputModel']);
$desc = mysqli_real_escape_string($link,$_POST['inputDesc']);
if($manu!='' && $model!="" && $desc!="")
{
//Insert record into table
$sql = "INSERT INTO gear (`id`,`manu`,`model`,`desc`)
VALUES (NULL,'$manu','$model','$desc')";
$r=mysqli_query($link,$sql) ;
//echo "1 record added";
if($r)
{
echo "Success, You added the ".$manu." ".$model."";
// echo "<meta http-equiv='Refresh' content='3; URL=../index.php'>";
}
}
else
{
echo "Please complete all form fields!";
}
}
?>
I am trying to make my form validation and db insert script work but am facing problems again. I am using an elseif statement to do:
Check if the form was actually submitted by the user clicking the submit button and all data fields completed, if not warn and redirect back to the form page (this is the only part that seems to be working)
If the form has been completed fully and submit button clicked then connect to mysql server and select db or die and display error message
If there is a connection to the database then insert the form data to the table
I can prevent the entry of empty fields but that is all,everything else seems to break. I cannot seem to figure out why. tail -f /var/log/apache2/error.log displays nothing. Perhaps I have over complicated things. I have been using this site as a reference and http://www.w3schools.com/php/php_if_else.asp for elseif syntax, newbie still screwing things up.
Here is the code:
<?php
//Form fields passed to variables
$manu = mysql_real_escape_string($_POST['inputManu']);
$model = mysql_real_escape_string($_POST['inputModel']);
$desc = mysql_real_escape_string($_POST['inputDesc']);
//Connect to database using $conn
include ('connection.php');
//Insert record into table
$sql = "INSERT INTO gear (`id`,`manu`,`model`,`desc`)
VALUES (NULL,'$manu','$model','$desc')";
//Check for empty fields
if ($_POST['submit'])
{
foreach($_POST as $val)
{
if(trim($val) == '' || empty($val))
{
die();
echo "Please complete all form fields!";
echo "<meta http-equiv='Refresh' content='3; URL=../add.php'>";
//header("Location: ../add.php?error=empty_fields");
}
}
}
elseif (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error($conn));
}
else
{
//echo "1 record added";
echo "Success, You added the ".$manu." ".$model."";
echo "<meta http-equiv='Refresh' content='3; URL=../index.php'>";
}
mysqli_close($conn);
?>
Here is the code that works but I am sure there are some more refinements that could be made:
<?php
//Connect to database using $conn
include ('connection.php');
//Form fields passed to variables
$manu = mysqli_real_escape_string($conn, $_POST['inputManu']);
$model = mysqli_real_escape_string($conn, $_POST['inputModel']);
$desc = mysqli_real_escape_string($conn, $_POST['inputDesc']);
//Insert record into table
$sql = "INSERT INTO gear (`id`,`manu`,`model`,`desc`)
VALUES (NULL,'$manu','$model','$desc')";
//Check for empty fields
if (isset($_POST['submit']))
{
foreach($_POST as $val)
{
if(trim($val) == '' || empty($val))
{
// echo "Please complete all form fields!";
echo "<meta http-equiv='Refresh' content='3; URL=../add.php'>";
die('Error: Please complete all form fields!' . mysqli_error());
}
}
if (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error($conn));
}
else
{
//echo "1 record added";
echo "Success, You added the ".$manu." ".$model."";
echo "<meta http-equiv='Refresh' content='3; URL=../index.php'>";
}
}
else
{
echo "some error";
}
mysqli_close($conn);
?>
you need to move the query execution part inside the first if.your full code should look like this:
<?php
//Connect to database using $conn
include ('connection.php');
//Form fields passed to variables
$manu = mysqli_real_escape_string($_POST['inputManu']);
$model = mysqli_real_escape_string($_POST['inputModel']);
$desc = mysqli_real_escape_string($_POST['inputDesc']);
//Insert record into table
$sql = "INSERT INTO gear (`id`,`manu`,`model`,`desc`)
VALUES (NULL,'$manu','$model','$desc')";
//Check for empty fields
if (isset($_POST['submit']))
{
foreach($_POST as $val)
{
if(trim($val) == '' || empty($val))
{
die();
echo "Please complete all form fields!";
echo "<meta http-equiv='Refresh' content='3; URL=../add.php'>";
//header("Location: ../add.php?error=empty_fields");
}
}
if (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error($conn));
}
else
{
//echo "1 record added";
echo "Success, You added the ".$manu." ".$model."";
echo "<meta http-equiv='Refresh' content='3; URL=../index.php'>";
}
}
else
{
echo "some error";
}
mysqli_close($conn);
?>