Form data wont insert into SQL db [duplicate] - php

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am trying to make a simple appeal form that the data gets posted to a SQL database. But when i submit, either nothing happens, or blank data gets submitted.
Heres my form:
<form class="form-horizontal" role="form" action="insert.php" method="post">
<div class="form-group">
<label for="user" class="col-sm-2 control-label">
Username:
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="user" id="user" placeholder="DiscordTag#0000" />
</div>
</div>
<div class="form-group">
<label for="date" class="col-sm-2 control-label">
Date of ban:
</label>
<div class="col-sm-10">
<input type="date" class="form-control" name="date" id="date" placeholder="mm/dd/yy" />
</div>
</div>
<div class="form-group">
<label for="admin" class="col-sm-2 control-label">
Who banned you?
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="admin" id="admin" />
</div>
</div>
<div class="form-group">
<label for="appeal" class="col-sm-2 control-label">
Appeal:
</label>
<div class="col-sm-10">
<textarea class="form-control" rows="4" name="appeal" id="appeal"></textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">
Submit
</button>
</div>
</div>
</form>
And here is my insert.php
<html>
<?
error_reporting(E_ALL);
$db_host = 'redacted';
$db_username = 'redacted';
$db_password = 'redacted';
$db_name = 'redacted';
if( $_POST )
{
$conn = mysql_connect( $db_host, $db_username, $db_password);
if (!$conn)
{
die('Could not connect: ' . mysql_error());
} else {
mysql_select_db("redacted");
}
$user = $_POST['user'];
$date = $_POST['date'];
$admin = $_POST['admin'];
$appeal = $_POST['appeal'];
$sql = 'INSERT INTO appeals' . '(user, date, admin, appeal)'
.'VALUES ($user, $date, $admin, $appeal)';
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
echo "<h2>Your appeal has been submitted.</h2>";
mysql_close($conn);
}
?>
</html>
How can i make it submit all of the form data directly into my SQL table?


Use "INSERT INTO appeals (user, date, admin, appeal) VALUES ('".$user."', '".$date."', '".$admin."', '".$appeal."')";
And sanitize, because you are asking for an sql injection.

Related

Blank data stored by mysql query in form page

The form is meant to capture a new user and store user data in the database, except that it does not store any data though the form still returns a successful message.
Form page:
<?php
$servername = "*****";
$username = "*****";
$password = "*****";
$database = "*****";
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
?>
<div class="row">
<div class="col-xs-12">
<section class="panel">
<header class="panel-heading">
<h2 class="panel-title">Laai Nuwe Lid</h2>
</header>
<div class="panel-body">
<form class="form-horizontal form-bordered" action=""
method="post">
<p><strong>ID:</strong> Nuwe lid</p>
<div class="form-group">
<label class="col-md-3 control-label"
for="FirstName">Naam:</label>
<div class="col-md-6">
<input type="text" class="form-control"
name="FirstName" id="FirstName" value="<?php echo $firstname; ?>">
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label"
for="LastName">Van:</label>
<div class="col-md-6">
<input type="text" class="form-control"
name="LastName" id="LastName" value="<?php echo $lastname; ?>"'>
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label"
for="Cell">Selfoon:</label>
<div class="col-md-6">
<input type="text" class="form-control"
name="Cell" id="Cell" value="<?php echo $cell; ?>">
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label"
for="Address">Addres:</label>
<div class="col-md-6">
<input type="text" class="form-control"
name="Address" id="Address" value="<?php echo $adress; ?>">
</div>
</div>
<div class="row">
<div class="col-sm-9 col-sm-offset-3">
<button value="submit" type="submit"
name="submit" class="btn btn-primary">Stoor nuwe lid</button>
<button type="reset" class="btn btn-
default">Kanselleer</button>
</div>
</div>
</form>
</div>
</section>
</div>
</div>
<?php
// check if the form has been submitted. If it has, start to process the
form and save it to the database
if (isset($_POST['submit'])) {
// get form data, making sure it is valid
$firstname =
mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
$lastname =
mysql_real_escape_string(htmlspecialchars($_POST['lastname']));
$cell = mysql_real_escape_string(htmlspecialchars($_POST['cell']));
$address = mysql_real_escape_string(htmlspecialchars($_POST['address']));
$sql = "INSERT INTO `tblusers` (FirstName, LastName, Cell, Address) VALUES
('$firstname','$lastname', '$cell','$address')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
// once saved, redirect back to the view page
header("Location: index.php");
}
?>
I am not sure if the problem is with PHP or the SQL code as I get no error messages.
The database connects fine. The query works in mysql directly, but when I combine the PHP with the HTML form it stores blank rows.

The code does not work because when you tried to comment out the validation part 'if condition' you forgot to comment out its 'else condition'.
I am talking about this line:
//if ($firstname == '' || $lastname == '' || $cell == '' || $address == '') {

The reason it was not working is because the variables were not the same, PHP is case sensitive. E.G lastname while HTML was LastName.
$firstname =
mysql_real_escape_string(htmlspecialchars($_REQUEST['FirstNameirstname']));
$lastname = mysql_real_escape_string(htmlspecialchars($_REQUEST['LastName']));
$cell = mysql_real_escape_string(htmlspecialchars($_REQUEST['Cell']));
$address = mysql_real_escape_string(htmlspecialchars($_REQUEST['Address']));

Kindly use the following function :
$con->mysqli_real_escape_string ( $_POST['...'])
in place of
mysql_real_escape_string(htmlspecialchars($_POST['...']))

PHP the code executes but nothing is inserted into the database

i have created a receival table that will store user's information. but the values do not get inserted into the database.
This is my connection to the database and sql statements to inserted the values the user will post.
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="l3tme1N#123"; // Mysql password
$db_name="shipping_pro"; // Database name
$tbl_name="receiver"; // Table name
// Connect to server and select database.
$con = mysql_connect("$host", "$username", "$password")or die("cannot
connect");
if(!$con){
die ('cannot connect to the server')
}
if (!mysql_select_db("$db_name", $con))
{
echo"no db selected";
}
if(isset($_POST['save']))
{
$name = $_POST['name'];
$cc = $_POST['cc'];
$sender = $_POST['sender-name'];
$address=$_POST['address'];
$tracker = $_POST['tracker'];
$code_phone = $_POST['code_phone'];
$phone = $_POST['phone'];
$code_phone1 = $_POST['code_phone1'];
$telefono = $_POST['telefono'];
$sql1="INSERT INTO 'receival' (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES
('$name','$cc','$sender','$address', '$tracker', '$code_phone$phone',
'$code_phone1$telefono')";
$result = mysql_query($con,$sql1);
}
?>
the html codes
this is the form that i have created for take user input.
I have looked at most solutions here and on google but i still cannot find any solution
<form action="receive.php" method="post" class="form-horizontal" data-
parsley-validate novalidate >
<div class="form-group " id="gnombre">
<label for="office" class="col-sm-2 control-label">Name of Recipient</label>
<div class="col-sm-10">
<input type="text" class="form-control office" parsley-trigger="change"
required name="name" placeholder="Name of Recipient">
</div>
</div>
<div class="form-group " id="gnombre">
<label for="officer_name" class="col-sm-2 control-label"><?php echo $CEDULA;
?></label>
<div class="col-sm-10">
<input type="number" class="form-control officer_name" parsley-
trigger="change" required name="cc" placeholder="<?php echo $numbercedula; ?
>">
</div>
</div>
<div class="form-group " id="gnombre">
<label for="officer_name" class="col-sm-2 control-label">Sender</label>
<div class="col-sm-10">
<input type="text" class="form-control officer_name" iparsley-
trigger="change" required name="sender-name" placeholder="Name of Sender">
</div>
</div>
<div class="form-group" id="gapellido">
<label for="address" class="col-sm-2 control-
label"><?php echo $direccion; ?></label>
<div class="col-sm-10">
<input type="text" class="form-control address" parsley-trigger="change"
required name="address" placeholder="Receiver Address">
</div>
</div>
<div class="form-group" id="gapellido">
<label for="address" class="col-sm-2 control-label">Tracker Number</label>
<div class="col-sm-10">
<form name="form2" action="" method="">
<!--<strong><?php echo $codeproducto; ?></strong><br> -->
<input type="text" autofocus list="browsers" name="" autocomplete="off" class="form-control" required>
<datalist id="browsers">
<?php
$pa=mysql_query("SELECT tracking FROM courier
");
while($row=mysql_fetch_array($pa)){
echo '<option value="'.$row['tracking'].'">';
}
?>
</datalist>
</div>
</div>
<div class="form-group" id="ptelefonos">
<label for="address" class="col-sm-2 control-label"><?php echo $telefono; ?></label>
<div class="col-sm-4">
<select type="number" class="form-control ph_no" parsley-trigger="change" required name="code_phone" placeholder="<?php echo $telefonocustomer2; ?>">
<option data-countrycode="GH" value="233">Ghana (+233)</option>
</select>
</div>
<div class="col-sm-6">
<input type="number" class="form-control ph_no" parsley-trigger="change" required name="phone" placeholder="Receiver's Phone Number">
</div>
</div>
<div class="form-group" id="ptelefonos">
<label for="address" class="col-sm-2 control-label"><?php echo $telefono; ?></label>
<div class="col-sm-4">
<select type="number" class="form-control ph_no" parsley-trigger="change" required name="code_phone1" placeholder="Sender's phone Number">
<option data-countrycode="GH" value="233">Ghana (+233)</option>
</select>
</div>
<div class="col-sm-6">
<input type="number" class="form-control ph_no" parsley-trigger="change" required name="telefono" placeholder="Sender's phone Number">
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i>
<?php echo $cerrar; ?></button>
<input class="btn btn-success" name="save" type="submit" id="submit" value="Save">
</div>
</form>

Try this code , you need to replace 'receival' with receival :
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="l3tme1N#123"; // Mysql password
$db_name="shipping_pro"; // Database name
$tbl_name="receiver"; // Table name
// Connect to server and select database.
$con = mysql_connect("$host", "$username", "$password")or die("cannot
connect");
if(!$con){
die ('cannot connect to the server')
}
if (!mysql_select_db("$db_name", $con))
{
echo"no db selected";
}
if(isset($_POST['save']))
{
$name = $_POST['name'];
$cc = $_POST['cc'];
$sender = $_POST['sender-name'];
$address=$_POST['address'];
$tracker = $_POST['tracker'];
$code_phone = $_POST['code_phone'];
$phone = $_POST['phone'];
$code_phone1 = $_POST['code_phone1'];
$telefono = $_POST['telefono'];
$sql1="INSERT INTO receival (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES('$name','$cc','$sender','$address', '$tracker', '$code_phone$phone',
'$code_phone1$telefono')";
$result = mysql_query($con,$sql1);
}
?>

It has already been pointed out in comments that you have to use mysqli_* or PDO with prepared statements. So I will just look at your most trivial error (assuming it is the only one)
Your insert query has many errors: values are not correctly inserted and your table name is wrapped in quotes.
Change it to:
$sql1="INSERT INTO receival (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES
('$name','$cc','$sender','$address', '$tracker', '$code_phone.$phone',
'$code_phone1.$telefono')";
This should fix it and make your insert work.

how do I foreach through html input form and insert multiple rows or one based on a selected date field?

how do I foreach through html input form and insert multiple rows or one based on a selected date field? in other words when a user enters "name" "description" and "shift" and then selects either one date or more then one. PHP will then enter the same information for either one new row or multiples based on how many dates were selected.
<?php
if(isset($_REQUEST['submit']))
{
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link = mysqli_connect("localhost", "xxxx", "xxxx", "xxxx");
// Check connection
if($link === false){
die("| ERROR: Could not connect. " . mysqli_connect_error());
}
$name = mysqli_real_escape_string($link, $_REQUEST['name']);
$desc = mysqli_real_escape_string($link, $_REQUEST['description']);
$shift = mysqli_real_escape_string($link, $_REQUEST['shift']);
$date = mysqli_real_escape_string($link, $_REQUEST['daterange']);
$sql = "insert into db (name,description,shift,evdate) values ('$name', ' $desc','$shift','$date')";
$sql2 = "insert into db (name,description,shift,evdate) values ('$name', ' '$desc','$shift','$insert')";
if ($date=0) {
$result = mysqli_query($link, $sql);
}else{
$daterange = explode(',',$date);
foreach($daterange as $insert) {
$result = mysqli_query($link, $sql2);
}
}
if(mysqli_query($link, $sql)){
echo "";
} else{
echo "| ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
if ($link->multi_query($sql) === TRUE) {
echo "It Worked..... Maybe!!!!!!";
} else {
echo "Error: " . $sql . "<br>" . $link->error;
}
}
$link->close();
?>
<form action="test_insert.php" method="post">
<div class="col col-lg-2 col-lg-offset-0">
<div class="form-group col-lg-offset-0 col-lg-12">
<label for="Name">Employee Name:</label>
<input type="text" name="name" placeholder="First & Last Name" id="name" required>
<p class="help-block col-lg-12">First and Last Name Please.</p>
</div>
</div>
<div class="col col-lg-offset-0 col-lg-2">
<div class="form-group col-lg-12">
<label for="description">Description:</label>
<input type="text" name="description" id="description" placeholder="description..." required>
<p class="help-block">For Example: "Vacation Full Day" or "PTO 2 Hours." </p>
</div>
</div>
<div class="col col-lg-offset-0 col-lg-3">
<label for="shift">Shift:</label><br>
<input type="radio" name="shift" value="First Shift" id="shift" checked> First Shift |
<input type="radio" name="shift" value="Second Shift" id="shift"> Second Shift |
<input type="radio" name="shift" value="Third Shift" id="shift"> Third Shift
<p class="help-block">Select Correct Shift Worked.</p>
</div>
<div class="col col-lg-offset-0 col-lg-3">
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker1" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker2" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker3" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker4" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker5" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-6">
<input type="submit" name="submit" class= "btn btn-primary">
</div>
</div>
</div>
</form>

Think the best way is to use AJAX,
Then with the response as a string you make a table or foreach in php as a string and then use the .html adapter to output the newly made data.
function submitForm(form){
var url = form.attr("action");
var formData = {};
$(form).find("input[name]").each(function (index, node) {
formData[node.name] = node.value;
});
$.post(url, formData).done(function (data) {
$('#showresults').html(result);
});
}

issue inserting data to database [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
So i have made a php file to insert data into my database. I have been trying for a while and can't seem to figure out where my code is wrong.
I am using this form:
<form class="form-horizontal" role="form" method="post" action="#section4">
<div class="form-group">
<label for="first_name" class="col-sm-2 control-label">Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="first_name" name="first_name" placeholder="First name" value="<?php echo htmlspecialchars($_POST['first_name']); ?>">
<?php echo "<p class='text-danger'>$errName</p>";?>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" id="last_name" name="last_name" placeholder="Last name" value="<?php echo htmlspecialchars($_POST['last_name']); ?>">
<?php echo "<p class='text-danger'>$errName</p>";?>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email</label>
<div class="col-sm-10">
<input type="email" class="form-control" id="email" name="email" placeholder="eksample#domain.com" value="<?php echo htmlspecialchars($_POST['email']); ?>">
<?php echo "<p class='text-danger'>$errEmail</p>";?>
</div>
</div>
<div class="form-group">
<div class="col-sm-10 col-sm-offset-2">
<input id="submit" name="submit" type="submit" value="Send" class="btn btn-primary">
</div>
</div>
</form>
first i have the variables of information from my form:
<?php
if ($_POST["submit"]) {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];}
Then i log onto my database:
$dbhost = 'mysql.info.dk';
$dbuser = 'myinfo';
$dbpass = 'mypass';
$dbname = 'moreinfo';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_select_db($dbname);
i then "attempt" to insert the info from the form to a table in my database:
$sql = "INSERT INTO contacts(`first_name`, `last_name`, `email`) VALUES ([$first_name],[$last_name],[$email])";
and close my connection:
mysqli_close($conn);
?>
Can someone help me spot where my code is wrong?

Use single quotes while insering and use mysqli instead of mysql
$sql = "INSERT INTO contacts(`first_name`, `last_name`, `email`) VALUES ('$first_name','$last_name','$email')";

Simple Login Using Sessions / SQL

I am trying to create a simple login experience on my website. The data is being taken from phpmyadmin. I'm having trouble and not really sure exactly where I'm going wrong. I'm looking to keep this as simple as possible for now, just to get it started.
HTML
<div class="container">
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="well well-sm">
<form class="form-horizontal" action="" method="post">
<fieldset>
<legend class="text-center">Sign In</legend>
<!-- Message body -->
<div class="form-group">
<label class="col-md-4 control-label" for="Username">Username</label>
<div class="col-md-8">
<input id="username" name="username" type="text" placeholder="Your email" class="form-control">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="Password">Password</label>
<div class="col-md-8">
<input id="password" name="password" type="text" placeholder="Your email" class="form-control">
</div>
</div>
<!-- Form actions -->
<div class="form-group">
<div class="col-md-12 text-right">
<button onClick="return validateForm()" type="submit" class="btn btn-primary btn-lg">Submit</button>
` </div>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
PHP
session_start();
$username=$_POST['username'];
$password=$_POST['password'];
// Connection
$conn = mysql_connect("localhost", "root", "MIS42520!$") or die (mysql_error());
//Select the database to use
mysql_select_db ("cookie", $conn);
// SQL query to fetch information of registerd users and finds user match.
$sql = mysql_query("select * from login where password='$password' AND username='$username'", $connection);
$result = mysql_query($sql, $conn) or die(mysql_error());
$row = mysql_fetch_array($sql);
if(is_array($row)) {
$_SESSION["username"] = $row[username];
$_SESSION["password"] = $row[password];
} else {
$message = "Invalid Username or Password!";
}
if(isset($_SESSION["user_id"])) {
header("Location:user_dashboard.php");
}

I think this is your problem as I notice your form action is target on same page.
if(isset($_POST['username']) && isset($_POST['password'])){
//grab all your php code here
}
And please dont use mysql_* function since it was deprecated

Categories