Hey there im currently try to create a page where I can insert some information into my SQL database, this is the php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "film";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$filmtitle = $_POST['filmtitle'];
$filmyear = $_POST['filmyear'];
$filmduration = $_POST['filmduration'];
$filmrating = $_POST['filmrating'];
$sql="INSERT INTO film (Title, FilmYear, Duration, FilmRating) VALUES
('$filmtitle', `$filmyear`, '$filmduration', '$filmrating',)";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else
{
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
When I hit the submit button I get the following error,
Object not found!
The requested URL was not found on this server. The link on the referring page seems to be wrong or outdated. Please inform the author of that page about the error.
If you think this is a server error, please contact the webmaster.
Here is the HTML as well
<html>
<body>
<h1> Insert a new film!</h1>
<form action ="insert-film.php method="post">
Film Title: <input type="text" name="filmtitle">
Year: <input type="text" name="filmyear">
Duration: <input type="text" name="filmduration">
Certificate: <input type="text" name="filmcertificate">
<input type="submit">
</form>
</body>
</html>
There's a few things wrong here.
First
<form action ="insert-film.php method="post">
^ right there.
is missing a quote.
<form action ="insert-film.php" method="post">
Then this: you used ticks instead of quotes for $filmyear and a trailing comma
('$filmtitle', `$filmyear`, '$filmduration', '$filmrating',)";
^ right there.
which should read as
('$filmtitle', '$filmyear', '$filmduration', '$filmrating')";
You also seem to be using the wrong array for filmcertificate which should be filmrating.
Certificate: <input type="text" name="filmcertificate"> there is no POST array for it.
$filmtitle = $_POST['filmtitle'];
$filmyear = $_POST['filmyear'];
$filmduration = $_POST['filmduration'];
$filmrating = $_POST['filmrating'];
and
Film Title: <input type="text" name="filmtitle">
Year: <input type="text" name="filmyear">
Duration: <input type="text" name="filmduration">
Certificate: <input type="text" name="filmcertificate">
The last one does not match the $_POST['filmrating'] array.
You probably meant to do:
Film Title: <input type="text" name="filmtitle">
Year: <input type="text" name="filmyear">
Duration: <input type="text" name="filmduration">
Film rating: <input type="text" name="filmrating">
Only you know what that should be. Ajust accordingly.
Once your PHP kicks in after fixing the quote in the action, you would have been thrown an undefined index filmrating in line... notice.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Then the rest of your code
Sidenote: Displaying errors should only be done in staging, and never production.
Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements.
You have an extra comma at the end of your sql:
$sql="INSERT INTO film (Title, FilmYear, Duration, FilmRating) VALUES
('$filmtitle', `$filmyear`, '$filmduration', '$filmrating',)";
should be:
$sql="INSERT INTO film (Title, FilmYear, Duration, FilmRating) VALUES
($filmtitle', '$filmyear', '$filmduration', '$filmrating')";
Also, make sure you are consistent with your backticks versus single quotes.
Finally, you are exposed to SQL injection attack.
Related
I am learning PHP MYSql and faced an error while writing a marks submission program. When i run the program in chrome, the table is coming ok but neither the values are inserting in the MySQL table nor the redirection to different webpage taking place. You will understand it more clearly in the code and screen given below
<html>
<body>
<?php
error_reporting(E_ALL ^ E_DEPRECATED);
$connection = mysql_connect("localhost","root","");
if($connection == false)
{
echo("<h3>Unable MySQL</h3>");
die();
}
$db = mysql_select_db("IGNOU",$connection);
if($db == false)
die("<h3>Unable to connect to DB</h3>");
if(isset($_POST['submit']))
{
$rcptno=mysql_real_escape_string($_POST['rcptno']);
$subdt=mysql_real_escape_string($_POST['subdt']);
$amarks=mysql_real_escape_string($_POST['amarks']);
$Vvmarks=mysql_real_escape_string($_POST['Vvmarks']);
$chk_dt=mysql_real_escape_string($_POST['chk_dt']);
$roll_no=mysql_real_escape_string($_POST['roll_no']);
$sbcode=mysql_real_escape_string($_POST['sbcode']);
$ecode=mysql_real_escape_string($_POST['ecode']);
$query1=mysql_query("insert into assignment values('$rcptno','$subdt','$amarks','$Vvmarks','$chk_dt',
'$roll_no','$sbcode','$ecode')");
echo "insert into assignment values('$rcptno','$subdt','$amarks','$Vvmarks','$chk_dt','$roll_no'
,'$sbcode','$ecode')";
if($query1)
{
header("location:studentmaster.php");
}
}
?>
<fieldset style="width:400px;">
<form method="post" action="">
Reciept No.: <input type="number" name="rcptno" min="1">
<br>
Submission Date.: <input type="date" name="subdt">
<br>
Assignment Marks: <input type="number" name="amarks" max = "100">
<br>
Viva Marks: <input type="number" name="Vvmarks" max="100">
<br>
Checking Date.: <input type="date" name="chk_dt">
<br>
Roll No.: <input type="text" name="roll_no">
<br>
Subject Code.:
<input type="text" name="sbcode">
<br>
Evaluator Code:
<input type="text" name="ecode">
<br>
<input type="submit" name="submit">
</form>
</fieldset>
</body>
</html>
Screen
[This is the screen in which i have not yet clicked submit button]
[Now i have Clicked Submit button but it only displays a line...no insertion...no redirection]
Kindly help in overcoming this problem....
You're seeing the output because your using this line.
echo "insert into assignment values('$rcptno','$subdt','$amarks','$Vvmarks','$chk_dt','$roll_no'
,'$sbcode','$ecode')";
Also you need to make sure that you have successfully inserted or not.
For this you should use these lines of code.
if ($query1) {
header('Location: studentmaster.php');
} else {
echo 'No redirect means query failed';
var_dump(mysql_error($connection));
}
Because you're learning you can skip mysql_* functions and move to mysqli, PDO
Just replace the insert query with this
insert into assignment(`col1`,`col2`,`col3`,`col4`,`col5`, `col6`,`col7`,`col8`) values('$rcptno','$subdt','$amarks','$Vvmarks','$chk_dt', '$roll_no','$sbcode','$ecode')
replace col1, col2, col3... with your mysql table columns
Okay so I have a webserver running off a Raspberry Pi at the moment and I have a really basic form with seven textboxes. I want the values entered into the textboxes to append to a database when I click the 'Submit' button. I have HTML code to create the form:
<!DOCTYPE html>
<html>
<head>
<title>Assignment Submission Form</title>
</head>
<body>
<form name="assi_subm" METHOD="POST" >
<p><label for="title">Title: </label><br><input id="title" name="title" type="text" size="25"></p>
<p><label for="password">Password: </label><br><input type="password" id="password" name="password" size="25" maxlength="20"></p>
<p><label for="soc">Statement of Contribution: </label><br><textarea style="width:300px;height:100px;" name="soc" id="soc"></textarea></p>
<p><label for="object">Project Objectives: </label><br><textarea style="width:300px;height:100px;" name="object" id="object"></textarea></p>
<p><label for="discuss">Review and Discussion of Technologies Used: </label><br><textarea style="width:300px;height:100px;" name="discuss" id="discuss"></textarea></p>
<p><label for="design">Design and Implementation: </label><br><textarea style="width:300px;height:100px;" name="design" id="design"></textarea></p>
<p><label for="references">References: </label><br><textarea style="width:300px;height:100px;" name="references" id="references"></textarea></p>
<p><input type="button" value="Submit"></p>
</form>
</body>
</html>
and that's fine, that opens as you'd expect. However I can't make the data from those textboxes actually append to the database when I click. I'm not totally sure if I'm even meant to be using PHP (I don't think I fully understand the concept in this situation) but I have the following code which is attempting to insert the data into the database by checking the button submission isn't empty? I'm not sure, I've been trying lots of different things but at the moment I'm just getting a blank page, I'm really confused, any help would be really appreciated.
This is my current PHP code:
<?php
$con = mysql_connect("localhost", "root", "password") or die("Could not connect");
$database = mysql_select_db("assignment_submission", $con) or die("Could not do");
$title_IP = $_POST['title'];
$password_IP = $_POST['password'];
$soc_IP = $_POST['soc'];
$object_IP = $_POST['object'];
$discuss_IP = $_POST['discuss'];
$design_IP = $_POST['design'];
$references_IP = $_POST['references'];
if (!empty($_POST)){
mysql_query($database, "INSERT INTO file_data (title, password, soc, object, discuss, design, references) values ($title_IP, $password_IP, $soc_IP, $object_IP, $discuss_IP, $design_IP, $references_IP);
}
?>
You have missing quotes around your values and a double quote plus a missing bracket.
You're also using the wrong variable $database for your insert, you can just remove it since you are using mysql_ as opposed to mysqli_ where DB connection is mandatory.
Another thing is the word references, it's a reserved word and must be wrapped in backticks.
`references`
Replace with the following:
mysql_query("INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')");
Or you can also use:
if (!empty($_POST)){
$sql = "INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')";
$query = mysql_query( $sql, $con );
if($query ){
echo "Success";
}
else{
die('Could not insert data: ' . mysql_error());
}
}
Your present code is open to SQL injection. Use prepared statements, or PDO.
As the very least, use mysql_real_escape_string() around your POST variables.
I.e.: $title_IP = mysql_real_escape_string($_POST['title']);
mysql_* functions deprecation notice:
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
During development
Add error reporting to the top of your file(s)
error_reporting(E_ALL);
ini_set('display_errors', 1);
which will signal errors found.
Edit
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$con = mysql_connect("localhost", "root", "password") or die("Could not connect");
$database = mysql_select_db("assignment_submission", $con) or die("Could not do");
if (isset($_POST['submit'])){
$title_IP = $_POST['title'];
$password_IP = $_POST['password'];
$soc_IP = $_POST['soc'];
$object_IP = $_POST['object'];
$discuss_IP = $_POST['discuss'];
$design_IP = $_POST['design'];
$references_IP = $_POST['references'];
$sql = "INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')";
$query = mysql_query( $sql, $con );
if($query ){
echo "Success";
}
else{
die('Could not insert data: ' . mysql_error());
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Assignment Submission Form</title>
</head>
<body>
<form name="assi_subm" METHOD="POST" action="">
<p><label for="title">Title: </label><br><input id="title" name="title" type="text" size="25"></p>
<p><label for="password">Password: </label><br><input type="password" id="password" name="password" size="25" maxlength="20"></p>
<p><label for="soc">Statement of Contribution: </label><br><textarea style="width:300px;height:100px;" name="soc" id="soc"></textarea></p>
<p><label for="object">Project Objectives: </label><br><textarea style="width:300px;height:100px;" name="object" id="object"></textarea></p>
<p><label for="discuss">Review and Discussion of Technologies Used: </label><br><textarea style="width:300px;height:100px;" name="discuss" id="discuss"></textarea></p>
<p><label for="design">Design and Implementation: </label><br><textarea style="width:300px;height:100px;" name="design" id="design"></textarea></p>
<p><label for="references">References: </label><br><textarea style="width:300px;height:100px;" name="references" id="references"></textarea></p>
<p><input type="submit" name="submit" value="Submit"></p>
</form>
</body>
</html>
Correct your sql query, use this code:
if (!empty($_POST)){
mysql_query($database, "INSERT INTO file_data ($title_IP, $password_IP, $soc_IP, $object_IP, $discuss_IP, $design_IP, $references_IP)
}
and $ signs in PHP are used to create as well as reference variables, so you gotta use them everywhere.
After browsing google for a few hours, I managed to splice together some code up, and it looks like it's working for the most part. Unfortunately, I'm getting an SQL error when I submit my form.
What I'm trying to do: When someone fills out the form on my website, a specific function is applied based on which radio button is pressed in the form. I want to store the data in a database, but I also want to store the IP address of the individual submitting.
All I request of this wonderful community is an explanation of why this isn't functioning as I thought it should, and a quick lesson on how to prevent this from happening again.
Here is the code for my form:
<html>
<head>
<link rel="stylesheet" type="text/css" href="/style.css">
<title>
Learning Made Easy
</title>
</head>
<body>
<?php include_once 'googleanalytics.php'; ?>
<a href="http://terrythetutor.com">
<div class="banner"> </div>
</a>
<?php include 'menu.php'; ?>
<div class="content">
</br>
</br>
</br>
<form action="../scripts/switch.php" method="post">
Title:
</br><input type="text" name="Title">
</br>
</br>
</br>
Summary of the video (including questions used in the video):
</br><textarea name="Summary" COLS=60 ROWS=10></textarea>
</br>
</br>
</br>
URL of the video (Yes, this means you need to upload it to an external website.):
</br><input type="text" name="URL">
</br>
</br>
Which course does your video pertain to?</br>
<input type="radio" name="course" value="intermediate"> Intermediate and below</br>
<input type="radio" name="course" value="college"> College Algebra</br>
<input type="radio" name="course" value="precalculus"> PreCalculus</br>
<input type="radio" name="course" value="trigonometry"> Trigonometry</br>
<input type="radio" name="course" value="calculus I"> Calculus I</br>
<input type="radio" name="course" value="calculus II"> Calculus II</br>
<input type="radio" name="course" value="calculus III"> Calculus III</br>
<input type="radio" name="course" value="differential equations"> Differential Equations</br>
</br>
The function triggered is used to pick the correct function based on the radio button selected. For the sake of space I won't include it, and will skip right to the code that it redirects to. This is where (I suspect) my error is, and I'm unfortunately not well versed enough to solve this error alone.
Code of the function AFTER switch.php (this is where I define the IP variable):
<?php
// Create connection
$con=mysqli_connect("********","*****","*****","****");
$IP = $_Server['REMOTE_ADDR'];
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Intermediate Algebra ('Title', 'URL', 'IP', 'Summary')
VALUES
('$_POST[Title]','$_POST[URL]','[$IP]','$_POST[Summary]'";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Your video has been successfully submitted. Thank you for your contribution to TerryTheTutor.com";
header('Location:http://terrythetutor.com');
?>
</br>
<input type="submit" value="Submit, foo!">
</form>
</br>
</br>
</br>
<p>
Please understand that you will not be able to change the title, summary, or URL of your video after submission.
</p>
</div>
<div class="footer">
<?php include 'footer.php'; ?>
</div>
</body>
</html>
I believe that the error has originated with the $IP variable. I've tried to add quotes, scanned the code countless times and still am unsure of what the error is.
Here is what the error I'm getting when I submit looks like:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Algebra ('Title', 'URL', 'IP', 'Summary') VALUES ('Title Test','Url test','[]',' at line 1
As a courtesy, if someone could show me how to properly "sanitize" this data input, that would be wonderful.
Thank you, guys!
table names and column names are identifiers. they are not string literals so they should not be wrap with single quote. So you need to remove it eg
INSERT INTO `Intermediate Algebra` (Title, URL, IP, Summary) VALUES(....)
If it happens that the names contains spaces or a reserved keyword, it should be wrap with backticks. eg
INSERT INTO `Intermediate Algebra` (`Title`, `URL`, `IP`, `Summary`) VALUES(...)
Additional Info
MySQL Reserved Keywords List
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
You can try this, this will help you to run your script successfully without any error.
$sql="INSERT INTO `Intermediate Algebra` (`Title`, `URL`, `IP`, `Summary`)
VALUES ('".$_POST[Title]."','".$_POST[URL]."','".$IP."','".$_POST[Summary]."')";
You have more than one error here:
PHP variable names are case sensitive. This means you have an error in this line of code:
$IP = $_Server['REMOTE_ADDR'];
Thus, $IP is always empty.
Instead, this should be:
$IP = $_SERVER['REMOTE_ADDR'];
In your SQL statement, table names with spaces need to be backquoted. It's also a very good idea to do the same with your field names, to avoid conflicts with MySQL keywords:
$sql="INSERT INTO `Intermediate Algebra` (`Title`, `URL`, `IP`, `Summary`) VALUES(...)";
Finally, your SQL statement is vulnerable to SQL injection and needs to be completely rewritten and replaced with a prepared statement.
You need to close bracket ),
('$_POST[Title]','$_POST[URL]','$IP','$_POST[Summary]')";
SQL:
$Title = mysqli_real_escape_string($con, $_POST['Title']);
$URL = mysqli_real_escape_string($con, $_POST['URL']);
$IP = $_SERVER['REMOTE_ADDR'];
$IP = mysqli_real_escape_string($con, $IP);
$Summary = mysqli_real_escape_string($con, $_POST['Summary']);
$sql="INSERT INTO Intermediate Algebra ('Title', 'URL', 'IP', 'Summary')
VALUES
('$Title','$URL','$IP','$Summary')";
I'm working on a Uni assignment and am having trouble inserting records to MySQL database using a form. My set up is below.
I can view entries in the database with no problem. I'm new to this so sorry in advance :(
conninfo.php
<?php
$strServer="localhost";
$strDatabase="djdatabase"; // CHANGE TO YOUR DATABASE NAME HERE
$strUser="root";
$strPwd=""; // Leave blank for WAMPServer
$strDB=mysql_connect($strServer,$strUser,$strPwd)or die("Could not open database");
$database=mysql_select_db("$strDatabase",$strDB);
?>
addnewdata.php
<?php include "conninfo.php";
$newdj=$_POST["dj"]; //pick up from form
$newfn=$_POST["fn"];
$newem=$_POST["em"];
$newwe=$_POST["we"];
$newpi=$_POST["pi"];
$newev=$_POST["ev"];
$query = "INSERT INTO dj(DJName, FirstName, Email, Website, Picture, EventNumber)VALUES('$newdj', '$newfn', '$newem', '$newwe', '$newpi', '$newev)";
mysql_query($query);
header("location:showall.php");
?>
enternewdata.php
<?php include "conninfo.php";?>
<html>
<head>
</head>
<body>
<form action="addnewdata.php" method="post">
DJ Name:<input type="text" name="dj"><br>
FirstName: <input type="text" name="fn" /><br>
Email: <input type="text" name="em" /><br>
Website: <input type="text" name="we" /><br>
Picture: <input type="text" name="pi" /><br>
EventID: <input type="text" name="ev" /><br>
<br><br>
<button type="submit">Submit</button>
</form>
</body>
</html>
Many Thanks for your help :)
had better use SET command to insert data
$query = "INSERT INTO dj SET
DJName=".$newdj.",
FirstName=".$newfn.",
Email=".$newem.",
Website=".$newwe.",
Picture=".$newpi.",
EventNumber=".$newev."";
$save = mysql_query($query);
if($save){
header("location:showall.php");
}else{
die(mysql_error());
}
You are missing a quote ' wich is causing the error that you cannot see because you haven't done any debug. Anyway you should just change to this
'$newwe', '$newpi', '$newev')"; //a quote was missing after '$newv
I would suggest you to also debug query by adding or die('INVALID QUERY: ' . mysql_error());
so code would look like
mysql_query($query) or die('INVALID QUERY: ' . mysql_error());
Since you said this is an university test I don't know if you are supposed to use mysql_* function (wich are deprecated), but I would strongly reccommend to switch to mysqli or PDO if you can for security reason.
You missed ' on your query on $newev that gives you an error
$query = "INSERT INTO dj(DJName, FirstName, Email, Website, Picture, EventNumber)VALUES('$newdj', '$newfn', '$newem', '$newwe', '$newpi', '$newev)";
I am making a php page that retrieves data from a database table and putting it in a table for the user to see via MySQLi commands.
I was wondering how I should approach the reverse situation. I want the user to be able to enter in information into textboxes and the click a button at the bottom of the page called 'save' which will prompt the user "are you sure" before saving to the database. If the user clicks 'yes', then the new entry is inserted into the database.
I have the following code to create the labels and textboxes:
<FORM>
ID: <input type="text" name="id"><br />
NM: <input type="text" name="nm"><br />
Company: <input type="text" name="company"><br />
Address: <input type="text" name="address"><br />
City: <input type="text" name="city"><br />
Zip: <input type="text" name="zip"><br />
State: <input type="text" name="state"><br />
Phone: <input type="text" name="phone"><br />
Website: <input type="text" name="web_site"><br />
</FORM>
However, when it comes to the 'save' button, I can implement the button just fine, but how would I go about saving the information entered into the database?
My initial thought process was to find the values that the user entered. I'm new to PHP and WEB dev in general, but I need to know how to get the value of the text in the textbox. Would I have to sift all the values through via the PHP Post method?
Once I have the information the user wants to enter, I was thinking maybe MySQLi has an insert function, which I found here, http://php.net/manual/en/mysqli.insert-id.php. Then it's just a quick insert and it's in the database after the user gives the 'yes' at the prompt.
Do I have the right idea in mind? Is there a more efficient way to do this?
Any help is greatly appreciated. I've looked around for problems and solutions similar to the ones related to my scenario but there were none. =(
Thanks!
EDIT:
Here is the code I have on the agentprocess.php that the action form sends the information to:
<?php
$agent_nm = $_POST['nm']; // gather all the variables
$company = $_POST['company'];
$address = $_POST['address'];
$city = $_POST['city'];
$zip = $_POST['zip'];
$state = $_POST['state'];
$phone = $_POST['phone'];
$web_site = $_POST['web_site'];
$batch_id = $_POST['batch_id']; // added batch id
//connect
$conn = new mysqli('local', 'admin', 'pass', 'DB');
if(mysqli_connect_errno()) {
exit('Connect failed: '. mysqli_connect_error());
}
//generate the query (doesn't add id because id is autoincremented)
$query = "INSERT INTO t_agent VALUES (NULL, " . $agent_nm . ", " . $company . ", " . $address . ", " . $city . ", " . $zip . ", " . $state . ", " . $phone . ", " . $web_site . ", " . $batch_id . ")";
//insert and close.
mysqli_query($conn, $query);
mysqli_close($conn);
Despite the code here, I've queried the table and the new entry is not there. Am I missing something here?
Thanks in advance!
Very simple example, added the label tag to the labels for your input and put it inside of a form.
<form method="post" action="process.php" id="myForm" name="myForm" >
<label for="ID">ID</label>: <input type="text" name="ID" /><br />
<label for="nm">NM:</label> <input type="text" name="nm"><br />
<label for="company">Company:</label> <input type="text" name="company"><br />
<label for="address">Address:</label> <input type="text" name="address"><br />
<label for="city">City</label>: <input type="text" name="city"><br />
<label for="zip">Zip</label>: <input type="text" name="zip"><br />
<label for="state">State</label>: <input type="text" name="state"><br />
<label for="phone">Phone</label>: <input type="text" name="phone"><br />
<label for="web_site">Website</label>: <input type="text" name="web_site"><br />
<input type="submit" name="submit" />// this is your submit button
</form>
On the process.php page
//get your inputs from the form
$ID = $_POST['ID'];
//do the same for each of the text inputs
Then you can use mysqli as you described to insert the values into your database, feel free to comment if you need any help with the mysqli part of the question, I didn't include it here since you had the link posted in the original question.
you need to use forms. yes, using the name attributes in your elements, you sift through $_POST(eg. $_POST['company']) for the values you want to store into the DB. here's an example. Use MYSQLi statements instead of mysql as in the eg.
this is simple yet a little complex task for web development beginers.
So I am going to give you an full example of what you need to do...
To do the SAVE button check the fastest way is to use javascript confirm dialog and if confirmed to submit form with javascript also.
The Mysql insert part is easy, you need to check if there is data that you submited via form in $_REQUSET (this works better than $_POST or $_GET because it catchs it both.) and then to connect to db and do an insert query...
Everything is explained in this example:
http://pastebin.com/thNmsXvn
But please use some template engine like Smarty because doing php, javascript and html in one file without template is awful and long term will give you only problems.
I think that I was very clear in the example I put on pastebin but if you have some questions feel free to ask...
Just to add, I have removed ID from HTML form because the best solution for managing ID's in MySQL is auto increment option, you configure that when you create table and set it to a specific field. Most usually it is ID, and it must be an integer.
You should use PDO functions for PHP/MySQL
id field should be autoincrement
<?php
$host= "xxx";
$username="xxx";
$password="xxx";
$database="xxx ";
// Gets data from URL parameters
$name = $_POST['nm'];
//Repeate for all other parameters
// Opens a connection to a MySQL server
try {
// DBH means "DB Handle"
// MySQL with PDO_MYSQL
$DBH = new PDO("mysql:host=$host;dbname=$database", $username, $password);
}
catch(PDOException $e) {
echo $e->getMessage();
}
// STH means "Statement Handle"
$STH = $DBH->prepare("INSERT INTO mytable ( id, nm,company,address,city,zip,state,phone,web_site ) values ( NULL,:nm,:company,:address,:city,:zip,:state,:phone,:web_site)");
$STH->bindParam(':name', $name);
//Repeate for all other parameters
$STH->execute();
//# close the connection
$DBH = null;
?>