This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
So i have made a php file to insert data into my database. I have been trying for a while and can't seem to figure out where my code is wrong.
I am using this form:
<form class="form-horizontal" role="form" method="post" action="#section4">
<div class="form-group">
<label for="first_name" class="col-sm-2 control-label">Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="first_name" name="first_name" placeholder="First name" value="<?php echo htmlspecialchars($_POST['first_name']); ?>">
<?php echo "<p class='text-danger'>$errName</p>";?>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" id="last_name" name="last_name" placeholder="Last name" value="<?php echo htmlspecialchars($_POST['last_name']); ?>">
<?php echo "<p class='text-danger'>$errName</p>";?>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email</label>
<div class="col-sm-10">
<input type="email" class="form-control" id="email" name="email" placeholder="eksample#domain.com" value="<?php echo htmlspecialchars($_POST['email']); ?>">
<?php echo "<p class='text-danger'>$errEmail</p>";?>
</div>
</div>
<div class="form-group">
<div class="col-sm-10 col-sm-offset-2">
<input id="submit" name="submit" type="submit" value="Send" class="btn btn-primary">
</div>
</div>
</form>
first i have the variables of information from my form:
<?php
if ($_POST["submit"]) {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];}
Then i log onto my database:
$dbhost = 'mysql.info.dk';
$dbuser = 'myinfo';
$dbpass = 'mypass';
$dbname = 'moreinfo';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_select_db($dbname);
i then "attempt" to insert the info from the form to a table in my database:
$sql = "INSERT INTO contacts(`first_name`, `last_name`, `email`) VALUES ([$first_name],[$last_name],[$email])";
and close my connection:
mysqli_close($conn);
?>
Can someone help me spot where my code is wrong?
Use single quotes while insering and use mysqli instead of mysql
$sql = "INSERT INTO contacts(`first_name`, `last_name`, `email`) VALUES ('$first_name','$last_name','$email')";
Related
i have created a receival table that will store user's information. but the values do not get inserted into the database.
This is my connection to the database and sql statements to inserted the values the user will post.
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="l3tme1N#123"; // Mysql password
$db_name="shipping_pro"; // Database name
$tbl_name="receiver"; // Table name
// Connect to server and select database.
$con = mysql_connect("$host", "$username", "$password")or die("cannot
connect");
if(!$con){
die ('cannot connect to the server')
}
if (!mysql_select_db("$db_name", $con))
{
echo"no db selected";
}
if(isset($_POST['save']))
{
$name = $_POST['name'];
$cc = $_POST['cc'];
$sender = $_POST['sender-name'];
$address=$_POST['address'];
$tracker = $_POST['tracker'];
$code_phone = $_POST['code_phone'];
$phone = $_POST['phone'];
$code_phone1 = $_POST['code_phone1'];
$telefono = $_POST['telefono'];
$sql1="INSERT INTO 'receival' (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES
('$name','$cc','$sender','$address', '$tracker', '$code_phone$phone',
'$code_phone1$telefono')";
$result = mysql_query($con,$sql1);
}
?>
the html codes
this is the form that i have created for take user input.
I have looked at most solutions here and on google but i still cannot find any solution
<form action="receive.php" method="post" class="form-horizontal" data-
parsley-validate novalidate >
<div class="form-group " id="gnombre">
<label for="office" class="col-sm-2 control-label">Name of Recipient</label>
<div class="col-sm-10">
<input type="text" class="form-control office" parsley-trigger="change"
required name="name" placeholder="Name of Recipient">
</div>
</div>
<div class="form-group " id="gnombre">
<label for="officer_name" class="col-sm-2 control-label"><?php echo $CEDULA;
?></label>
<div class="col-sm-10">
<input type="number" class="form-control officer_name" parsley-
trigger="change" required name="cc" placeholder="<?php echo $numbercedula; ?
>">
</div>
</div>
<div class="form-group " id="gnombre">
<label for="officer_name" class="col-sm-2 control-label">Sender</label>
<div class="col-sm-10">
<input type="text" class="form-control officer_name" iparsley-
trigger="change" required name="sender-name" placeholder="Name of Sender">
</div>
</div>
<div class="form-group" id="gapellido">
<label for="address" class="col-sm-2 control-
label"><?php echo $direccion; ?></label>
<div class="col-sm-10">
<input type="text" class="form-control address" parsley-trigger="change"
required name="address" placeholder="Receiver Address">
</div>
</div>
<div class="form-group" id="gapellido">
<label for="address" class="col-sm-2 control-label">Tracker Number</label>
<div class="col-sm-10">
<form name="form2" action="" method="">
<!--<strong><?php echo $codeproducto; ?></strong><br> -->
<input type="text" autofocus list="browsers" name="" autocomplete="off" class="form-control" required>
<datalist id="browsers">
<?php
$pa=mysql_query("SELECT tracking FROM courier
");
while($row=mysql_fetch_array($pa)){
echo '<option value="'.$row['tracking'].'">';
}
?>
</datalist>
</div>
</div>
<div class="form-group" id="ptelefonos">
<label for="address" class="col-sm-2 control-label"><?php echo $telefono; ?></label>
<div class="col-sm-4">
<select type="number" class="form-control ph_no" parsley-trigger="change" required name="code_phone" placeholder="<?php echo $telefonocustomer2; ?>">
<option data-countrycode="GH" value="233">Ghana (+233)</option>
</select>
</div>
<div class="col-sm-6">
<input type="number" class="form-control ph_no" parsley-trigger="change" required name="phone" placeholder="Receiver's Phone Number">
</div>
</div>
<div class="form-group" id="ptelefonos">
<label for="address" class="col-sm-2 control-label"><?php echo $telefono; ?></label>
<div class="col-sm-4">
<select type="number" class="form-control ph_no" parsley-trigger="change" required name="code_phone1" placeholder="Sender's phone Number">
<option data-countrycode="GH" value="233">Ghana (+233)</option>
</select>
</div>
<div class="col-sm-6">
<input type="number" class="form-control ph_no" parsley-trigger="change" required name="telefono" placeholder="Sender's phone Number">
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><i class="fa fa-times"></i>
<?php echo $cerrar; ?></button>
<input class="btn btn-success" name="save" type="submit" id="submit" value="Save">
</div>
</form>
Try this code , you need to replace 'receival' with receival :
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="l3tme1N#123"; // Mysql password
$db_name="shipping_pro"; // Database name
$tbl_name="receiver"; // Table name
// Connect to server and select database.
$con = mysql_connect("$host", "$username", "$password")or die("cannot
connect");
if(!$con){
die ('cannot connect to the server')
}
if (!mysql_select_db("$db_name", $con))
{
echo"no db selected";
}
if(isset($_POST['save']))
{
$name = $_POST['name'];
$cc = $_POST['cc'];
$sender = $_POST['sender-name'];
$address=$_POST['address'];
$tracker = $_POST['tracker'];
$code_phone = $_POST['code_phone'];
$phone = $_POST['phone'];
$code_phone1 = $_POST['code_phone1'];
$telefono = $_POST['telefono'];
$sql1="INSERT INTO receival (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES('$name','$cc','$sender','$address', '$tracker', '$code_phone$phone',
'$code_phone1$telefono')";
$result = mysql_query($con,$sql1);
}
?>
It has already been pointed out in comments that you have to use mysqli_* or PDO with prepared statements. So I will just look at your most trivial error (assuming it is the only one)
Your insert query has many errors: values are not correctly inserted and your table name is wrapped in quotes.
Change it to:
$sql1="INSERT INTO receival (name,idcard,sender-name,address,tracker,
receiver-telnum, sender-telnum) VALUES
('$name','$cc','$sender','$address', '$tracker', '$code_phone.$phone',
'$code_phone1.$telefono')";
This should fix it and make your insert work.
Here is my HTML and PHP code that I'm trying to use to write the form into the table.
Once submit is being pressed its loading up the PHP but it is being returned as a blank screen.
Any help would be appreciated to help me move forward from this problem.
Here is the HTML code for the contact section of the page.
</div>
<!-- Contact Info -->
<div class="row">
</div> <!-- information end -->
<!--Contact Form-->
<div class="col-md-8 col-md-offset-2 wow fadeInUp" data-wow-delay="1s">
<form class="col-md-12 contact-form" method="POST" action="beerewarded.php">
<div class="row">
<!--Name-->
<!--Email-->
<div class="col-md-8">
<input id="Email_Address" name="Email_Address" class="form-inp requie" type="text" placeholder="Email">
</div>
<div class="col-md-8">
<input id="First_Name" name="First_Name" class="form-inp requie" type="text" placeholder="First Name">
</div>
<div class="col-md-8">
<input id="Last_Name" name="Last_Name" class="form-inp requie" type="text" placeholder="Last Name">
</div>
<div class="col-md-8">
<input id="Phone_Number" name="Phone_Number" class="form-inp requie" type="text" placeholder="Phone Number">
</div>
<div class="col-md-8">
<input id="Birthday" name="Birthday" class="form-inp requie" type="date" placeholder="Birthday ">
</div>
<div class="col-md-12">
<input id="con_submit" class="site-button" type="submit">
</div>
</div>
</form>
</div> <!-- contact form end -->
Here is the PHP section of the file.
<?php
$servername = "localhost";
$username = "beeskneesbars_com";
$password = "123456";
$dbname = "beeskneesbars_com";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['insert'])) {
$Email_Address = $_POST['Email_Address'];
$First_Name = $_POST['First_Name'];
$Last_Name = $_POST['Last_Name'];
$Phone_Number = $_POST['Phone_Numebr'];
$Birthday = $_POST['Birthday'];
$insert_data = mysql_query('INSERT INTO Bee_Rewarded VALUES("$Email_Address", "$First_Name","$Last_Name","$Phone_Number","$Birthday",)');
echo "Data are successfully save..."; }
?>
Keeping in mind, you have already added the name attribute for your submit button, please update your code in php file to execute an sql query to this:
$sql = "INSERT INTO Bee_Rewarded VALUES('$Email_Address','$First_Name','$Last_Name','$Phone_Number','$Birthday') ";
$insert_data = mysql_query($conn,$sql);
if($insert_data)
{
echo 'Data Added Successfuly';
}
else
{
echo 'Error In Adding Data';
}
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am trying to make a simple appeal form that the data gets posted to a SQL database. But when i submit, either nothing happens, or blank data gets submitted.
Heres my form:
<form class="form-horizontal" role="form" action="insert.php" method="post">
<div class="form-group">
<label for="user" class="col-sm-2 control-label">
Username:
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="user" id="user" placeholder="DiscordTag#0000" />
</div>
</div>
<div class="form-group">
<label for="date" class="col-sm-2 control-label">
Date of ban:
</label>
<div class="col-sm-10">
<input type="date" class="form-control" name="date" id="date" placeholder="mm/dd/yy" />
</div>
</div>
<div class="form-group">
<label for="admin" class="col-sm-2 control-label">
Who banned you?
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="admin" id="admin" />
</div>
</div>
<div class="form-group">
<label for="appeal" class="col-sm-2 control-label">
Appeal:
</label>
<div class="col-sm-10">
<textarea class="form-control" rows="4" name="appeal" id="appeal"></textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">
Submit
</button>
</div>
</div>
</form>
And here is my insert.php
<html>
<?
error_reporting(E_ALL);
$db_host = 'redacted';
$db_username = 'redacted';
$db_password = 'redacted';
$db_name = 'redacted';
if( $_POST )
{
$conn = mysql_connect( $db_host, $db_username, $db_password);
if (!$conn)
{
die('Could not connect: ' . mysql_error());
} else {
mysql_select_db("redacted");
}
$user = $_POST['user'];
$date = $_POST['date'];
$admin = $_POST['admin'];
$appeal = $_POST['appeal'];
$sql = 'INSERT INTO appeals' . '(user, date, admin, appeal)'
.'VALUES ($user, $date, $admin, $appeal)';
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
echo "<h2>Your appeal has been submitted.</h2>";
mysql_close($conn);
}
?>
</html>
How can i make it submit all of the form data directly into my SQL table?
Use "INSERT INTO appeals (user, date, admin, appeal) VALUES ('".$user."', '".$date."', '".$admin."', '".$appeal."')";
And sanitize, because you are asking for an sql injection.
Hey I am trying to get this code running for the past few days now. I do not know what is the problem. Whenever I run the code I can see it running but an empty row gets inserted. Basically I ave tried to hard code the data and the data gets inserted. Here is the HTML form:
<form action="register.php" id="contactForm" type="post">
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>First name *</label>
<input type="text" class="form-control" name="fname" >
</div>
<div class="col-md-6">
<label>Last name *</label>
<input type="text" class="form-control" name="lname" >
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>Gender *</label><br>
<select name="gender">
<option> Male </option>
<option> Female </option>
</select>
</div>
<div class="col-md-6">
<label>Stream *</label><br>
<select name="stream">
<option> B-Tech </option>
<option> M-Tech </option>
</select>
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>Email *</label>
<input type="text" class="form-control" name="email" >
</div>
<div class="col-md-6">
<label>Mobile *</label>
<input type="text" class="form-control" name="mobile">
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>College *</label>
<input type="text" class="form-control" name="college" >
</div>
<div class="col-md-6">
<label>Job Kind *</label>
<input type="text" class="form-control" name="job" >
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
    
<input type="submit" value="Register" class="btn btn-primary btn-lg"
data-loading-text="Loading..." name="submit">
</div>
</div>
</form>
Here is the registration.php
<?php
$connection = mysql_connect("EDITED by billy, was an I.P and port number", "user", "password"); // Establishing Connection with Server
$db = mysql_select_db("Registrations_connect", $connection); // Selecting Database from Server
$first_name = $_POST["fname"];
$last_name = $_POST["lname"];
$sex = $_POST["gender"];
$field = $_POST["stream"];
$contact = $_POST["mobile"];
$eaddress = $_POST["email"];
$institute = $_POST["college"];
$naukri = $_POST["job"];
$query = mysql_query("insert into students(fname, lname, gender, stream, mobile, email, college, job)
values ('$name', '$last_name', '$sex', '$field','$contact', '$eaddress', '$intitute', '$naukri')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
mysql_close($connection); // Closing Connection with Server
?>
After running; In the inspect element I checked the response:- It shows Data Inserted successfully but actually an empty row is getting inserted. Basically what i think I am not able to correctly grab the data properly from form. Can somebody please check what is the problem. It will be a great help.
The attribute is method, not type. This typo is causing your form to process a GET rather than a POST. So all your variable assignments are wrong.
$first_name = $_POST["fname"];
would be
$first_name = $_GET["fname"];
or you could use the $_REQUEST; or you can just correct the attribute,
<form action="register.php" id="contactForm" method="post">
Your code also is wide open to SQL injections and is using the deprecated mysql_ functions. You should update to mysqli or pdo and be using prepared statements with parameterized queries.
More on SQL injections:
http://php.net/manual/en/security.database.sql-injection.phpHow can I prevent SQL injection in PHP?https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29
I have a form made that appears to be connected to a mysql database. When I enter information into the form and submit it, it registers in the database as "0000-00-00" and the data is returned as "0000-00-00". None of the actual data is showing up. Any Ideas?
connection.php:
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$db = 'sm_residents';
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($db);
?>
Create.php:
<?php
include ('connection.php');
$FirstName= $_POST['inputFirstName'];
$LastName= $_POST['inputLastName'];
$Address= $_POST['inputAddress'];
$Birthday= $_POST['inputBirthday'];
$FormerResidence= $_POST['inputFormerResidence'];
$Career= $_POST['inputCareer'];
$Education= $_POST['inputEducation'];
$SpecialInterests= $_POST['inputSpecialInterests'];
if ($_FILES["file"]["error"] > 0) {
} else {
if (file_exists("upload/" . $_FILES["file"]["name"])) {
} else {
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
}
}
Picture= $_FILES["file"]["name"];
mysql_query("INSERT INTO residents (`ID`,`FirstName`,`LastName`,`Address`,`Birthday`,`FormerResidence`,`Career`,`Education`,`SpecialInterests`,`Picture`)
VALUES(NULL,'$FirstName','$LastName','$Address','$Birthday','$FormerResidence','$Career','$Education','$SpecialInterests','$Picture')") or die(mysql_error());
?>
<script> window.location = "index.php"; </script>
Index.php:
<?php
include ('connection.php');
if(isset($_POST['submit'])) {
echo "Please Fill Out The Form";
//header ('Location: create.php');
} else {
//echo "User Has Been Added";
//header('Location: create.php');
}
?>
<h1>Add A Resident</h1>
<form action="create.php" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="inputFirstName">First Name</label>
<input type="text" class="form-control" id="inputFirstName" placeholder="First Name">
</div>
<div class="form-group">
<label for="inputLastName">Last Name</label>
<input type="text" class="form-control" id="inputLastName" placeholder="Last Name">
</div>
<div class="form-group">
<label for="inputAddress">Address</label>
<input type="text" class="form-control" id="inputAddress" placeholder="Address">
</div>
<div class="form-group">
<label for="inputBirthday">Birthday</label>
<input type="date" class="form-control" id="inputBirthday">
</div>
<div class="form-group">
<label for="inputFormerResidence">Former Residence</label>
<input type="text" class="form-control" id="inputFormerResidence" placeholder="Former Residence">
</div>
<div class="form-group">
<label for="inputCareer">Career</label>
<input type="text" class="form-control" id="inputCareer" placeholder="Career">
</div>
<div class="form-group">
<label for="inputEducation">Education</label>
<input type="text" class="form-control" id="inputEducation" placeholder="Education">
</div>
<div class="form-group">
<label for="inputSpecialInterests">Special Interests</label>
<input type="text" class="form-control" id="inputSpecialInterests" placeholder="Special Interests">
</div>
<div class="form-group">
<label for="inputFile">File input</label>
<input type="file" id="inputFile">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
I'll make this an answer: (or a BIG 90% / 95% partial at best)
None of the actual data is showing up
There aren't even any named elements for the inputs, so nothing is going to go through, they're all IDs.
<input type="text" class="form-control" id="inputFirstName" placeholder="First Name">
which should read as
<input type="text" name="inputFirstName" class="form-control" id="inputFirstName" placeholder="First Name">
^^^^^^^^^^^^^^^^^^^^^
then do the same for the others by "naming" them as I did above.
PHP is looking for named elements, not IDs which cannot be relied upon.
This also doesn't have a name <input type="file" id="inputFile">
change to: <input type="file" name="file" id="inputFile">
as per $_FILES["file"]
Use error reporting
while placing the following underneath your opening <?php tag:
error_reporting(E_ALL);
ini_set('display_errors', 1);
which will throw many Undefined index warnings with your present code.
Also as pointed out by Barmar in his comment, you're missing a $ for Picture= $_FILES["file"]["name"]; unless that was a typo, it should read as:
$Picture= $_FILES["file"]["name"];
In regards to it registers in the database as "0000-00-00" make sure your column is of the correct type to accomodate a DATE.
Try formatting first your Birthdate:
$Birthday = date("Y-m-d", strtotime($_POST['inputBirthday']));