When i press the submit button to insert record, it pulls out no error but when i check the database i find no records submitted too. please what could be wrong with my script. just started with php
<?php
if (isset($_POST['submitted'])){
include('Connections/connect.php');
$term= $_POST['term'];
$details= $_POST['details'];
$sql = "INSERT INTO people (term,details) VALUES ($term,$details)";
$newrecord ="Inserted Successfully";
}
?>
connect.php
<?php
$hostname_speedapp = "localhost";
$database_speedapp = "mydb";
$username_speedapp = "root";
$password_speedapp = "password";
$mydb= mysqli_connect($hostname_mydb, $username_mydb, $password_mydb) or trigger_error(mysql_error(),E_USER_ERROR);
?>
HTML
<form id="form1" name="form1" method="post" action="page1.php">
<p>
<label for="term"></label>
<input type="text" name="term" id="term" />
</p>
<p>
<label for="details"></label>
<input type="text" name="details" id="details" />
</p>
<p>
<input type="submit" name="button" id="button" value="Submit" />
<input name="submitted" type="hidden" value="submitted" />
</p>
</form>
<p>
<?php
$newrecord
?>
There is a lot wrong with your code
Let's take it step by step:
<?php
if (isset($_POST['submitted'])){
include('Connections/connect.php');
$term= $_POST['term'];
$details= $_POST['details'];
You are not escaping here. When I'm a bad man I could destroy your application
Read more about escaping here: How can I prevent SQL injection in PHP?
$sql = "INSERT INTO people (term,details) VALUES ($term,$details)";
You are defining a query here but you do not do anything with this query
read about executing query's on the php documentation page: http://php.net/manual/en/mysqli.query.php
$newrecord ="Inserted Successfully";
You are defining a variable $newrecord here but it does not have a function here. Add echo $newrecord; to echo the value of the variable $newrecord: http://php.net/echo
}
?>
Then you are not using the correct variables in your connect.php
<?php
$hostname_speedapp = "localhost";
$database_speedapp = "mydb";
$username_speedapp = "root";
$password_speedapp = "password";
$mydb= mysqli_connect($hostname_mydb, $username_mydb, $password_mydb) or trigger_error(mysql_error(),E_USER_ERROR);
?>
You are defining $hostname_speedapp and using $hostname_mydb in your mysqli_connect change that to $hostname_speedapp etc.. changing your connection string to:
$mydb= mysqli_connect($hostname_speedapp, $username_speedapp, $password_speedapp)
You are not selecting a database in your connectionstring. You are defining a variable with your database name called: $database_speedapp but you never use it.
Change your connectionstring to: $mydb= mysqli_connect($hostname_speedapp, $username_speedapp, $password_speedapp, $database_speedapp) and you should be good to go
add this
$sql = "INSERT INTO people (term,details) VALUES ($term,$details)";
if (mysqli_query($mydb, $sql))
{
echo "New record created successfully";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($mydb);
}
EDIT 01
$hostname_speedapp = "localhost";
$database_speedapp = "mydb";
$username_speedapp = "root";
$password_speedapp = "password";
$mydb= mysqli_connect($hostname_mydb, $username_mydb, $password_mydb) or trigger_error(mysql_error(),E_USER_ERROR);
and top of page1.php
include("connect.php");
You dont even have an insert query in your script.
$hostname_speedapp = "localhost";
$database_speedapp = "mydb";
$username_speedapp = "root";
$password_speedapp = "password";
$mydb= mysqli_connect($hostname_mydb, $username_mydb, $password_mydb) or trigger_error(mysql_error(),E_USER_ERROR);
$sql = "INSERT INTO people (term,details) VALUES ($term,$details)";
if (mysqli_query($mydb, $sql)) {
$newrecord ="Inserted Successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($mydb);
}
mysqli_close($mydb);
use this:
` $sql = "INSERT INTO people (term,details) VALUES ($term,$details)";
$result=mysqli_query($mydb,$sql);`
Connect.php
<?php
$hostname_speedapp = "localhost";
$database_speedapp = "mydb";
$username_speedapp = "root";
$password_speedapp = "password";
$mydb= mysqli_connect($hostname_speedapp, $username_speedapp, $password_speedapp,$database_speedapp) or trigger_error(mysql_error(),E_USER_ERROR);
?>
page1.php
if (isset($_POST['submit'])){
include('Connections/connect.php');
$term= $_POST['term'];
$details= $_POST['details'];
$sql = "INSERT INTO people (term,details) VALUES ('".$term."' , '".$details."')";
if ($mydb->query($sql) === TRUE) { //can use connected database $mydb
$newrecord = "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $mydb->error;
}
}
?>
<form id="form1" name="form1" method="post" action="">
<p>
<label for="term"></label>
<input type="text" name="term" id="term" />
</p>
<p>
<label for="details"></label>
<input type="text" name="details" id="details" />
</p>
<p>
<input type="submit" name="button" id="button" value="Submit" />
</p>
</form>
<p>
<?php
if(isset($newrecord)){
echo "<h3>$newrecord</h3>";
}
?>
I think you need to quote the submitted data values in your sql query:
Change the following:
$sql = "INSERT INTO people (term,details) VALUES ($term,$details)";
to
$sql = "INSERT INTO people (term,details) VALUES ('$term','$details')";
Related
"I have read a lot of problem been solved in stackoverflow similar to my problem, and have seen a lot of example, yet still my code is not inserting in to mysql. however if i hard feed the php it would insert. my info is coming as submit from html post.I have good server connection and also connection to the database, can any one help me if i miss any thing. here is my code below."
<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query("INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
echo "Data Inserted successfully...!!";
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="text" name="image" />
<input type="submit" />
</form>
</body>
</html>
" i expect output of 5/2 to be 2.5"
Write the name for submit button
<input type="submit" name="submit" />
then in php file
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
}
this if statement will run
you not given name attribute to button so give name="submit" and if you want to upload file then change type="file"
<?php
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query("INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
echo "Data Inserted successfully...!!";
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="file" name="image" />
<input type="submit" name="submit" />
</form>
</body>
</html>
You're checking isset($_POST['submit']) but there is no input field which is posted with submit name.. you need to add the name attribute in the submit button. also you're not passing the $connection in the mysqli_query.
$servername = "localhost";
$username = "root";
$password = "";
$db="image";
// Create connection
$connection = mysqli_connect($servername, $username, $password, $db); // Establishing Connection with Server
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
else{
echo "Connected successfully";
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$name = $_POST['name'];
$image = $_POST['image'];
echo $name;
echo $image;
if($name !=''||$image !=''){
//Insert Query of SQL
$query = mysqli_query($connection, "INSERT INTO image (id, name, imagename) VALUES ('NULL', '$name', '$image')");
if($query !== false){
echo "Data Inserted successfully...!!";
}
else{
echo "Query failed";
}
}
else{
echo "Insertion Failed <br/> Some Fields are Blank....!!";
}
}
mysqli_close($connection); // Closing Connection with Server
?>
<form action = "test2.php" method="POST" enctype="multipart/form-data">
<label>name: </label><input type="text" name="name" />
<label>File: </label><input type="text" name="image" />
<input type="submit" name = "submit" />
</form>
</body>
</html>
One more suggestion always use PDO in code to prevent SQL injection. Your code is vulnerable to sql injection.
i have a problem in sending my form values to mysql database i readed all other topics and i did what they wrote but i didn't get what i want please help me :(
<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "13838383";
$dbname = "users";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
?>
<?php
include("../includes/functions.php");
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="../public/stylesheets/style.css" type="text/css">
<title>Our WebPage</title>
</head>
<body>
<center>
<form action="input.php" method="post">
<fieldset>
<legend>Register</legend>
<span>UserName: </span><br />
<input type="text" name="username" placeholder="USERNAME"><br /><br />
<span>PassWord: </span><br />
<input type="text" name="lastname" placeholder="PASSWORD"><br /><br />
<input type="button" name="submit" value="submit"><br /><br />
<fieldset>
</form>
</center>
<?php
?>
<?php
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$addUserQuery = "INSERT INTO users (username, password) VALUES ({$username}, {$password});";
$added = mysqli_query($connection, $addUserQuery);
if ($added) {
echo '<br>Input data is successful';
} else {
echo '<br>Input data is not valid';
}
}
?>
</body>
</html>
and my problem is i don't know know what should i enter in action attribute in form tag thanks please help
Simply put, your variables aren't quoted, so your query is being turned into this (If someone submitted 1337user as the username, and P#ssw0rd as the password):
INSERT INTO users (username, password) VALUES (1337user, P#ssw0rd);
When it should be:
INSERT INTO users (username, password) VALUES ('1337user', 'P#ssw0rd');
Bind your variables instead: How can I prevent SQL injection in PHP?
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$addUserQuery = mysqli_prepare($connection, "INSERT INTO users (username, password) VALUES (?, ?)");
mysqli_stmt_bind_param($addUserQuery, "ss", $username, $password);
$added = mysqli_stmt_execute($addUserQuery);
if ($added) {
echo '<br>Input data is successful';
} else {
echo '<br>Input data is not valid';
}
}
I wrote this code to update entry in my sql table, but i don't what is wrong.
Here is my form
<form action="" method="POST">
<center>
Alumni_ID :
<input type="text" name="valueh">
<br>
<input type="text" name="name" placeholder="name">
<input type="text" name="phone" placeholder="contact details">
<input type="text" name="details" placeholder="details">
<input type="text" name="address" placeholder="address">
<input type="submit" value="update data">
</center>
</form>
And this is php page,
<?php if (isset($_POST['submit'])) {
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "tssolutions";
$ab = $_POST['name'];
$bc = $_POST['phone'];
$cd = $_POST['details'];
$de = $_POST['address'];
$posted = $_POST['valueh'];
//create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
//check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//echo "connected successfully";
$sql = " UPDATE phone SET name='".$ab."', phone='".$bc."', details='".$cd."', address='".$de."' WHERE name = '".$posted."' ";
if(mysqli_query($conn, $sql)) {
echo "<hr>";
echo "<h3 class='w3-center' style='text-color:black'>Record Successfully Updated</h3>";
} else {
echo "<hr>";
echo "<h3 class='w3-center' style='text-color:black'>Error While Updating, Try Again</h3>";
}
mysqli_close($conn);
} ?>
Both the code are on same page Update.php, i wish to send alumni_id so that i can update that record where alumni_id = name in table phone, and then send new values of the row .
You forgot to name the submit button
Instead of
<input type="submit" value="update data">
Try this
<input type="submit" name="submit" value="update data">
To debug your code you can echo your SQL statement
echo $sql = "UPDATE phone SET name='".$ab."', phone='".$bc."', details='".$cd."', address='".$de."' WHERE name = '".$posted."';
You can then see if you have correct syntax and your values are sent correctly
try this code, maybe this helps
$sql = " UPDATE phone SET `name` ='$ab', `phone` ='$bc', `details` ='$cd', `address`='$de' WHERE `name` = '$posted' ";
i try to creat a table with html and php
when i insert data into my db i get num 1 like a values in all column
this my code
<html dir="rtl">
<form action="" method="post">
<label for="Nom">الاسم:</label>
<center><input type="text" name="Nom"></center>
<label for="Cin">البطاقة الوطنية:</label>
<center><input type="text" name="Cin"></center>
<label for="Tel">الهاتف:</label>
<center> <input type="text" name="Tel"></center>
<label for="DATE_donation"> تاريخ التبرع:</label>
<center><input type="date" name="DATE_donation"></center>
<center><input type="submit" value="إدخال"></center>
</form>
</html>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "ikhlas";
$con= mysqli_connect($servername, $username, $password, $dbname);
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
$Name =isset($_POST['Nom']);
$CIN = isset($_POST['Cin']);
$TEL = isset($_POST['Tel']);
$date = isset($_POST['DATE_donation']);
$sql="INSERT INTO persone(Nom, Cin, Tel, DATE_donation) value ('$Name','$CIN','$TEL','$date')";
if (mysqli_query($con, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($con);
}
?>
and this my ressult in dbenter image description here
Sure because you define all variable with $foo = isset($bar) instead of
if(isset($bar))
$foo = $bar;
Take a look to the doc about SQL injection too: http://php.net/manual/en/security.database.sql-injection.php
Remove your isset()
http://php.net/manual/en/function.isset.php
Replace to:
if(isset($_POST['إدخال']))
{
$Name = (!empty($_POST['Nom']))?$_POST['Nom']:"";
$CIN = (!empty($_POST['Cin']))?$_POST['Cin']:"";
$TEL = (!empty($_POST['Tel']))?$_POST['Tel']:"";
$date = (!empty($_POST['DATE_donation']))?$_POST['DATE_donation']:"";
}
I have that people can add team names to my MySQL table. Now I want them to edit it. I have tried several tutorials but i can't figure it out. I like to know what i am doing wrong.
This is my admin.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if(isset($_POST['team'])){
$team = $_POST['team'];
$ID = $_POST['id'];
$query = mysql_query("SELECT * FROM e2teams WHERE Team='$team' and ID='$ID'");
if(mysql_num_rows($query) > 0 ) { //check if there is already an entry for that username
echo "$team bestaat al!";
}
else{
mysql_query("INSERT INTO e2teams (Team) VALUES ('$team')");
header("location:e2admin.php");
}
}
mysql_close();
?>
<html>
<body>
<h1>Add teams</h1>
<form action="e2admin.php" method="POST">
<input type="text" name="team" placeholder="Team naam" /><br>
<input type="submit" value="Toevoegen" />
</form>
<?php
$table = "e2teams";
$sql = "SELECT * FROM e2teams";
$result = mysql_query($sql, $dbhandle);
if(mysql_num_rows($result) > 0){
while($row = mysql_fetch_array($result)) {
echo $row['Team']. "<a href='edit.php?edit=$row[1]'>Bewerk</a><br>";
}
}
?>
</body>
</html>
The add teams works. but the edit button doesn't work yet. If I click on edit I go to the edit.php page; here I want to add the new name and need the Team to change in the MySQL row.
This is my edit.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if( isset($_GET['edit'])) {
$id = $_GET['edit'];
$res = mysql_query("SELECT * FROM e2teams");
$row= mysql_fetch_array($res);
}
if (isset ($_POST['nieuwenaam'])) {
$newname = $_POST['nieuwenaam'];
$id = $_POST['id'];
$sql = "UPDATE e2teams SET Team='$newname' WHERE id='$id'";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php'>";
}
?>
<html>
<body>
<form action="edit.php" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"s" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
I also like to know how to delete team names but this is maybe for a next question.
This should work:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
$id = intval($_GET['edit']);
if($id > 0) {
$res = mysql_query("SELECT * FROM e2teams WHERE `id` = $id");
$row= mysql_fetch_array($res);
$newname = mysql_real_escape_string($_POST['nieuwenaam']);
if (!empty($newname)) {
$sql = "UPDATE e2teams SET Team='$newname' WHERE id=$id";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php?edit=$id'>";
}
}
?>
<form action="edit.php?edit=<?= $id; ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
Edit: Also, about the intval() and mysql_real_escape_string(). Since you were using $_GET without any filter, I've added intval() function on it. Without filtering $id you could've been easily attacked by some sort of e.g. SQL Injection. Same with mysql_real_escape_string(). You might read about this filter function in php manual. For further study I recommend changing mysql_ functions to PDO or mysqli prepared statements. Happy coding!
Check your edit form. You have to put the value attribute like this value="s" no like value"". I think thats all.
I assume when they click on the edit link it's passing the id of the team so the edit.php select should be something like:
$id = (int)$_GET['edit'];
if (!empty($id))
{
$sql = "SELECT * FROM e2teams WHERE id='$id'";
$result = mysqli_query($sql);
$row = mysql_fetch_assoc($res);
}
//... keep the rest of code as is
Now you need to change the HTML form to:
<form action="edit.php?edit=<?php echo $row['id'] ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" value="<?php echo $row['Team'] ?>" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"<?php echo $row['id'] ?>" /><br>
<input type="submit" value="Update" />
</form>