I've got a simple form to take in user data and insert it into an sql database. When the user hits submit it does create a new entry line (so I know it's connecting to the database) but none of the values are posting as they should. I was following the tutorials on w3schools but I'm not sure where my Values are getting lost. Could some one point me in the right direction?
Form:
<?php
$Fname = $_POST["Fname"];
$Lname = $_POST["Lname"];
$Sid = $_POST["Sid"];
$Email = $_POST["Email"];
$Dtype = $_POST["Dtype"];
$Mac = $_POST["Mac"];
?>
<html>
<head>
<title>Register School Device</title>
</head>
<body>
<form method="post" action="SMA_Send.php">
First Name:<input type="text" size="12" maxlength="20" name="Fname"><br />
Last Name:<input type="text" size="12" maxlength="36" name="Lname"><br />
Student ID:<input type="text" size="12" maxlength="12" name="Sid"><br />
Email:<input type="text" size="12" maxlength="36" name="Email"><br />
Device Type:<br />
<select name="Dtype">
<option value="iPad">iPad</option>
<option value="iPhone">iPhone</option>
<option value="AndroidTablet">Android Tablet</option>
<option value="AndroidPhone">Android Phone</option></select><br />
Mac Address:<input type="text" size="12" maxlength="36" name="Mac"><br />
<input type="submit" value="submit" name="submit">
</form>
Send:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "dbname";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO StudentDeviceReg (Fname, Lname, Sid, Email, Dtype, Mac, Date)
VALUES ('$Fname','$Lname','$Sid','$Email','$Dtype','$Mac',NOW())";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
These belong in your PHP/SQL SMA_Send.php file and not in your form.
$Fname = $_POST["Fname"];
$Lname = $_POST["Lname"];
$Sid = $_POST["Sid"];
$Email = $_POST["Email"];
$Dtype = $_POST["Dtype"];
$Mac = $_POST["Mac"];
Having used error reporting, would have signaled Undefined variables.
I also need to note that your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements, they're much safer.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
i don't see you using $_POST any where:
use $_POST["Fname"] and others also like this.
or you can do this:
$Fname = $_POST["Fname"];// for the rest also.
Related
I am trying to pinpoint the problem in these form scripts.
I would like to create a line in the SQL server with the data that will be inserted into the HTML form, but each time only the empty line is created without also inserting the form inputs.
HTML
<form action="insert2.php" method="post">
<label for="First_name">First_name:</label>
<input type="text" name="First_name" id="First_name">
<label for="PASSWORD">PASSWORD:</label>
<input type="text" name=value name="pass" id="pass">
<label for="Emailaddress">Emailaddress:</label>
<input type="text" name=value name="email" id="email">
<input name="submit" type="submit" value="Submit">
</form>
PHP
<?php
if(isset($_POST['submit'])){
$First_name = $_REQUEST['First_name'];
$pass = $_REQUEST['password'];
$email = $_REQUEST['Emailaddress'];
}
$servername = "host";
$username = "user";
$password = "";
$dbname = "dbname";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO users(First_name, PASSWORD, Emailaddress)
VALUES ('$First_name', '$pass', '$email')";
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
The posted values should be set as $_POST['ExampleField'] not just a variable with that name.
Ex: $First_name should be $_POST['First_name']
If you look in your error logs you are likely getting undefined variable errors with the code as it is now, because $First_name, $PASSWORD and $Emailaddress are never defined.
Also you should avoid directly putting variables into queries like that, it opens you up to large security risks. I would recommend reading up on SQL Injection (https://www.w3schools.com/sql/sql_injection.asp) and binding parameters (https://www.php.net/manual/en/pdostatement.bindparam.php) to see how to avoid those risks.
You need to retrieve the values after a submit of some sort. You have a submit button but you'll want to give it a name (I named it submit). This code should work but you'll be vulnerable to injection attacks.
PHP
<?php
if(isset($_POST['submit'])){
$First_name = $_REQUEST['First_name'];
$pass = $_REQUEST['PASSWORD'];
$email = $_REQUEST['Emailaddress'];
}
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO users(First_name, PASSWORD, Emailaddress)
VALUES('$First_name','$pass','$email')";
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
HTML
<form action="insert2.php" method="post">
<label for="First_name">First_name:</label>
<input type="text" name="First_name" id="First_name">
<label for="PASSWORD">PASSWORD:</label>
<input type="text" name="PASSWORD" id="PASSWORD">
<label for="Emailaddress">Emailaddress:</label>
<input type="text" name="Emailaddress" id="Emailaddress">
<input name="submit" type="submit" value="Submit">
</form>
I am trying to get data from a form into a database, have searched all the answers and code on yours and other websites but none of them work.
It is connecting to the database OK, but keep getting an error message when submitting the form.
Thanks
My form is
<html><head>
<link rel="stylesheet" href="form.css" type="text/css">
<meta charset="utf-8">
</head>
<body>
<h1>A small example page to insert some data in to the MySQL database using
PHP</h1>
<form action="insert.php" method="post">
Firstname: <input type="text" name="firstname" /><br><br>
Lastname: <input type="text" name="lastname" /><br><br>
<input type="submit" />
</form>
</body>
</html>
My PHP code is
<?php
$servername = "server";
$username = "username";
$password = "xxxx";
$database = "xxx_com";
$conn = mysqli_connect($servername, $username, $password, $database);
{
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$dbh->query = "INSERT INTO nametable (firstname, lastname)
VALUES ('$_POST[firstname]', '$_POST[lastname]')";
}
if (!mysqli_query($user_info, $connect)) {
die('Error: ' . mysqli_error());
}
echo “Your information was added to the database.”;
mysqli_close($connect);
?>
Your html form using
Firstname: <input type="text" name="fname" /><br><br>
Lastname: <input type="text" name="lname" /><br><br>
but your PHP get from
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
it should used the same name. Like
$first_name = $_POST['fname'];
$last_name = $_POST['lname'];
As mention by people comment, please learn how to avoid the SQL injection problem
Goal: I want to create an HTML form that displays pre-populated information from the 22 arrays from array_file.php.
First, I will go on index.php. On index.php, I will see a form with pre-populated data. I will not be able to edit the first and last name fields, but I will be able to edit the email field (if necessary).
Second, once everything looks okay, I will click the "Submit" button.
Third, if nothing is wrong (i.e., email field is populated), the "Submit" button should take me to the second record in the array.
Finally, once it has looped through all the arrays, it will provide a message, such as, "You're done!"
Current problem: My current index.php page shows all 22 pre-populated forms on one page. While I can edit and submit to the database using the individual "Submit" button, I'd rather be able to look at each pre-populated form one at a time.
Here is the code:
<?php
ob_start();
include 'array_file.php';
ob_end_clean();
?>
<?php
$i=1;
while ($i<=22){
?>
<form action="index.php" method="post">
<h2>Form</h2>
<label>First Name:</label>
<input class="input" name="first_name" type="text" value="<?php echo htmlentities($array[$i][1]) ?>" disabled><br>
<label>Last Name:</label>
<input class="input" name="last_name" type="text" value="<?php echo htmlentities($array[$i][2]) ?>" disabled><br>
<label>Email:</label>
<input class="input" name="email" type="text" value="<?php echo htmlentities($array[$i][3]) ?>"><br><br>
<input class="submit" name="submit" type="submit" value="Submit">
</form>
<?php
$i=$i+1;
}
?>
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['submit'])){
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = mysqli_real_escape_string($conn,$_POST['email']);
if($email !=''){
//Insert Query of SQL
mysqli_query(#conn,"INSERT into form(form_first_name, form_last_name, form_email) values ('$first_name', '$last_name', '$email')");
echo "<br/><br/><span>Data inserted successfully!</span>";
}
else{
echo "<p>Insertion Failed <br/> Some required fields are blank!</p>";
}
}
$mysqli->close(); // Closing Connection with Server
?>
Let me know if you need me to provide any more information. Thank you in advance!
I hope this code is what you need.
<?php
ob_start();
include 'array_file.php';
ob_end_clean();
if(isset($_POST['submit']) and isset($_POST[email])){
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = mysqli_real_escape_string($conn,$_POST['email']);
if($email !=''){
//Insert Query of SQL
mysqli_query(#conn,"INSERT into form(form_first_name, form_last_name, form_email) values ('$first_name', '$last_name', '$email')");
echo "<br/><br/><span>Data inserted successfully!</span>";
}
}
/// find which form will be published
if( isset($_SESSION["form"]) and $_SESSION["form"]<22){
$form=$_SESSION["form"]+1;
$_SESSION["form"]=$form;
}else{
$form=1;
$_SESSION["form"]=$form;
}
// determine which is the next form number
if($form<22){ $nextForm=$form+1; }else{ $nextForm="??"; }
<!-- form area !-->
<form action="index.php?form=<?php echo $nextForm; ?>" method="post">
<h2>Form</h2>
<label>First Name:</label>
<input class="input" name="first_name" type="text" value="<?php echo htmlentities($array[$form][1]) ?>" disabled><br>
<label>Last Name:</label>
<input class="input" name="last_name" type="text" value="<?php echo htmlentities($array[$form][2]) ?>" disabled><br>
<label>Email:</label>
<input class="input" name="email" type="text" value="<?php echo htmlentities($array[$form][3]) ?>"><br><br>
<input class="submit" name="submit" type="submit" value="Submit">
</form>
I wrote this code to update entry in my sql table, but i don't what is wrong.
Here is my form
<form action="" method="POST">
<center>
Alumni_ID :
<input type="text" name="valueh">
<br>
<input type="text" name="name" placeholder="name">
<input type="text" name="phone" placeholder="contact details">
<input type="text" name="details" placeholder="details">
<input type="text" name="address" placeholder="address">
<input type="submit" value="update data">
</center>
</form>
And this is php page,
<?php if (isset($_POST['submit'])) {
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "tssolutions";
$ab = $_POST['name'];
$bc = $_POST['phone'];
$cd = $_POST['details'];
$de = $_POST['address'];
$posted = $_POST['valueh'];
//create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
//check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//echo "connected successfully";
$sql = " UPDATE phone SET name='".$ab."', phone='".$bc."', details='".$cd."', address='".$de."' WHERE name = '".$posted."' ";
if(mysqli_query($conn, $sql)) {
echo "<hr>";
echo "<h3 class='w3-center' style='text-color:black'>Record Successfully Updated</h3>";
} else {
echo "<hr>";
echo "<h3 class='w3-center' style='text-color:black'>Error While Updating, Try Again</h3>";
}
mysqli_close($conn);
} ?>
Both the code are on same page Update.php, i wish to send alumni_id so that i can update that record where alumni_id = name in table phone, and then send new values of the row .
You forgot to name the submit button
Instead of
<input type="submit" value="update data">
Try this
<input type="submit" name="submit" value="update data">
To debug your code you can echo your SQL statement
echo $sql = "UPDATE phone SET name='".$ab."', phone='".$bc."', details='".$cd."', address='".$de."' WHERE name = '".$posted."';
You can then see if you have correct syntax and your values are sent correctly
try this code, maybe this helps
$sql = " UPDATE phone SET `name` ='$ab', `phone` ='$bc', `details` ='$cd', `address`='$de' WHERE `name` = '$posted' ";
First here is my code:
database.php (established connection so I can use with require)
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$port = 8889;
$database = "oopdb";
try{
$conn = new PDO("mysql:host=$servername; dbname=$database; port=$port", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$conn->exec("SET NAMES 'utf8'");
}catch(Exception $e){
echo "Error: " . $e->getMessage();
exit;
}
?>
Then my main PHP file with the form:
<!DOCTYPE html>
<html>
<head>
<title>Forms with PDO</title>
</head>
<body>
<?php
require("database.php");
if(isset($_POST['submit'])){
//trying to insert data into the database
try{
// prepare and bind
$stmt = $conn->prepare("INSERT INTO clients (phonenumber, firstname, lastname, address, note) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param('sssss', $phonenumber, $firstname, $lastname, $address, $note);
// set parameters and execute
$phonenumber = $_POST['number'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$address = $_POST['address'];
$note = $_POST['note'];
$stmt->execute();
}catch (Exception $e) {
echo "Data could not be retrieved from the database.";
exit;
}
}
?>
<h2>The Form</h2>
<hr />
<br />
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
Number: <input type="text" name="number" value="" />
<br /><br />
First Name: <input type="text" name="firstname" value="" />
<br /><br />
Last Name: <input type="text" name="lastname" value="" />
<br /><br />
Address: <input type="text" name="address" value="" />
<br /><br />
Notes: <input type="text" name="notes" value="" />
<br /><br />
<input type="submit" name="submit" value="Submit">
</form>
<br />
<hr />
</body>
</html>
So now for some reason I am not able to insert the data from the form into my database when I click submit. I keep getting this error:
Fatal error: Call to undefined method PDOStatement::bind_param() in /Users/lucasantos/Sites/oop_testing/stack.php on line 19
I have seen multiple ways of using bind_param and inserting data into the database. This method in specific I got from W3schools HERE
I have went over the entire code multiple times, tried many times and still not working. I even looked at the bind_param documentation and I believe I am using it correctly. Someone please help.
Some additional information:
- I am doing this on local host through MAMP if that matters.
- I also have a column for the id of the row but I did not include it because it is set to auto increment.
Thank you!