I get problem in inserting data to database table. I have checked everything from table fields to the form fields. Everything is ok and even print_r prints the result but data is not inserted to database. it returns empty result set.
my form code
<?php include('header.php'); ?>
<div class="page container">
<div class="row col-12 register-page">
<form class="form-horizontal" role="form" action="register-process.php" method="post">
<div class="form-group">
<label for="firstname" class="col-sm-2 control-label">First Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="firstname" name="firstname"
placeholder="Enter First Name">
</div>
</div>
<div class="form-group">
<label for="lastname" class="col-sm-2 control-label">Last Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="lastname" name="lastname"
placeholder="Enter Last Name">
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="email" name="email"
placeholder="Enter Your Email">
</div>
</div>
<div class="form-group">
<label for="password" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="password" name="password"
placeholder="Enter your password">
</div>
</div>
<div class="form-group">
<label for="confirm-password" class="col-sm-2 control-label">Confirm Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="cpassword" name="cpassword"
placeholder="Confirm password">
</div>
</div>
<div class="form-group">
<label for="birth-year" class="col-sm-2 control-label">Birth Year</label>
<div class="col-sm-10">
<select id="year" class="birth-year" name="birth-year">
<?php
for($i = 1970; $i < date("Y")+1; $i++){
echo '<option value="'.$i.'">'.$i.'</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="gender" class="col-sm-2 control-label register-gender">Gender</label>
<div class="col-sm-10">
<select id="registration_gender" class="select-register " required="required" name="gender">
<option selected="selected" value="">Gender</option>
<option value="_UE_M">Male</option>
<option value="_UE_MRS">Female</option>
</select>
</div>
</div>
<div class="form-group form-action">
<div class="form-action">
<input type="submit" name="submit" class="btn btn-large btn-primary" value="Lets Get Started" >
</div>
</div>
</form>
</div>
</div>
and my register-process code
<div class="page container">
<div class="row col-12 register-page">
<?php
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$cpassword = md5($_POST['cpassword']);
$birthyear = $_POST['birth-year'];
$gender = $_POST['gender'];
if($fname && $lname && $email && $password && $cpassword){
if($password == $cpassword){
include("config.php");
$insert = 'INSERT INTO users(firstname,lastname,email,password,birth-year,gender)
VALUES("'.$fname.'","'.$lname.'","'.$email.'","'.$password.'","'.$birthyear.'","'.$gender.'")';
mysql_query($insert);
echo "registered successfully";
}
else{
header("Location: register.php");
echo "your password do not match.";
}
}
else{
echo "complete the form please.";
header("Location: register.php");
}
?>
</div>
</div>
The line
if($fname && $lname && $email && $password && $cpassword){
is checking if these values are true, which they aren't. The PHP code around this will result in SQL injections as you're not validating the values entered in your form. Look at escaping SQL and also removing HTML entities.
Use the function isset() on your $_POST variables, this way you can validate the form was filled in correctly. Once you're happy the form is filled in correctly, SQL escape and removal of html entities into your local variables and then use these to insert into SQL.
Related
I created a form to capture user details including their passport, but when ever the user fill the form, it went blank without populating the database with the filled data, but the image will be moved to specified directory. How do correct the error so that the data and the image path will be populated into the database.
if(isset($_POST['submit']))
{
$name=$_POST['name'];
$image = $_FILES['image']['name'];
$regno=$_POST['regno'];
$email=$_POST['email'];
$password=$_POST['password'];
$status=1;
// image file directory
$target = "images/".basename($image);
move_uploaded_file($_FILES['image']['tmp_name'], $target);
$sql="INSERT INTO tblstudents(name,image,regno,email,password,status) VALUES(:name,:image,:regno,:email,:password, :status)";
$query = $dbh->prepare($sql);
$query->bindParam(':name',$name,PDO::PARAM_STR);
$query->bindParam(':image',$_image,PDO::PARAM_STR);
$query->bindParam(':regno',$regno,PDO::PARAM_STR);
$query->bindParam(':email',$email,PDO::PARAM_STR);
$query->bindParam(':password',$password,PDO::PARAM_STR);
$query->bindParam(':status',$status,PDO::PARAM_STR);
$query->execute();
$Id = $dbh->Id();
if($Id)
{
$msg="user added successfully";
}
elseif (move_uploaded_file($_FILES['image']['tmp_name'], $target)) {
$msg = "Image uploaded successfully";
}else
{
$error="Something went wrong. Please try again";
}
}
?>
Here is my html form
<form class="form-horizontal" method="post" enctype="multipart/form-data">
<!-- image file enctype="multipart/form-data" -->
<div class="form-group">
<label for="default" class="col-sm-2 control-label">Full Name</label>
<div class="col-sm-10">
<input type="text" name="name" class="form-control" id="name" required="required" autocomplete="off">
</div>
</div>
<div class="form-group">
<label for="default" class="col-sm-2 control-label">Registration Number</label>
<div class="col-sm-10">
<input type="text" name="regno" class="form-control" id="regno" maxlength="50" required="required" autocomplete="off">
</div>
</div>
<div class="form-group">
<label for="default" class="col-sm-2 control-label">Email Address</label>
<div class="col-sm-10">
<input type="email" name="email" class="form-control" id="email" required="required" autocomplete="off">
</div>
</div>
<div class="form-group">
<label for="default" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
<input type="password" name="password" class="form-control" id="password" required="required" autocomplete="off">
</div>
</div>
<!-- passport to upload -->
<div class="form-group">
<label for="default" class="col-sm-2 control-label">Upload Passport</label>
<div class="col-sm-10">
<input type="file" name="image" id="image">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
Was trying to make a student register page but the data won't insert into database and there was no error message shown so i'm not sure where the problem is. Any help is appreciated!
Here's the code:
<form onsubmit="return Add_Validate()" class="form-horizontal" action="AddStudent.php" method="POST">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
<h4 class="modal-title"><i class="fa fa-plus"></i> Add Student</h4>
</div>
<div class="modal-body">
<div class="form-group">
<label class="col-sm-3 control-label">Student Name </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<input type="text" class="form-control" id="Add_Student_Name" placeholder="Student Name" name="Student_Name1" autocomplete="off" required>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label">Gender </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<select class="form-control" id="Add_Student_Gender" name="Student_Gender1" required>
<option value="">~~SELECT~~</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>
</div></div>
<div class="form-group">
<label class="col-sm-3 control-label">Address </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<input type="text" class="form-control" id="Add_Student_Address" placeholder="Address" name="Student_Address1" autocomplete="off" required>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label">Contact Number </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<input type="text" class="form-control" id="Add_Contact_Number" placeholder="Contact Number" name="Contact_Number1" autocomplete="off" required>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label">Email </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<input type="text" class="form-control" id="Add_Student_Email" placeholder="Email" name="Student_Email1" autocomplete="off" required>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label">Faculty </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<select class="form-control" name="Add_Faculty1" id="FacultyName" required>
<option value="">~~SELECT~~</option>
<?php $query_faculty="SELECT FacultyName FROM `faculty`";
$result_faculty = mysqli_query($connect, $query_faculty) or die(mysqli_error($connect));
while($row_faculty=mysqli_fetch_array($result_faculty)) { ?>
<option value="<?php echo $row_faculty['FacultyName'] ?>"><?php echo $row_faculty['FacultyName'] ?></option>
<?php } ?></select></div></div>
<div class="form-group">
<label class="col-sm-3 control-label">Username </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<input type="text" class="form-control" id="Add_Student_Username" placeholder="Username" name="Student_Username1" autocomplete="off" required>
</div></div>
<div class="form-group">
<label class="col-sm-3 control-label">Password </label>
<label class="col-sm-1 control-label">: </label>
<div class="col-sm-8">
<input type="password" class="form-control" id="Add_Password" placeholder="Password" name="Student_Password1" autocomplete="off" required>
</div>
</div>
And SQL command:
<?php require 'php_action/db_connect.php';
if($_POST) {
$Student_Name= $_POST['Student_Name1'];
$Student_Gender= $_POST['Student_Gender1'];
$Student_Address= $_POST['Student_Address1'];
$Contact_Number= $_POST['Contact_Number1'];
$Student_Email= $_POST['Student_Email1'];
$FacultyName= $_POST['Add_Faculty1'];
$Student_Username= $_POST['Student_Username1'];
$Password= $_POST['Student_Password1'];
$sql = "INSERT INTO student (Student_Name,Student_Gender,Student_Address,Contact_Number,Student_Email,FacultyName,Student_Username,Password) VALUES ('$Student_Name', '$Student_Gender','$Student_Address','$Contact_Number','$Student_Email','$FacultyName','$Student_Username','$Password')";
if($connect->query($sql) === TRUE) {
echo "<SCRIPT>alert('Student successfully added!');document.location='Student_Register.php'</SCRIPT>";
}
else {
echo "<SCRIPT>alert('Student add unsuccessful!');document.location='Student_Register.php'</SCRIPT>";
}
}
$connect->close();
?>
Found the error, seems to be wrong column name, sorry the all the trouble.....
Admin please close my question.
You're not getting an error message because you never get the error message from MySQL and show it in your alert. $connect->error will contain the error message, and you can add that to your alert like this:
else {
echo "<SCRIPT>alert('Student add unsuccessful! Reason: ' + " . json_encode($connect->error) . ");document.location='Student_Register.php'</SCRIPT>";
}
I have been trying to read up a lot about trying to get a safe html form to email me something. I have created a form but I'm curious about it's safety. I haven't added the e-mail controls yet.
Since it will be up on a website I'm terrified of any injections. What I have done so far is use the htmlentities() to protect the action, used the test_input function from w3 schools and used the require function but I know that can be easily taken out.
Thanks in advance!
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["telnr"]);
$comment = test_input($_POST["message"]);
echo"Bedankt voor het invullen, we nemen zo snel mogelijk contact met u op.";
}
else{
?>
<form action="<?php echo htmlentities($_SERVER["PHP_SELF"]);?>" method="post">
<div class="form-group row">
<label for="inputEmail3" class="col-sm-2 col-form-label">naam</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="name" placeholder="naam" required>
</div>
</div>
<div class="form-group row">
<label for="inputPassword3" class="col-sm-2 col-form-label">e-mail</label>
<div class="col-sm-10">
<input type="email" class="form-control" name="email" placeholder="e-mail" required>
</div>
</div>
<div class="form-group row">
<label for="inputPassword3" class="col-sm-2 col-form-label">tel.nr</label>
<div class="col-sm-10">
<input type="tel" class="form-control" name="telnr" placeholder="telefoonnummer" required>
</div>
</div>
<div class="form-group row">
<label for="inputPassword3" class="col-sm-2 col-form-label">bericht</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="message" placeholder="bericht" required>
</div>
</div>
<div class="form-group row text-center">
<div class="offset-sm-2 col-sm-10">
<button type="submit" class="btn btn-primary">Verstuur bericht!</button>
</div>
</div>
</form>
<?php } ?>
Definitely good to escape the PHP_SELF value although, unless you need the portability it provides, you can always simplify things a bit and hardcode the form target.
I am trying to create a registration from and then post the data into a SQlite databases file.
My form looks like this:
<form action="registerprocess_test.php" class="form-horizontal" id=
"register_form" method="post" name="register_form" role="form">
<h2>Registration Form</h2>
<div class="form-group">
<label class="col-sm-3 control-label" for="firstname">First
Name</label>
<div class="col-sm-6">
<input autofocus="" class="form-control" id="firstname" name=
"firstname" placeholder="First Name" type="text">
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label" for="lastname">Last
Name</label>
<div class="col-sm-6">
<input autofocus="" class="form-control" id="lastname" name=
"lastname" placeholder="Last Name" type="text">
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label" for="email">Username</label>
<div class="col-sm-6">
<input class="form-control" id="username" name="username"
placeholder="Username" type="text">
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label" for=
"password">Password</label>
<div class="col-sm-6">
<input class="form-control" id="password" name="password"
placeholder="Password" type="password">
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label" for="country">Country</label>
<div class="col-sm-6">
<select class="form-control" id="country" name="country">
<option>
United Kingdom
</option>
<option>
United States
</option>
</select>
</div>
</div><!-- /.form-group -->
<div class="form-group">
<label class="control-label col-sm-3">Gender</label>
<div class="col-sm-6">
<div class="row">
<div class="col-sm-4">
<label class="radio-inline"><input id="femaleRadio"
type="radio" value="Female">Female</label>
</div>
<div class="col-sm-4">
<label class="radio-inline"><input id="maleRadio" name=
"gender" type="radio" value="Male">Male</label>
</div>
</div>
</div>
</div><!-- /.form-group -->
<div class="form-group">
<div class="col-sm-6">
<div class="checkbox"></div>
</div><!-- /.form-group -->
<div class="form-group">
<div class="col-sm-6 col-sm-offset-3">
<div class="checkbox">
<label><input type="checkbox">I accept <a href=
"#">Terms & Conditions</a></label>
</div>
</div>
</div><!-- /.form-group -->
<div class="form-group">
<div class="col-sm-6 col-sm-offset-3">
<button class="btn btn-primary btn-block" type=
"submit">Register</button>
</div>
</div>
</div>
</form>
Then my PHP looks like this:
<?php
try
{
//open the database
$db = new PDO('sqlite:users.db');
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$username = $_POST["username"];
$password = $_POST["password"];
$gender = $_POST["gender"];
$country = $_POST["country"];
//Insert record
$db->exec("INSERT INTO registered_users (firstname, lastname, username, password, gender, country) VALUES ('$firstname', '$lastname', '$username', '$password', '$gender', $country);");
//now output the data to a simple html table...
print "<table border=1>";
print "<tr><td>firstname</td><td>lastname</td><td>username</td><td>password</td><td>gender</td><td>country</td></tr>";
$result = $db->query('SELECT * FROM registered_users');
foreach($result as $row)
{
print "<tr><td>".$row['firstname']."</td>";
print "<td>".$row['lastname']."</td>";
print "<td>".$row['username']."</td>";
print "<td>".$row['password']."</td>";
print "<td>".$row['gender']."</td>";
print "<td>".$row['country']."</td>";
}
print "</table>";
$db = NULL;
}
catch(PDOException $e)
{
print 'Exception : ' .$e->getMessage();
}
?>
I know I am connecting to the database as it displays the current data in the database in the table, upon clicking submit. However it does not insert the data from the registration form. Am I missing something important in my php code?
I did some error checking, It was because I had another column within my table that I was not inserting into. So I deleted this column from the database and now it works fine.
Final Edit:
Thank you everyone for the help. I have been trying to write all the code related to connection in index.php rather than submit.php. It is resolved now.
Edit:
I have updated the code based on your feedback.
I am able to get the values to the database now but the thing is it is showing only empty results. here is the updated code.
<form action="submit.php" method="post" class="form-horizontal">
<div class="form-group">
<label for="name" class ="col-lg-2 control-label" > Name</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="name" name="name" placeholder="Enter your Name" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="email" class ="col-lg-2 control-label" > Email</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="email" name="email" placeholder="Enter your email address" required>
</div>
</div>
</div> <div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="subject" class ="col-lg-2 control-label" > Subject</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="subject" name="subject" placeholder="Your Subject" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal">
<div class="form-group">
<label for="message" class ="col-lg-2 control-label" > Message</label>
<div class="col-lg-7">
<textarea name="message" class="form-control" id ="message" cols="20" rows="3" placeholder="Your Message"></textarea>
</div>
</div> <!-- end form -->
<div class="col-lg-1">
</div>
<div class="form-group">
<div class="col-lg-7 col-lg-offset-2">
<button type="submit" name="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
PHP Code:
<?php
if (isset($_POST)) {
$conn = mysqli_connect($servername, $username, $password, $db_name);// Establishing Connection with Server
mysqli_set_charset($conn, 'utf8');
if (!$conn) {
die("Database connection failed: " . mysqli_error($conn));
}
else
echo "connected successfully";
//Escaping string, not 100% safe, also consider validating rules and sanitization
$name = mysqli_real_escape_string($conn, $_POST['name']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$subject = mysqli_real_escape_string($conn, $_POST['subject']);
$message = mysqli_real_escape_string($conn, $_POST['message']);
$result = mysqli_query($conn, "INSERT INTO contact (user, email, subject, message) VALUES ('$name', '$email', '$subject', '$message')");
}
?>
Here is the snapshot of the database
I have a form made using HTML. I want to store the results when i submit the form in the database. The connection was successful but the data is not being stored in the database.
Basically what submit.php does is just sent the text "Successfully submited the form".
Here's my code:
<form action="submit.php" method="post" class="form-horizontal">
<div class="form-group">
<label for="name" class ="col-lg-2 control-label" > Name</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="name" placeholder="Enter your Name" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="email" class ="col-lg-2 control-label" > Email</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="email" placeholder="Enter your email address" required>
</div>
</div>
</div> <div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="subject" class ="col-lg-2 control-label" > Subject</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="subject" placeholder="Your Subject" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal">
<div class="form-group">
<label for="message" class ="col-lg-2 control-label" > Message</label>
<div class="col-lg-7">
<textarea name="message" class="form-control" id ="message" cols="20" rows="3" placeholder="Your Message"></textarea>
</div>
</div> <!-- end form -->
<div class="col-lg-1">
</div>
<div class="form-group">
<div class="col-lg-7 col-lg-offset-2">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
PHP code:
$conn = mysqli_connect($servername, $username, $password, $db_name);// Establishing Connection with Server
mysqli_set_charset($conn, 'utf8');
if (!$conn) {
die("Database connection failed: " . mysqli_error($conn));
}
else
echo "connected successfully";
if (isset($_POST['submit'])) {
//Escaping string, not 100% safe, also consider validating rules and sanitization
$name = mysqli_real_escape_string($conn, $_POST['name']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$subject = mysqli_real_escape_string($conn, $_POST['subject']);
$message = mysqli_real_escape_string($conn, $_POST['message']);
$result = mysqli_query($conn, "INSERT INTO contact (user, email, subject, message) VALUES ('$name', '$email', '$subject', '$message');");
if ($result) {
$message="successfully sent the query!!";
}
else
{$message="try again!!";}
}
?>
None of your input fields have a name="" attribute, including the button. So none of these fields will be sent in the $_POST array.
Add a name="" attribute like this to all the fields you want sent to PHP
<form action="submit.php" method="post" class="form-horizontal">
<div class="form-group">
<label for="name" class ="col-lg-2 control-label" > Name</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="name" name="name" placeholder="Enter your Name" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="email" class ="col-lg-2 control-label" > Email</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="email" name="email" placeholder="Enter your email address" required>
</div>
</div>
</div>
<div class="col-lg-1"></div>
<div class="form-horizontal" >
<div class="form-group">
<label for="subject" class ="col-lg-2 control-label" > Subject</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="subject" name="subject" placeholder="Your Subject" required>
</div>
</div>
</div>
<div class="col-lg-1"></div>
<div class="form-horizontal">
<div class="form-group">
<label for="message" class ="col-lg-2 control-label" > Message</label>
<div class="col-lg-7">
<textarea name="message" class="form-control" id ="message" name="message" cols="20" rows="3" placeholder="Your Message"></textarea>
</div>
</div> <!-- end form -->
<div class="col-lg-1"></div>
<div class="form-group">
<div class="col-lg-7 col-lg-offset-2">
<button type="submit" class="btn name="submit" btn-primary">Submit</button>
</div>
</div>
</form>
Also in your code in submit.php change this so you see an actual error message if one occurs.
if ($result) {
$message="successfully sent the query!!";
} else {
$message="Insert failed : " . mysqli_error($conn);
}
echo $message;
Although this does assume you are actually showing the $message value somewhere in your code that you have not shown us.
You have to add name attribute to your button element so that if (isset($_POST['submit'])) will be true.
Please change
<button type="submit" class="btn btn-primary">Submit</button>
to
<button type="submit" name="submit" class="btn btn-primary">Submit</button>
or
<input type="submit" name="submit" value="Submit" class="btn btn-primary" />
First of all you must need to provide name attribute for each input tags and button tags for a better approach :
<form action="submit.php" method="post" class="form-horizontal">
<div class="form-group">
<label for="name" class ="col-lg-2 control-label" > Name</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="name" name ="name" placeholder="Enter your Name" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="email" class ="col-lg-2 control-label" > Email</label>
<div class="col-lg-7">
<input type="text" class="form-control" name ="email" id ="email" placeholder="Enter your email address" required>
</div>
</div>
</div> <div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="subject" class ="col-lg-2 control-label" > Subject</label>
<div class="col-lg-7">
<input type="text" class="form-control" name ="subject" id ="subject" placeholder="Your Subject" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal">
<div class="form-group">
<label for="message" class ="col-lg-2 control-label" > Message</label>
<div class="col-lg-7">
<textarea name="message" class="form-control" name ="message" id ="message" cols="20" rows="3" placeholder="Your Message"></textarea>
</div>
</div> <!-- end form -->
<div class="col-lg-1">
</div>
<div class="form-group">
<div class="col-lg-7 col-lg-offset-2">
<button type="submit" name ="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
Php Code for Insert data in DB :
$result = mysqli_query($conn, "INSERT INTO contact (user, email, subject, message) VALUES ('".$name."', '".$email."', '".$subject."', '".$message."')");
Try this code :-
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$conn = mysqli_connect($servername, $username, $password, $db_name);// Establishing Connection with Server
mysqli_set_charset($conn, 'utf8');
if (!$conn) {
die("Database connection failed: " . mysqli_error($conn));
}
else
echo "connected successfully";
//Escaping string, not 100% safe, also consider validating rules and sanitization
$name = mysqli_real_escape_string($conn, $_POST['name']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$subject = mysqli_real_escape_string($conn, $_POST['subject']);
$message = mysqli_real_escape_string($conn, $_POST['message']);
$result = mysqli_query($conn, "INSERT INTO contact (user, email, subject, message) VALUES ('$name', '$email', '$subject', '$message')");
echo "INSERT INTO contact (user, email, subject, message) VALUES ('$name', '$email', '$subject', '$message')";//die;
if ($result) {
$message="successfully sent the query!!";
}
else
{$message="try again!!";}
}
?>
<form action="index.php" method="post" class="form-horizontal">
<div class="form-group">
<label for="name" class ="col-lg-2 control-label" > Name</label>
<div class="col-lg-7">
<input type="text" class="form-control" name ="name" id ="name" placeholder="Enter your Name" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="email" class ="col-lg-2 control-label" > Email</label>
<div class="col-lg-7">
<input type="text" class="form-control" id ="email" name="email" placeholder="Enter your email address" required>
</div>
</div>
</div> <div class="col-lg-1">
</div>
<div class="form-horizontal" >
<div class="form-group">
<label for="subject" class ="col-lg-2 control-label" > Subject</label>
<div class="col-lg-7">
<input type="text" name="subject" class="form-control" id ="subject" placeholder="Your Subject" required>
</div>
</div>
</div>
<div class="col-lg-1">
</div>
<div class="form-horizontal">
<div class="form-group">
<label for="message" class ="col-lg-2 control-label" > Message</label>
<div class="col-lg-7">
<textarea name="message" class="form-control" id ="message" cols="20" rows="3" placeholder="Your Message"></textarea>
</div>
</div> <!-- end form -->
<div class="col-lg-1">
</div>
<div class="form-group">
<div class="col-lg-7 col-lg-offset-2">
<button type="submit" class="btn btn-primary" name="submit">Submit</button>
</div>
</div>
</form>