I've been trying to learn PHP and have been given a simple task to help me.
I'm trying to get a user to complete a form which has their email address in it, then save it to a database.
Here's my code so far:
<html>
<body>
<form action="postemail.php" method="post"> Email Address: <input type="text" name="emailaddress" /> <input type="submit" />
</form>
</body>
</html>
<?php
$connection = mysql_connect("localhost","edwardHost","password");
if (!$connection) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_database", $connection);
$sql="INSERT INTO Subscribers (EmailAddress) VALUES ('$_POST[emailaddress]')";
if (!mysql_query($sql,$connection)) {
die('Error: ' . mysql_error());
}
mysql_close($connection);
?>
Thanks in advance!
Change your query to this
One more thing i forget last time you are missing single quete around $_POST[emailaddress]. In your query
$sql="INSERT INTO Subscribers (EmailAddress) VALUES ('".$_POST['emailaddress']."')";
Dont use mysl function as the are deprciated
Learn mysqli_ function or PDO Or both
Check this link for mysql identifier http://dev.mysql.com/doc/refman/5.0/en/identifier-qualifiers.html
Try this example using PDO in your postemail.php
define('DB_TYPE', 'mysql');
define('DB_HOST', '127.0.0.1');
define('DB_NAME', 'dbname');
define('DB_USER', 'root');
define('DB_PASS', 'password');
try {
// create a new instance of a PDO connection
$db = new PDO(DB_TYPE.':host='.DB_HOST.';dbname='.DB_NAME, DB_USER, DB_PASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
// if the connection fails, display an error message
echo 'ERROR: ' . $e->getMessage();
}
if(isset($_POST['emailaddress']) && !empty($_POST['emailaddress'])) {
$emailaddress = $_POST['emailaddress'];
$sql = 'INSERT INTO Subscribers (EmailAddress) VALUES (:emailaddress )';
$stmt = $db->prepare($sql);
$stmt->bindValue('emailaddress ', $emailaddress);
$stmt->execute();
}
After you have totaly filled in the form, it first needs to check if the submit button is clicked, then it has to send it to a database.
You also need to give you submit button a name=""
HTML code:
<html>
<body>
<form action="postemail.php" method="post">
Email Address: <input type="text" name="emailaddress" />
<input type="submit" name="submit" value="add to database" />
</form>
</body>
</html>
PHP code:
<?php
if(isset($_POST['submit'])){
$connection = mysqli_connect("localhost","edwardHost","password","my_database");
if (!$connection) {
die('Could not connect: ' . mysql_error());
}
$email = $_POST['emailaddress'];
$sql = "INSERT INTO Subscribers (EmailAddress) VALUES ('$email')";
if (!mysqli_query($connection,$sql)) {
die('Error: ' . mysql_error());
}
mysql_close($connection);
}
?>
<html> <body>
<form action="postemail.php" method="post">
Email Address: <input type="text" name="emailaddress" />
<input type="submit" />
</form>
</body> </html>
<?php $connection = mysql_connect("localhost","username","password");
if (!$connection) { die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_database", $connection);
$sql="INSERT INTO Subscribers (EmailAddress) VALUES ('$_POST[emailaddress]')";
if (!mysql_query($sql,$connection)) { die('Error: ' . mysql_error()); }
mysql_close($connection);
?>
Related
I'm making a simple registration form for a test website and for some reason it isn't sending the data to the database, and I don't get an visual error. I've searched around for a fix but haven't found any that work.
This is basically my form (I only copied the form part of the page):
<form action="includes/insert.php" method="post">
<h3>Username</h3>
<input type="text" name="username">
<br>
<br>
<h3>Email Address</h3>
<input type="email" name="email">
<br>
<br>
<h3>Password</h3>
<input type="password" name="password">
<br>
<br>
<br>
<input id="submit-btn" type="submit" name="submit" value="Submit">
</form>
As you can see everything is as its suppose to be.
and this is my insert.php
<?
define('DB_NAME', 'logindb');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "INSERT INTO `users` (`id`, `username`, `email`, `password`, `timestamp`) VALUES (NULL, '$username', '$email', '$password', CURRENT_TIMESTAMP)";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
mysql_close();
?>
Opening PHP tag is
<?php
Recent versions of PHP do not enable the short code syntax by default.
Use NOW() instead of CURRENT_TIMESTAMP.
I am new working on a project that has me connecting a database and a webpage and before doing the official database, I wanted to test a basic database.
I test to make sure everything is working by using phpMyAdmin. I can tell that I formed SOME kind of connection between my html and php, but that's where the issue is. whenever I press the submit button on my site, instead of getting a message telling me that everything works, I instead get a white page with all of my php code. I have tried making sure all my syntax is correct and all the variables are labeled correctly, but nothing is going through.
<!DOCTYPE php>
<?php
define('DB_NAME', 'training');
define('DB_USER', 'root');
define('DB_PASSWORD', '********');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!link){
die('Could not connect: ' .mysql_error);
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!db_selected){
die('Error: ' .mysql_error());
}
$Name = $_POST=['name'];
$Job = $_POST['job'];
$sql = "INSERT INTO employee (name,job) VALUES ('$Name', '$Job')";
if (!mysql_query($sql)){
die('Error: ' .mysql_error());
}
echo 'Success!';
mysql_close();
?>
<!DOCTYPE html>
<html>
<h1 style="text-align:center">Undergrad Sign-up</h1>
<style>
#body {background-color:#001b38;}
</style>
<body id="body" style="color:white;text-align:center" >
<form action="DBconnect.php" method="post" />
Name<br>
<input type="text" name="name" maxlength=20 required/>
<br>
Job<br>
<input type="text" name="job" maxlength=20 required/>
<br>
<button type="submit" value="submit">Submit</button>
</form>
</body>
</html>
I have a HTML form handled by php. The form has various text input fields and one of those asks the user to input a link containing http://.
The problem is when I submit a link like http://www.google.com/ the form fails badly by displaying random content from different php files on my website.
Here's a resume of my code:
<form action="add.php" method="post">
<input type="text" name="link" />
<input type="submit" value="submit" />
<?php
if (isset($_POST['link']))
{
$link = mysql_escape_string($_POST['link']);
mysql_query("INSERT INTO mytable(link) values($link)");
}
?>
Works just fine when not submitting a string that contains http://. Anyone has any idea why this happens?
Sidenote: You will find an mysqli_* based version further down.
Assuming you are connected to your DB, you did not wrap $link in VALUES with quotes.
Change this line:
mysql_query("INSERT INTO mytable(link) values( $link )");
^ ^ <- missing quotes
to:
mysql_query("INSERT INTO mytable(link) values('$link')");
Tested and working with this example: (form is set to self) and using http://www.google.com/ as an input and a few others containing http://
<?php
define('DB_NAME', 'xxx');
define('DB_USER', 'xxx');
define('DB_PASS', 'xxx');
define('DB_HOST', 'xxx');
$dbh = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$dbh)
{
die('Could not connect to database: ' . mysql_error());
}
$db_select = mysql_select_db(DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
if(isset($_POST['submit']) && !empty($_POST['link'])){
$link = mysql_real_escape_string($_POST['link']);
mysql_query("INSERT INTO mytable (link) values('$link')");
if(!mysql_query)
{
die("sorry");
}
else{ echo "Success"; }
mysql_close();
}
?>
<!DOCTYPE html>
<html>
<body>
<title></title>
<h3>Place your Link Below:</h3>
<form action="" method="post">
<input type="text" name="link" />
<input type="submit" name="submit" value="submit" />
</body>
</html>
Footnotes:
Do consider switching to mysqli_* functions with prepared statements or PDO. The mysql_* functions are deprecated and will be removed from future releases.
Here is an mysqli_* based version:
<?php
define('DB_NAME', 'xxx');
define('DB_USER', 'xxx');
define('DB_PASS', 'xxx');
define('DB_HOST', 'xxx');
$dbh = mysqli_connect(DB_HOST, DB_USER, DB_PASS);
if(!$dbh)
{
die('Could not connect to database: ' . mysqli_error());
}
$db_select = mysqli_select_db($dbh,DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysqli_error());
}
if(isset($_POST['submit']) && !empty($_POST['link'])){
$link = mysqli_real_escape_string($dbh,$_POST['link']);
mysqli_query($dbh,"INSERT INTO mytable (link) values('$link')");
if(!mysqli_query)
{
die("sorry");
}
else{ echo "Success"; }
mysqli_close($dbh);
}
?>
<!DOCTYPE html>
<html>
<body>
<title>Home Page</title>
<h3>Please Place your Order Below:</h3>
<form action="" method="post">
<input type="text" name="link" />
<input type="submit" name="submit" value="submit" />
</body>
</html>
it is a error in the VALUES in the php. It says it is a undefined index in every single value. I have tried for a long time now, but i can't figure out what the problem is. is it in my database or inside the code? Please help me :)
<html>
<body>
<h1>A small example page to insert some data in to the MySQL database using PHP</h1>
<form action="insert.php" method="post">
Firstname: <input type="text" name="navn" /><br><br>
Lastname: <input type="text" name="adresse" /><br><br>
<input type="submit" />
</form>
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("forum", $con);
$sql="INSERT INTO bruker (navn, adresse)
VALUES
('$_POST[navn]',
'$_POST[adresse]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
</body>
</html>
your post value will work once submit button is clicked
<form action="" method="post">
<input type="submit" name="submit" />
<?php
if(isset($_POST['submit']))
{
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("forum", $con);
$sql="INSERT INTO bruker (navn, adresse)
VALUES
('$_POST[navn]',
'$_POST[adresse]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
}
?>
you can also hide your warning by using
error_reporting(0);
Try not to use old mysql functions. Switch to mysqli or PDO instead. I've updated the code for BASIC security, but prepared statements give much more security.
Try this:
<?php
$con = mysqli_connect("localhost","root","pw","dbname");
if (mysqli_connect_errno($con))
{
die('Could not connect: ' . mysqli_connect_error());
}
$navn = mysqli_real_escape_string($con,$_POST['navn']);
$adresse = mysqli_real_escape_string($con,$_POST['adresse']);
$sql="INSERT INTO bruker (navn, adresse)
VALUES
('$navn',
'$adresse')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
EDIT: And you're accessing the index of your arrays ($_POST[navn] and $_POST[adresse]) at the wrong way. You have to put the index-names in single quotes like $_POST['navn'].
Also malicious inserts
I've seen this question asked but none of the responses worked for me (or rather I was too stupid to make them work). I think I need personalized help. Every time I refresh my php page it inserts blank data. How do I prevent blank and/or malicious data from being inserted.
This is my code:
<?php
$con = mysql_connect("localhost","user","pass") or die ("Couldn't connect!");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("streams") or die ("Couldn't find db");
$sql="INSERT INTO streams (streamname)
VALUES ('$_POST[streamname]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
<form action="submit.php" method="POST">
Stream Name: <input type="text" name="streamname" id="streamname" /><br />
<input type="submit" name="submit" value="Stream" />
</form>
Wrap it with some defensive logic:
if(!empty($_POST['streamname'])) {
// Your code here
}
Try checking if POST params are set :
<?php
if($_POST) {
$con = mysql_connect("localhost","user","pass") or die ("Couldn't connect!");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("streams") or die ("Couldn't find db");
$sql="INSERT INTO streams (streamname)
VALUES ('$_POST[streamname]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
}
?>
<form action="submit.php" method="POST">
Stream Name: <input type="text" name="streamname" id="streamname" /><br />
<input type="submit" name="submit" value="Stream" />
</form>
You should be escaping the input.
$sql='INSERT INTO streams (streamname)
VALUES ("'.mysql_real_escape_string($_POST[streamname]).'")';