Wamp database doesn't update all fields - php

I am inserting data in my WAMP database from user input:
PHP
<?php
$con=mysqli_connect("127.0.0.1","beni","2155","visitbulgaria");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$forename = mysqli_real_escape_string($con,$_POST['Forename']);
$surname = mysqli_real_escape_string($con,$_POST['Surname']);
$email = mysqli_real_escape_string($con,$_POST['Email']);
$username = mysqli_real_escape_string ($con,$_POST['Username']);
$password = mysqli_real_escape_string ($con,$_POST['Password']);
$sql="INSERT INTO `customer`(`Forename`, `Surname`, `Email`, `Username`, `Password`)
VALUES ('$forename', '$surname', '$email', '$username', '$password')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
HTML
<html>
<body>
<form action="insert.php" method="post">
Firstname: <input type="text" name="Forename">
Lastname: <input type="text" name="Surname">
Email: <input type="text" name="Email">
username: <input type="text" name="Username">
pass: <input type="text" name="Password">
<input type="submit">
</form>
</body>
</html>
whah happens here is that on submit it does work but when I look at the database in phpMyAdmin it has only added the first three record (forename, surname and email and then the username and password field are left blank, and I have no idea how to fix that and why it is doing it.

Related

Querying data into phpmyadmin database table

I am trying to input the information from the form html into mysql table. I keep getting an error code but I do not understand it and I tried to research for solution but i came up short.
I put security because protecting my login information.
Please help me?
Here is the html:
<!DOCTYPE HTML>
<html>
<head>
<title> form</title>
<style type="text/css/css">
h2{
text-align: center;
margin-top: 2cm;
}
</style>
</head>
<body>
<form action='formDB2.php' method='POST'>
<p> Your Last Name: <input type="text" name="lastname" id="lastname" value="" size="30" /></p>
<p> Your First Name: <input type="text" name="firstname" id="firstname" value="" size="30" /></p>
<p>Age: <input name="age" type="text " id="age "/> </p>
<p>gender: <select name="sex" id="gender">
<option> Male </option>
<option>Female </option>
</select> </p>
<hr />
<p><input type="reset" value="REST"/><input type="submit" name="Submit" value="Submit" /></p>
</form>
</body>
</html>
Here the mysql/php code:
<?php
$link = mysqli_connect("localhost","*security*","*security*","*security*");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$lastname = mysqli_real_escape_string($link, $_POST['lastname']);
$firstname = mysqli_real_escape_string($link, $_POST['firstname']);
$age = mysqli_real_escape_string($link, $_POST['age']);
$gender = mysqli_real_escape_string($link, $_POST['sex']);
$sql = "INSERT INTO trainer(trainer_id, lastname, firstname, age, gender) VALUES (0,'$firstname', '$lastname', '$age' , '$gender')";
if(mysqli_query($link,$sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
Here is the output:
Here the account I want it to display:

trainer_id is your primary key, so it must be unique. You are always setting to 0 on your code:
$sql = "INSERT INTO trainer(trainer_id, lastname, firstname, age, gender) VALUES (0,'$firstname', '$lastname', '$age' , '$gender')";
You should set the field with auto increment http://dev.mysql.com/doc/refman/5.7/en/example-auto-increment.html and don't pass anything on your code:
$sql = "INSERT INTO trainer(lastname, firstname, age, gender) VALUES ('$firstname', '$lastname', '$age' , '$gender')";

Added database rows are empty mysql/php

I want to write from my form to my database. I'm confused because this resembles the scripts from tutorials and there it works.
Form (w3schools example) extract:
<form action="insert.php" method="post">
Firstname: <input type="text" name="firstname">
Lastname: <input type="text" name="lastname">
Age: <input type="text" name="age">
<input type="submit">
</form>
php:
<?php
$con=mysqli_connect("localhost","XXX","AAA","databasename");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$firstname = mysqli_real_escape_string($_POST['firstname']);
$lastname = mysqli_real_escape_string($_POST['lastname']);
$age = mysqli_real_escape_string($_POST['age']);
$sql="INSERT INTO test (firstname, lastname, age)
VALUES ('$firstname', '$lastname', '$age')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
This adds a new row to my database with each submission. The problem: this added row is empty, except for the age column which is always 0, regardless of what I submit.
Where is my mistake?

Refer to php document you must give two values to mysqli_real_escape_string.
try this:
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

Unable to select table.. php & mysql

I created a table & when Submit button is hit after filling the form, those particulars should be inserted into the DB TABLE. But idk what's wrong with the code, it's echoing "Unable to select table".. My code is as follows:
<?php
if ( isset ( $_POST['submit'] ) )
{
mysql_connect("localhost","root","1234");
mysql_select_db("my_db")or die( "Unable to select database</span></p>");
$name1 = $_POST['name1'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$gender = $_POST['gender'];
$place = $_POST['place'];
$college = $_POST['college'];
$result=MYSQL_QUERY("INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')")or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();
echo "<p><span style=\"color: red;\">Thank You;</span></p>";
}
else
{
// close php so we can put in our code
?>
<form id="form1" action="" method="post">
Name:
<input type="text" name="name1" /><br/>
E-mail:
<input type="text" name="email" /><br/>
Password:
<input type="password" name="password" /><br/>
Confirm Password:
<input type="password" name="confirmpassword" /><br/>
Gender:
<input type="radio" name="gender" />
Male
<input type="radio" name="gender" />
Female
<br/>
Location:
<input type="text" name="place" /><br/>
College:
<input type="text" name="college" /><br/>
<input id="submit1" class="submit" type="submit" name="submit" value="Submit"/><br/>
<input type="reset" value="reset" />
</form>
<?php
} //close the else statement
?>

PHP doesn't recognise function with capital letters. Use small-case characters:
mysql_query( "INSERT INTO USERS3 ( id, name1, email,
`password`, confirmpassword, gender, college, place)
VALUES ('NULL', '$name1', '$email',
'$password', '$confirmpassword', '$gender', '$place',
'$college')") or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();

If 'id' is an autoincrement field, you shouldn't be passing any value for it - the database will deal with that.

Everything looks fine.Only problem(s) could be:
The table name might be incorrect.Especially, i suspect your correct table name is users3 instead of USERS3 .
The ideal way to check is:
Add following statement before $result=.....
echo "INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')";
Run/Load the page.
Whatever is printed - copy it.
Go to phpmyadmin and select SQL Tab.Paste what you copied in previous step and run it.
phpmyadmin will display the exact error.

PHP does not work INSERT INTO method

I am trying to insert into customer table in eshop_db
When I run it, it does not have any error, but it did not store in mysql.
What it is problem in my code?
I don't understand really.
Please give some answer. Thanks.
--registerForm.php--
<form action="register.php" method="post">
<p>User ID: <input type="text" name="userId" size="30"/>*</p>
<p>Password: <input type="password" name="password" size="30"/>* </p>
<p>Retype Password: <input type="password" name="repassword" size="30"/>*</p>
<p>First Name: <input type="text" name="firstName" size="30"/>*</p>
<p>Last Name: <input type="text" name="lastName" size="30"/>*</p>
<p>Your Address (*):</p>
<p><textarea name="address" rows="5" cols="30"></textarea></p>
<p>Phone: <input type="text" name="phone" size="20"/>*</p>
<p>E-mail: <input type="text" name="email" size="21"/>*</p>
<p><input type="submit" value="Create Account"/></p>
</form>
--register.php--
<?php
require "sql_connection.php";
if(isset($_POST['submit']))
{
if($_POST["password"]==$_POST["repassword"])
{
mysql_query("insert into customer (userId, password, firstName, lastName, address, phone, email)
values ('$_POST[userId]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[addres]]','$_POST[phone]','$_POST[email]')")
or die(mysql_error());
}
}
?>
--sql_connection.php--
<?php
$db_host = "localhost";
$db_username = "root";
$db_pass = "mypass";
$db_name = "eshop_db";
#mysql_connect("$db_host", "$db_username", "$db_pass", "$db_name") or die("connection is fail.");
#mysql_select_db("$db_name") or die("database does not exsist.");
echo "Successfully connected!!";
?>

Typo, correct this part here:
'$_POST[addres]]' // wrong
'$_POST[address]' // right

Try this:
<?php
require "sql_connection.php";
if(isset($_POST['submit']) && $_POST["password"] == $_POST["repassword"]) {
mysql_query(
'INSERT INTO `customer` (`userId`, `password`, `firstName`, `lastName`, `address`, `phone`, `email`)
VALUES ('.$_POST['userId'].', '.$_POST['password'].', '.$_POST['firstName'].', '.$_POST['lastName'].', '.$_POST['address'].', '.$_POST['phone'].', '.$_POST['email'].')'
) or die(mysql_error());
}
Finally, filter and validate your incoming data.

Well, besides the obviously bad idea to directly use the values in the POST array, your indexes need to be quoted. So, $_POST['address'], etc. Also, array values need to be escaped with curly-braces if you're trying to do string injection.

Trying to write to a MySQL database with a PHP form

I'm trying to do a simple write to database with an HTML form, using PHP.
I've run the SQL query in the database and it works perfectly. However, using the form doesn't work. I'm not sure why. Any help? The user/pass/db name are all correct.
<?php
if(isset($_POST['submit']))
{
$con = mysql_connect("localhost","delives0_ideas","ideas");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("delives0_ideas", $con);
mysql_query("INSERT INTO data (firstName, lastName, email, idea) VALUES ('$_POST['firstName']','$_POST['lastName']', '$_POST['email']', '$_POST['idea']')");
//also email it to us besides writing it into the database
mysql_close($con);
?>
<form method="post">
<strong>First name:</strong> <input type="text" name="firstName"/>
<br/>
<strong>Last name:</strong> <input type="text" name="lastName"/>
<br/>
<strong>Email:</strong> <input type="text" name="email"/> #####Put a javascript checker for valid emails, like name#site.com format
<br/>
<br/>
<strong>Idea:</strong>
<br/>
<textarea rows="10" cols="30" name="idea">
Hit us with your best shot.
</textarea>
<br/>
<input name="submit" type="submit" value="Submit"/>
</form>

You forgot the "action = nameofyourpage.php" inside the form markup. And I would add a "or die (mysql_error())" at the end of your query to check the syntax of the request.

you've got a few errors in your script - please check the following
http://pastie.org/1056569
<?php
if(isset($_POST['submit']))
{
$con = mysql_connect("localhost","delives0_ideas","ideas");
if (!$con){
die('Could not connect: ' . mysql_error());
}
mysql_select_db("delives0_ideas", $con);
$sqlCmd = sprintf("INSERT INTO data (firstName, lastName, email, idea)
VALUES ('%s','%s','%s','%s')",
mysql_real_escape_string($_POST["firstName"]),
mysql_real_escape_string($_POST["lastName"]),
mysql_real_escape_string($_POST["email"]),
mysql_real_escape_string($_POST["idea"]));
mysql_query($sqlCmd);
mysql_close($con);
}
?>
<form method="post">
<strong>First name:</strong> <input type="text" name="firstName"/><br/>
<strong>Last name:</strong> <input type="text" name="lastName"/><br/>
<strong>Email:</strong> <input type="text" name="email"/>
<strong>Idea:</strong><br/>
<textarea rows="10" cols="30" name="idea">Hit us with your best shot.</textarea><br/>
<input name="submit" type="submit" value="Submit"/>
</form>

You already have the answer to your question as to why it was not working, but please check this article about SQL injection attacks before putting this code into production.

you have error
mysql_query("INSERT INTO data (firstName, lastName, email, idea) VALUES
('$_POST['firstName']','$_POST['lastName']', '$_POST['email']', '$_POST['idea']')");
Error = '$_POST['firstName']' you have chatter ' in post field
and you can change
$firstname = $_POST['firstName'];
$lastname = $_POST['lastName'];
$email = $_POST['email'];
$idea = $_POST['idea'];
mysql_query("INSERT INTO data (firstName, lastName, email, idea) VALUES ('{$firstname}','{$lastname}', '{$email}', '{$idea}')");
or with mysql query
mysql_query("INSERT INTO data SET firstName='{$firstname}', lastName='{$lastname}',
email='{$email}', idea='{$idea}'");

Categories