Ive been having difficulties trying to load form data into my database.
Im trying to input theatre info using the following php script.
<?php
require('connect.php');
if (isset($_POST['theatre_name']) && isset($_POST['website'])){
$theatre_name = $_POST['theatre_name'];
$phone_number = $_POST['phone_number'];
$website = $_POST['website'];
$num_screens = $_POST['num_screens'];
$address = $_POST['address'];
$city = $_POST['city'];
$queryd = "INSERT INTO `Theatres` (theatre_name, phone_number, website,
num_screens, address, city)
VALUES ('$theatre_name', '$phone_number', '$website', '$num_screens',
'$address', '$city')";
$result = mysql_query($queryd);
if($result){
$msg = "Theatre created.";
}
}
?>
The following is my html code:
<!DOCTYPE html>
<html>
<body>
<!-- Form for creating theaters -->
<div class="register-form">
<?php
if(isset($msg) & !empty($msg)){
echo $msg;
}
?>
<form action="theatredb.php" method="POST">
<p><label>Theater Name : </label>
<input type = "text" name= "theatre_name" placeholder= "Theater Name" /></p>
<p><label>Phone Number : </label>
<input type = "text" name= "phone_number" placeholder="Phone Number" /></p>
<p><label>Website : </label>
<input type="text" name= "website" placeholder ="Website" /></p>
<p><label> Number of Screens : </label>
<input type= "text" name="num_screens" placeholder ="Number of screens" /></p>
<p><label>Address : </label>
<input type="text" name="address" placeholder="Address" /></p>
<p><label>City : </label>
<input type="text" name="city" required placeholder="City Name" /></p>
<input class="btn register" type="submit" name="submit" value="done" />
</form>
</div>
</body>
</html>
I was wondering if anyone could give me some guidance with regards to what I'm doing wrong. Ive been stuck with this problem for hours and don't know what I'm doing wrong.
EDIT: I dont get an error per say, but the data does not get uploaded into the database. For some reason my query isnt working.
try this
<?php
require('connect.php');
if (isset($_POST['theatre_name']) && isset($_POST['website'])){
$theatre_name = $_POST['theatre_name'];
$phone_number = $_POST['phone_number'];
$website = $_POST['website'];
$num_screens = $_POST['num_screens'];
$address = $_POST['address'];
$city = $_POST['city'];
//**change code to below**
$queryd = "INSERT INTO `Theatres` (theatre_name, phone_number, website, num_screens, address, city) VALUES ('{$theatre_name}', '{$phone_number}', '{$website}', '{$num_screens}', '{$address}', '{$city}')";
$result = mysql_query($queryd);
if($result){
$msg = "Theatre created.";
}
}
?>
link single quoted
Note: Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.
I once had the same issue. Your query variable should look like this:
$queryd = "INSERT INTO `Theatres` (theatre_name, phone_number, website,
num_screens, address, city)
VALUES ('".$theatre_name."', '".$phone_number."', '".$website."',
'".$num_screens."', '".$address."', '".$city."')";
Explanation: In your original query, you would have just inserted literally $theatre_name, not the variables value. In order to get around this, you have to close the string, with ", concatenate the variable to the preceding string, with . , and then re open the string.
Also, I don't know what version of PHP you are using, but you should be using mysqli_query(). mysql_query() is depreciated as of PHP v5.5. PHP manual entry.
Related
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
How to construct an SQL query correctly in a PHP script? [duplicate]
Closed 5 years ago.
The expect result is for the data that is submitted through a HTML form, and then the form action is this code below. Proccessing the code below I was expecting it to insert the data from the form into a SQL table called customers. However the data is not being inserted and there is no errors showing on the page.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$uName = $_POST['uname'];
$password = sha1($_POST['upassword']);
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$dob = $_POST['dob'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$postcode = $_POST['postcode'];
echo $uName;
echo $password;
include("dbconn.php");
$sql = "INSERT INTO customers (username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES ('$uName', '$password', '$fname', '$lname', '$dob', '$address1', '$address2', '$postcode')";
mysqli_query($conn, $sql);
mysqli_close($conn);
?>
This is the form in which the data is from:
<div id = "reg_form">
<form name="register" action="register_customer.php" method="post">
<p id = "form_text"> Username: </p> <input name="uname" type="text" placeholder="Please enter a user name">
<p id = "form_text"> Password: </p> <input name="upassword" type="password" placeholder="Please enter a password"><br>
<p id = "form_text"> First Name: </p> <input name="fname" type="text" placeholder="Please enter your first name"><br>
<p id = "form_text"> Last Name: </p> <input name="lname" type="text" placeholder="Please enter your last name"><br>
<p id = "form_text"> Date of Birth: </p> <input name="dob" type="text" placeholder="Please enter your date of birth"><br>
<p id = "form_text"> Address 1: </p> <input name="address1" type="text" placeholder="Please enter first line of address"><br>
<p id = "form_text"> Address 2: </p> <input name="address2" type="text" placeholder="Please enter second line of address"><br>
<p id = "form_text"> Postcode: </p> <input name="postcode" type="text" placeholder="Please enter your postcode"><br>
<input name="submit" type="submit">
</form>
</div>
This is the dbconn.php:
<?php
$config = parse_ini_file('config.ini');
$conn = mysqli_connect('localhost',$config['username'],
$config['password'],$config['dbname']);
echo "Connected to the database";
?>
you have to use MySqli Prepared Statements for Inserting the query to make it more secure like below:
// prepare and bind Customers Query
$queryCustomers = $conn->prepare("INSERT INTO customers(username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$queryCustomers->bind_param("ssssssss",$uName,$password,$fname,$lname,$dob,$address1,$address2,$postcode);
// execute Customers Query
$queryCustomers->execute();
// Close Connections
$queryCustomers->close();
To learn more, follow http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
I am trying to input data into a database.
i have used echo to see if the database is being read, it is and the database echo's as entered, it just does not insert into the database. This is the same code i used for the registration page, apart from a new amendments, and my reg page works perfectly so i am a little confused to why it is not working.
HTML
<!-- <div id="first">-->
<input type="text" id="fname" name="fname" value="" required>
<input type="text" id="lname" name="lname" value="" required>
<input type="text" id="email" name="email" value="" required>
<input type="number" id="phone" name="phone" value="" required>
<input type="submit" name="Update" value="Update">
<br>
PHP
<?php
session_start();
require('../mysql.inc.php');
?>
<?php
if (isset($_POST['Update'])) {
echo $c_fname = $_POST['fname'];
echo $c_lname = $_POST['lname'];
echo $c_email = $_POST['email'];
echo $c_phone = $_POST['phone'];
$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,CUS_Phone,Cus_Email) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
mysqli_stmt_bind_param($stmt, 'sssi', $c_fname, $c_lname, $c_email, $c_phone);
if ($insert_det) {
echo " Saved";
}
} else {
echo "<b> Error </b>";
}
?>
Any suggestions
The call to mysqli_stmt_execute() is missing, thus your statement will never be executed.
Try changing your insert query to
$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,Cus_Email,CUS_Phone) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
As you are mixing them up when declaring them on the placeholders and are casting email as a integer but trying to insert the phone number as the email and vice versa
I am creating my first Wordpress plugin and have been stumped for a couple of days. So far I am trying to just get my plugin to save data to the MySQL database on my localhost. When I enter info into the form it creates a new row, which auto increments, but does not pass any of the info that I have entered into the database.
I understand that I have to clean up a lot of this code before I use it but I am just starting and stumped on this particular issue.
Here is the relevant code;
dvi_customer_info.php file
<?php
require('database.php');
require('customer_info_functions.php');
if ($action == 'add_customer') {
$rep = $_POST['rep'];
$business = $_POST['business'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$name = $_POST['name'];
$email = $_POST['email'];
}
add_customer($rep, $business, $address, $phone, $name, $email);
include('dvi_customer_info_sheet.php');
customer_info_functions.php file
<?php
function add_customer($rep, $business, $address, $phone, $name, $email) {
global $db;
$query = "INSERT INTO customers
(repName, customerBusiness, customerAddress, customerPhone, customerName, customerEmail)
VALUES
('$rep', '$business', '$address', '$phone', '$name', '$email')";
$db->exec($query);
}
?>
dvi_customer_info_sheet.php file
<body>
<h1>Customer Info Sheet</h1>
<form action="dvi_customer_info.php" method="post" id="customer_info_sheet_form">
<input type="hidden" name="action" value="add_customer" />
<label>Name of Rep:</label>
<input type="input" name="rep" />
<br />
<label>Name of Business:</label>
<input type="input" name="business" />
<br />
<label>Address:</label>
<input type="input" name="address" />
<br />
<label>Phone #:</label>
<input type="input" name="phone" />
<br />
<label>Name of Decision Maker:</label>
<input type="input" name="name" />
<br />
<label>Email:</label>
<input type="input" name="email" />
<br />
<label> </label>
<input type="submit" value="Add Customer" />
<br /> <br />
</form>
</body>
"INSERT INTO customers
(repName, customerBusiness, customerAddress, customerPhone, customerName, customerEmail)
VALUES
(\"$rep\", $business,...)
(Use double quotes "$rep" or don't use any quotes $business ( use this option) as anything within single quotes is taken as it is i.e a string constant and hence the variable inside that didn't get substituted by it's value
Try This
$query = "INSERT INTO customers
(repName, customerBusiness, customerAddress, customerPhone, customerName, customerEmail)
VALUES
('".$rep."', '".$business."', '".$address."', '".$phone."', '".$name."', '".$email."')";
And Also
I am not clear About your if condition if($action =='add_customer' ) instead of that try
if(isset($_POST['add_customer']))
What is $action?
you can use wordpress default action to insert record in to database like this below code it's sure to insert your record in mysql database.
You have no need to use function to just insert record in database just put this code in dvi_customer_info.php file
<?php
require('database.php');
require('customer_info_functions.php');
global $wpdb;
if ($action == 'add_customer') {
$rep = $_POST['rep'];
$business = $_POST['business'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$name = $_POST['name'];
$email = $_POST['email'];
$your_table_name_here = $wpdb->prefix . 'yourdatanase_table';
$data = array(
'repName' => $rep,
'customerBusiness' => $business,
'customerAddress' => $address,
'customerPhone' => $phone,
'customerName' => $name,
'customerEmail' => $email
);
$idsa = $wpdb->insert($your_table_name_here, $data);
if ($idsa) {
echo '<p class="alert-box success tfamsg">Franchise Setting Inserted.</p>';
}
}
include('dvi_customer_info_sheet.php');
?>
Now it will insert record in database you had also change your database table $your_table_name_here.
Thanks
I am using the following form
<section id="formSection">
<form id="dataForm" action="addUser.php" method="post">
<div>
<h2>Add Product:</h2>
<lable>First Name:</lable>
<input class="inputForm" id="inputFirstName" type="text" name="firstname">
</div>
<div>
<lable>Last Name:</lable>
<input class="inputForm" id="inputLastName" type="text" name="lastname">
</div>
<div>
<lable>Address: </lable>
<input class="inputForm" id="inputAdress" type="text" name="address">
</div>
<div>
<lable>Post Code:</lable>
<input class="inputForm" id="inputPostcode" type="text" name="postcode">
</div>
<div>
<lable>Delievery Type:</lable>
<input class="inputForm" id="inputDelievery" type="text" name="delievery">
</div>
<input type="submit">
</form>
</section>
and the following php code to add entries from the form to the database.
$FirstName = $_POST[firstname];
$LastName = $_POST[lastname];
$address = $_POST[address];
$postcode = $_POST[postcode];
$delivery = $_POST[delievery];
$sql = "INSERT INTO USERS (FIRSTNAME, SECONDNAME, ADDRESS, POSTCODE, DELIVERY_TYPE)
VALUES ('$FirstName', '$LastName', '$address', '$postcode', '$delivery')";
$conn->exec($sql);
However it is not working, and having stared at the screen for the last 2 hours trying to fix it.
All your POST arrays are missing quotes:
$FirstName = $_POST[firstname];
should read as
$FirstName = $_POST['firstname'];
and do the same for the rest.
Plus, since you seem to be using PDO, use prepared statements instead.
You're open to SQL injection.
http://php.net/pdo.prepared-statements
Error reporting would have spotted the parse errors.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
I also suggest you check if any fields are left empty, by using a conditional empty() for your form elements.
Otherwise, you may get a notice from MySQL, depending on how your table is setup.
I.e.:
if(!empty($_POST['firstname'])){
$FirstName = $_POST['firstname'];
}
For all:
if(
!empty($_POST['firstname']) &&
!empty($_POST['lastname']) &&
!empty($_POST['address']) &&
!empty($_POST['postcode']) &&
!empty($_POST['delievery'])
)
{
$FirstName = $_POST['firstname'];
$LastName = $_POST['lastname'];
$address = $_POST['address'];
$postcode = $_POST['postcode'];
$delivery = $_POST['delievery'];
}
http://php.net/manual/en/function.empty.php
I'm trying to do a simple HTML form that sends data to DB:
Form:
<form action="processor.php" method="post">
<div class="field-box">
<label>Name:</label>
<input type="text" name="name" />
</div>
<div class="field-box">
<label>Age:</label>
<input type="text" />
</div>
<div class="field-box">
<label>Phone Number:</label>
<input type="text" name="email" />
</div>
<div class="field-box">
<label>Email:</label>
<input type="text" name="username"/>
<input type="submit">
</form>
And the SQL to send the data on processor.php:
//Connecting to sql db.
$connect = mysqli_connect("XXXXXXX","XXXXXXX","XXXXXXX","XXXXXX");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO users (name, age, phone, email) VALUES ('$_POST['name']','$_POST['age']', '$_POST['phone']', '$_POST['email']')";
mysqli_close($connect);
I don't get error messages it just takes me to a blank page and no records are inserted into database.
The input for age lacks a name .
<div class="field-box">
<label>Age:</label>
<input type="text" name="age" />
</div>
And also do not insert directly a $_POST data. It would be best if you use mysqli_real_escape_string for added security. Your insert query as well lacks a closing parenthesis
//Connecting to sql db.
$connect = mysqli_connect("XXXXXXX","XXXXXXX","XXXXXXX","XXXXXX");
//Sending form data to sql db.
$name = mysqli_real_escape_string($connect, $_POST['name']);
$age = mysqli_real_escape_string($connect, $_POST['age']);
$phone = mysqli_real_escape_string($connect, $_POST['phone']);
$email = mysqli_real_escape_string($connect, $_POST['email']);
mysqli_query($connect,"INSERT INTO users (name, age, phone, email) VALUES ('$name', '$age', '$phone', '$email')");
There seems a problem with your query: A modified one looks like
mysqli_query($connect,"INSERT INTO users (name, age, phone, email)
VALUES ('".$_POST['name']."','".$_POST['age']."', '".$_POST['phone']."', '".$_POST['email']."')";
Directly inserting values without validations is not a good practice.
Use mysqli_real_escape_string before your entries towards database