can't input data to mysql with php

can't input data to mysql with php - php

Hi everybody i have a problem with data input from html form throu php to mysql the connection has been done i test it and its working but i cant figure out why data isn't imputed ive double checked the database and its as should be
registration form
<form action="register.php" method="post">
<table>
<tr>
<td>UserName</td>
<td><input type="text" name="username"></td>
<tr>
<td>Password</td>
<td>
<input type="password" name="password">
</td>
<tr>
<td>
First Name
</td>
<td>
<input type="text" name="fname">
</td>
</tr>
<tr>
<td>
Last Name
</td>
<td>
<input type="text" value="" name="lname">
</td>
</tr>
<tr>
<td>
E-Mail
</td>
<td>
<input type="email" name="mail">
</td>
<tr>
<td>
<input type="submit" value="Done!!!">
</td>
</tr>
</table>
database conntection
<?php
$db_adress="localhost";
$db_username="root";
$db_password="******";
$db_name="accounts";
#mysql_connect("$db_adress","$db_username","$db_password") or die ("Could not connect the DATABASE for more infos go kill yourself");
#mysql_select_db("$db_name") or die ("No Database");
?>
data input code
$username = $_POST['username'];
$password = $_POST['password'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$mail = $_POST['mail'];
$insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES (""'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")");
mysql_query($insert);
echo "Done";
I am glad for any help!

For the record, you accepted the wrong answer, syntax-wise.
Table and column names are not to be wrapped in quotes, but either use no quotes or use backticks.
$insert=("INSERT INTO register (Username, Password, FirstName, LastName, email)
VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");
or:
$insert=("INSERT INTO `register` (Username, Password, FirstName, LastName, email) VALUES
('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");
I also recommend you sanitize your inputs:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$mail = mysql_real_escape_string($_POST['mail']);
mysql_* functions are deprecated and will be removed from future PHP releases.
Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
I also noticed that you are storing passwords in plain text. This is not recommended.
Use one of the following:
crypt()
bcrypt()
scrypt()
PBKDF2
PHP 5.5's password_hash() function.

Try this:
I think your syntax of query is wrong. Try given below.
$insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

The problem is the way you are concating. try this-
$insert=('INSERT INTO register(Username, Password, FirstName, LastName, email) VALUES ("'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")');

It's because of Single quotes and double quotes.
Try below code.
$insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

Your insert query is not properly enclosed in quotes. Try this
$insert= "INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')";

Related

PHP - Add form input into database

I'm trying to add revived form input into database.
<form action="index.php" method="post">
<input type="text" name="firstname" id="firstname">
<br>
<input type="text" name="lastname" id="lastname">
<br>
<input type="submit" name="submit" value="Submit">
if(isset($_POST['submit'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$query = "INSERT INTO users (firstname, lastname) VALUES ($firstname, $lastname)";
if($conn->query($query) === true) {
echo "added";
}else {
echo $con->error;
}
Example : Firstname = Jason / Lastname = Haw
After clicking on submit button, i see error message : Unknown column 'Jason' in 'field list'
Where is the wrong thing to do?

$query = "INSERT INTO users (firstname, lastname) VALUES ('$firstname', '$lastname')";
put single quote for $firstname.
but this is not a proper approach, you should use prepared statement.
your query is risk of sql injection, because no escaping the input.

MySQL insertion through an HTML form using PHP is happening but the data is not searchable

I have created a MySQL database that currently has just one table called "users". Fields are: id, first_name, last_name, username, email, about, location, website. I am inserting the data through an auto submitted HTML form with PHP.
The insertions are happening with no problem, but what it is tripping me up, is that when the insertion is made through the HTML form, the data inside is not searchable. For example if I try to perform a search query to find one user with a matching email or username, the user is not found even though that it does exists in the database. It's only when I search for a user with his ID (which is an auto-increment and inserted automatically by MYSQL) that the search query finds the user. Below is my code. I have striped everything from CSS to verification and security functions, in order to rule out factors that might be causing this.
<?php
if (isset($_POST['submit'])) {
//$user = new User();
$first_name =$_POST["first_name"];
$last_name =$_POST["last_name"];
$email =$_POST["email"];
$username =$_POST["username"];
$connection=mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
$sql = "INSERT INTO users ";
$sql .= "(first_name, last_name, email, username) ";
$sql .= "VALUES ('{$first_name}', '{$last_name}', '{$email}', '{$username}')";
$result = mysqli_query($connection, $sql);
if ($result) {
echo "Insertion succeed";
} else {
echo "Insertion failed";
}
}
?>
<h2>Sign up</h2>
<form action="sign_up2.php" method="post"/>
<ul>
<li>
First_name: <input type="text" name="first_name" value=" "/>
</li>
<li>
Last_name:<input type="text" name="last_name" value=" "/>
</li>
<li>
Email:<input type="text" name="email" value=" "/>
</li>
<li>
Username:<input type="text" name="username" value=" "/>
</li>
<li>
Password:<input type="password" name="password" value=""/>
</li>
<li>
<input type="submit" name="submit" value="Sign in" />
</li>
</ul>
</form>
On the other hand, if the data is inserted to the database straight through the MSQL query script avoiding the HTML table and $_POST super globals, like this...
$connection=mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
$sql = "INSERT INTO users ";
$sql .= "(first_name, last_name, email, username) ";
$sql .= "VALUES ('John', 'Doe', 'John#gmail.com', 'john_d')";
$result = mysqli_query($connection, $sql);
if ($result) {
echo "Insertion succeed";
} else {
echo "Insertion failed";
}
....all of the data inside all the fields can be used to find and match any existing user: email, username, first_name, etc, not just exclusively with the ‘ID’ field as I mentioned before that happen when the insertion is made through the HTML form.
I am using WAMP server 2.4, MySQL version is 5.6.12 and PHP version is 5.4.12
I hope I was clear with my description of the problem and mostly I hope that you can help me to figure out why is this happening.
Many thanks in advance!
Arturo.

Taking some wild guesses but...
Here's your problem
value=" "
That sets up your input fields with a single space character. When you click into those fields, you probably don't notice the space character either before or after your cursor. I'd say there's a good chance all your field values end up with a leading or trailing space.
First thing I'd do is set the value attributes to empty, ie
<input type="text" name="first_name" value="">
You can also trim() the values in your PHP code...
$first_name = trim($_POST["first_name"]);
and finally, your INSERT statement (and probably all of your other queries) are vulnerable to SQL injection. I highly recommend using prepared statements, eg
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connection = new mysqli(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
$stmt = $connection->prepare('
INSERT INTO users (first_name, last_name, email, username)
VALUES (?, ?, ?, ?)
');
$stmt->bind_param('ssss', $first_name, $last_name, $email, $username);
$stmt->execute();
echo "Insertion succeed";
// any problems will trigger an exception so handle that however you want

php only writing some values into database

I am having an issue with my php not writing the values it is getting from my ajax script into my MySQL database. I know that the php script is getting the values because they are being echoed in my browser. but when i check my database, only two out of the five values are being inputted. I am sure this isn't a nuance, but I can't seem to crack this.
==============EDIT=============
The values that aren't being written are first name, last name, and job. ($fname, $lname, and $job respectively)
==============EDIT=============
PHP
<?php
//db connecting variables
$hostname = "foobase";
$username = "foobase";
$dbname = "contactformbase";
$password = "password";
$con = new mysqli($hostname, $username, $password, $dbname);
$tbl_name = "client_base";
//Connecting to your database
if ($con->connect_error) {
die('Connect error (' . mysqli_connect_errno() . ')' . mysqli_connect_errno());
}
echo 'success!...' . $con->host_info . "\n";
print_r($_POST);
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$address = $_POST['address'];
$job = $_POST['job'];
$message = $_POST['message'];
//adding values into the database.
$sql="INSERT INTO $tbl_name (First Name, Last Name, Email, Address, Job)VALUES('POST_['first_name']', '$lname', '$address', '$email')";
$result = mysqli_query($con, $sql);
if($result){
echo "success";
}
else {
echo "error";
}
Javascript
<script type="text/javascript">
$("#submit").click(function(e) {
e.preventDefault();
var data_string = $("form#contact").serializeArray();
alert(data_string);
$.ajax({
type: "POST",
url: "database.php",
data: data_string,
success: function(){
alert(data_string);
}
});
return false;
</script>
HTML
<form action="" method="POST" id="contact">
<table>
<tbody>
<tr>
<td><h2>First Name: </h2></td>
<td><h2>Last Name: </td>
<td><h2>Email Address: </td>
</tr>
<tr>
<td><input type="text" name="first_name" placeholder="Johnny"></td>
<td><input type="text" name="last_name" placeholder="Appleseed"></td>
<td><input type="text" name="email" placeholder="johnny#email.com"></td>
</tr>
<tr>
<td><h2>Street Address:</h2></td>
<td><h2>What's Dirty?</h2></td>
</tr>
<tr>
<td><input type="text" name="address" placeholder="123 Applegrove Rd. Appletown, VA 12345"></td>
<td>
<select name="job" form="contact">
<option value="house">House</option>
<option value="roof">Roof</option>
<option value="garage-shed">Garage/shed</option>
<option value="other">Other</option>
</select>
</td>
</tr>
<tr>
<td><h2>Message: </h2></td>
</tr>
</tbody>
</table>
<textarea name="message">
</form>

You have the wrong field names in your PHP.
Change...
$fname = $_POST['fname'];
$lname = $_POST['lname'];
to
$fname = $_POST['first_name'];
$lname = $_POST['last_name'];
Also check the insert statement. It has wrong values against the fields - Address for Email, Eamil for Address.

$sql="INSERT INTO". $tbl_name ."(First Name, Last Name, Email, Address, Job) VALUES('". $_POST['first_name'] ."', '". $_POST['last_name'] ."', '". $_POST['adress'] ."', '". $_POST['email'] ."')";

You are using strange variables POST_['first_name'].
Try this query:
(Note: you have to use the quotes (' ') for the fields because you have a space in field names or use PDO to prepare and execute query.)
$sql="INSERT INTO $tbl_name (First Name, Last Name, Email, Address, Job)
VALUES('$fname', '$lname', '$address', '$email')";
Other issue is the POST array, you send first_name instead of fname and last_name instead of lname:
<tr>
<td><input type="text" name="first_name" placeholder="Johnny"></td>
<td><input type="text" name="last_name" placeholder="Appleseed"></td>
<td><input type="text" name="email" placeholder="johnny#email.com"></td>
</tr>
This will return:
$_POST = array(
"first_name" => "Johnny",
"last_name" => "Appleseed",
"email" => "johnny#email.com"
);
As you see you don't have $_POST['fname'] and $_POST['lname']
so you have to change:
$fname = $_POST['first_name'];
$lname = $_POST['last_name'];
About job, you just didn't add it in INSERT statement:
$sql="INSERT INTO $tbl_name (First Name, Last Name, Email, Address, Job)
VALUES('$fname', '$lname', '$address', '$email', '$job')";

Is this the correct way to insert data into database with PHP?

I'm trying to insert user input into a database with the following code.
mysql_query("INSERT INTO 'users' ('Email', 'Username', 'Password') VALUES ($email, $username, $password)");
There are no errors, but the database never seems to get the code inserted. Am I doing something wrong?
Here is my entire code, HTML and all
<?php
DEFINE ('SERVER', 'localhost');
DEFINE ('PASSWORD', '');
DEFINE ('USER', 'root');
$email = $_POST['email'];
$username = $_POST['username'];
$password = SHA1($_POST['pass']);
if(isset('submitted')
{
if($email && $username && $password)
{
$to = 'email#example.com'
$subject = 'subject'
$body = 'there was an error connecting to the db, please check it.'
$dbconnect = #mysql_connect(SERVER, USER, PASSWORD) or die("NO WORK!");
$query = "USE practice"
mysql_query($query);
mysql_query("INSERT INTO users (Email, Username, Password)
VALUES ('$email', '$username', '$password')") or die(mysql_erorr());
}
}
?>
<html>
<form action = "" method = "post">
<label>Email Address</label>
<input type="text" name="email" /> <br />
<label>Desired Username</label>
<input type="text" name="username" /> <br />
<label>Password</label>
<input type="password" name="pass" /> <br />
<input type="submit" value="Register" />
<input type="hidden" name="submitted" value=1 />
</form>
</html>

Probably you should also enclose the values in apostrophes, and probably also you shall not use apostrophes for table and field names, but rather backticks ` or nothing in your case!
mysql_query("INSERT INTO users (Email, Username, Password)
VALUES ('$email', '$username', '$password')")
But also be sure to properly escape the values of these variables! Not only because of SQL injection but mostly just to assure the proper SQL syntax. Imagine user with the name O'Brian - he would have resulted in SQL error.

You may be getting some errors but not displaying probably due to following line the spell error with mysql_error as mysql_erorr
mysql_query("INSERT INTO users (Email, Username, Password)
VALUES ('$email', '$username', '$password')") or die(mysql_erorr());
Just try to fix that and see if you get some database errors so that it will be easy to trace out and fix it.

Also when declaring namespaces in the mySQL database. You should put backticks ` like this.
So
mysql_query("INSERT INTO users (`Email`, `Username`, `Password`)
VALUES ('$email', '$username', '$password')") or die(mysql_erorr());
Otherwise, your code looks solid.

PHP/MySql - putting data to table

I'm learning to put values into my db from php.
this is my simple form i wrote to test (its in a table)
<form action="connect2db.php" method="post">
<table width="500" border="0">
<tr>
<td width="200">first name:</td>
<td><input type="text" width="258" name="fname" id="fname"/></td>
</tr>
<tr>
<td width="200">last name:</td>
<td><input type="text" width="258" name="lname" id="lname"/></td>
</tr>
<tr>
<td>
your email address:
</td>
<td>
<input type="text" width="258" name="email" id="email"/>
</td>
</tr>
<tr>
<td width="200">Your message:</td>
<td><textarea rows="5" cols="45" name="mssg" id="mssg" ></textarea></td>
</tr>
<tr>
<td><input type="submit"></td>
</tr>
</table>
</form>
everything works as far as page 1 sending the values to page 2, and echoing them out. but
when its time to insert them into the db table. its not working.
this is the php code:
when i do a SELECT * FROM myTableNameHere, it says "empty set", when i enter the values manually via terminal to test, i get the values fine.
here is my simple code:
<?php
$connection = mysql_connect("127.0.0.1","root","passhere");
if(!$connection) {
die("database connection failed you fool!: FIX IT!" . mysql_error()); }
$db_select = mysql_select_db("storeemail",$connection);
if(!$db_select){
die("database selection failed." . mysql_error()); }
else{ echo "connection made ";
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
$to = 'email#gmail.com';
$subject = 'test from my email php script';
$email = $_POST['email'];
$name = $_POST['fname'];
$lastname = $_POST['lname'];
$mssg = $_POST['mssg'];
$insertData = mysql_query("INSERT into myusers(firstname, lastname)
VALUES ('$name', '$lastname', '$email', '$mssg');");
mysql_close($connection)
?><br/>
your first name is - <?php echo $name; ?><br/>
your last name is - <?php echo $lastname ; ?><br/>
your message to send is - <?php echo $mssg; ?> <br/>
</body>
</html>

$insertData = mysql_query("INSERT into myusers(firstname, lastname)
VALUES ('$name', '$lastname', '$email', '$mssg');");
above you have specified 2 columns and giving values for four variables

myusers(firstname, lastname) gets interpreted as function. Separate myusers from paranthesis.
myusers (firstname, lastname) You also need to specify two more columns since you insert four values. And omit the trailing semi-colon withing the query string.
$insertData = mysql_query("INSERT into myusers (firstname, lastname, email, mssg) VALUES ('$name', '$lastname', '$email', '$mssg')");
Your code is also vulnerable to SQL Injections. Put you $_POST call within a mysql_real_escape_string() function call.
$email = mysql_real_escape_string($_POST['email']);

for what i can see, you are only specifying 2 columns for the insert (firstname, lastname) and 4 values (name, lastname, email, msg), so the column count does not match (either insert 2 or 4 values, and specify all of them accordingly).
after the insert, issue a mysql_error($connection) to see any errors that may arise with your queries

Here is a good article on this matter to prevent further similar questions. It covers all basic operations with MySQL tables with PHP. Isn't it's easier to ask such questions on Google first?

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

can't input data to mysql with php - php

Try this: I think your syntax of query is wrong. Try given below. $insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

The problem is the way you are concating. try this- $insert=('INSERT INTO register(Username, Password, FirstName, LastName, email) VALUES ("'.$username.'", "'.$password '", "'.$fname.'", "'.$lname.'" ,"'.$mail.'")');

It's because of Single quotes and double quotes. Try below code. $insert=("INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')");

Your insert query is not properly enclosed in quotes. Try this $insert= "INSERT INTO 'register'(Username, Password, FirstName, LastName, email) VALUES ('".$username."', '".$password "', '".$fname."', '".$lname."' ,'".$mail."')";

Related

PHP - Add form input into database

MySQL insertion through an HTML form using PHP is happening but the data is not searchable

php only writing some values into database

Is this the correct way to insert data into database with PHP?

PHP/MySql - putting data to table

Categories

Resources