I've been searching around for like 15 minutes and could not find anything that would fix this. Sorry if I just used wrong keywords or something it has been answered. Also to state this is not something that needs to be extremely secure, as anybody can view this.
So my PHP Post will not insert into MySQL Database.
Form:
<form method="post" action="./thankyou.php">
<h2>Please sign in</h2>
<input type="user"name="user" placeholder="Username">
<input type="textarea" class="" name="feedback" placeholder="Feedback for us."><br />
<button class="" type="submit" name="submitted">Submit Feedback</button>
</form>
Thank you: (Yes I replaced xxx with info)
<?php
$conn = mysql_connect('xxx', 'xxxx', 'xxxx');
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("xxx") or die(mysql_error());
$user = $_POST['user'];
$fdb = $_POST['feedback'];
$insert = "INSERT INTO contact WHERE (user, feedback) VALUES ('".$user."', '".$fdb."')";
mysql_query($insert);
if(!$insert)
{
die('Could not enter data: ' . mysql_error());
}
echo $insert;
?>
Echo outputs correctly:
INSERT INTO contact WHERE (user, feedback) VALUES ('thisisauser', 'thisisfeedback')
I'm not sure what to do.
An insert does not, by definition, have a where clause.
Change your query as follows:
INSERT INTO contact (user, feedback) VALUES ('thisisauser', 'thisisfeedback')
OR, you can use this structure:
INSERT INTO contact SET user = 'thisisauser' , feedback = 'thisisfeedback'
Finally, this is bad for security. Use a different database API
You dont need to provide WHERE in insert its not correct
it should be
$insert = "INSERT INTO contact (user, feedback) VALUES ('".$user."', '".$fdb."')";
You had as
$insert = "INSERT INTO contact WHERE (user, feedback) VALUES ('".$user."', '".$fdb."')";
^.........here is the issue
The main issues are the SQL query and the way of you check the correct execution of the query
<?php
$conn = mysql_connect('xxx', 'xxxx', 'xxxx');
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("xxx") or die(mysql_error());
$user = $_POST['user'];
$fdb = $_POST['feedback'];
$insert = "INSERT INTO contact (user, feedback) VALUES ('".$user."', '".$fdb."')";
$retval = mysql_query($insert, $conn);
if(!$retval) { //<---- You must check the result of the execution
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
Related
I'm tryin to add users to my MYSQL database with PHP, somehow it is not working. Check my script below. What am i doing wrong?
<html>
<head>
</head>
<body>
<form action="index2.php" method="post">
Voornaam: <input type="text" name="voornaam"><br />
<input type="submit" name="submit">
</form>
<?php
if (isset($_POST['submit'])) {
$con = mysql_connect("localhost","hakan","hakan");
if (!$con) {
die ("Can not connect: " . mysql_error());
}
mysql_select_db("projectfys",$con);
$sql = "INSERT INTO gebruikers (voornaam) VALUES ('voornaam')";
mysql_query($sql,$con);
mysql_close($con);
}
?>
</body>
</html>
$con needs to be in first place
E.g.
mysql_select_db($con,'db');
mysql_query($con,$sql);
Change the direction everywhere.
Also, change everything to mysqli, you can find masses of tutorials for mysqli or PDO
This block should look like (with mysqli):
$con = new mysqli("localhost","hakan","hakan","projectfys");
$con -> set_charset ( 'utf8' );
if ($con->connect_errno) {
printf("Connect failed: %s\n", $con->connect_error);
exit();}
mysqli_query($con, "INSERT INTO gebruikers (voornaam) VALUES ('voornaam')");
$con -> close();
EDIT
With your query, you will allways insert the string "voornaam" in your table.
You need to do this before:
$voornaam = $_POST['voornaam'];
$voornaam = mysqli_real_escape_string($con,$voornaam);
Add this after your connection and before the query. In the query, replace the second 'voornaam' with '$voornaam'
mysqli_query($con, "INSERT INTO gebruikers (voornaam) VALUES ('$voornaam')");
I cannot find any syntax errors for the life of me so I don't understand why the data is not being inserted into my database. When I run the script in my browser with text instead of variables and no if statement I get a successful connection but It doesn't insert the data into mysql. Its driving me nuts! Thanks in advance.
PHP:
<?php
// Establish secure connection
$link = mysql_connect('myserver', 'myuser', 'mypass');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_select_db(events_60);
if ($_POST['requester'] == "NewSale") {
$FirstName = $_POST['First_Name'];
$LastName = $_POST['Last_Name'];
$Birthday = $_POST['UserBirthday'];
$PhoneNumber = $_POST['PhoneNo'];
$Email = $_POST['UserEmail'];
mysql_query($link, "INSERT INTO events_60 (LastName, FirstName, Birthday, Phone, email)
VALUES('$LastName', '$FirstName',' $Birthday', '$PhoneNumber', '$Email')")
or die ("SYSTEM FAILURE");
echo 'System Updated';
} // close first if for post
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// close mysql connection
mysql_close();
?>
Assuming all data is posting correctly to the webpage I think the error resides here:
mysql_select_db(events_60);
It should be:
mysql_select_db('events_60', $link);
http://www.php.net/manual/en/function.mysql-select-db.php
First of all select_db query should be
mysql_select_db('events_60',$link);
Then second problem is in mysql_query. It should be like this:
mysql_query("INSERT INTO events_60 (LastName, FirstName, Birthday, Phone, email)
VALUES('$LastName', '$FirstName',' $Birthday', '$PhoneNumber', '$Email')",$link)
or die ("SYSTEM FAILURE");
$link identifier should come after query.
Hope that fixes it. :)
I have been able to manually insert values in my table using phpmyadmin, and even if i end up using the same php code i get from php my admin to call the query it STILL won't add the value to the table. here is the code:
<?php
$link = mysql_connect('localhost', 'username', 'password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_select_db('sc2broating1', $link);
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES (\'hello11\')";
mysql_query($sql);
mysql_close($link);
?>
Don't escape value.
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES ('hello11')";
I would also consider using bound parameters, as seen in mysqli::prepare, if Mysqli is an option.
i have a output page of the following php code..
include('../simple_html_dom.php');
// get DOM from URL or file
$html = file_get_html('http://www.wine-searcher.com/merchant/852');
$data=$html->find('td.firstcell');
echo "Country :". $data[0].'<br />';
echo "Email :".$data[2].'<br />';
echo "Postal Address :".$data[3].'<br />';
echo "Permanent Address :".$data[4].'<br />';
echo "Contact :".$data[10].'<br />';
the output value of the script is to be inserted in to the database like MySQL.
for that i try something like that..
<?php
// example of how to use basic selector to retrieve HTML contents
include('../simple_html_dom.php');
// get DOM from URL or file
$html = file_get_html('http://www.wine-searcher.com/merchant/852');
$data=$html->find('td.firstcell');
$con = mysql_connect("localhost","user","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// Create database
if (mysql_query("CREATE DATABASE nt_usawine",$con))
{
echo "Database created";
}
else
{
echo "Error creating database: " . mysql_error();
}
// Create table
mysql_select_db("nt_usawine", $con);
$sql = "CREATE TABLE Persons
(
FirstName varchar(15),
LastName varchar(15),
Age int
)";
// Execute query
mysql_query($sql,$con);
$foo= $data[2];
mysql_query("INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('Peter', 'Griffin', $foo)");
mysql_close($con);
echo "Country :". $data[0].'<br />';
echo "Email :".$data[2].'<br />';
echo "Postal Address :".$data[3].'<br />';
echo "Permanent Address :".$data[4].'<br />';
echo "Contact :".$data[10].'<br />';
but still i cant get the table in the database with my data inserted. what is the right way to save the data ?
Have you tried to debug this by using mysql_error ?
$query = "INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('Peter', 'Griffin', $foo)";
$result = mysql_query($query);
if (!$result) {
$message = 'There is an error : ' . mysql_error() . "\n";
$message .= 'The query was : ' . $query;
die($message);
}
If you have an SQL error this would be very usefull.
By the way have you seen the only once time you don't do mysql_query( [...], $con) it the once which should add datas ?
And is it normal that you create a database and a table each time ? (don't know what you really want to do)
The mysql_query(); function allows you to run a query. Using the INSERT syntax you can insert data.
Example:
mysql_query("INSERT INTO `table` (`column1`, `column2`) VALUES ('value1', 'value2')");
Currently, what I'm seeing you wish to insert the country, email, postal address, permanent address and contact even though you create a table that can hold the data firstname, lastname and age...
No offence, but if you're already stuck there, this is not the right place to post your question. You need to search some tutorials before you even consider asking. SQL queries are well documented and can be found all over the web.
Either way, I'm too kind to leave this question unanswered.
I advice to create your database and table in PhpMyAdmin, rather creating a new one in your script. It's rather inefficient.
<?php
// this is where you login to your database
$connection = mysql_connect('localhost', 'username', 'password') or die('Could not connect: ' . mysql_error());
// select your EXISTING database you created. Usually there's a single database linked to your website
mysql_select_db('database_name', $connection);
// inserting data into table
$success = mysql_query("INSERT INTO `table_name` (`country`, `email`, `postaladdr`, `permanentaddr`, `contact`) VALUES ('".mysql_real_escape_string($data[0])."', '".mysql_real_escape_string($data[2])."', '".mysql_real_escape_string($data[3])."', '".mysql_real_escape_string($data[4])."', '".mysql_real_escape_string($data[10])."')");
// check if insert was successful
if($success) {
echo 'data inserted';
} else {
echo 'Something went wrong: ' . mysql_error();
}
// closing database
mysql_close($connection);
?>
Now all you have to do is change the login data, change the database_name, create the actual table and change the table_name in the script.
This is one of the first things you learn when starting with running SQL queries, so I higly suggest to learn more: http://www.w3schools.com/php/php_mysql_intro.asp
If everything I said didn't make any sense, you should click the link above.
I have a webform, from which i want records should be submitted into two tables under same database name.
My code is
<?php
$con = mysql_connect("localhost","************","***********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db=mysql_select_db("qserves1_uksurvey", $con);
$sql="INSERT INTO forms (date, Receivingsky, Title, Firstname, Lastname, House, Street, Town, County, Postcode, Number, WarrantyCoverForSky, Tvmake, Warrantycover, Payingmonthly, Agentnotes, Agentname)
VALUES
(NOW(),'$_POST[Receivingsky]','$_POST[Title]','$_POST[Firstname]','$_POST[Lastname]','$_POST[House]','$_POST[Street]','$_POST[Town]','$_POST[County]','$_POST[Postcode]','$_POST[Number]','$_POST[WarrantyCoverForSky]','$_POST[Tvmake]','$_POST[Warrantycover]','$_POST[Payingmonthly]','$_POST[Agentnotes]','$_POST[Agentname]')";
$sql_result = mysql_query($sql, $con) or die (mysql_error());
$con2 = mysql_connect("localhost","*******8","*********8");
if (!$con2)
{
die('Could not connect: ' . mysql_error());
}
$db2=mysql_select_db("qserves1_uksurvey", $con2);
$sql2="INSERT INTO dupphones (date, Number)
Values
(NOW(),'$_POST[Number]')";
$sql_result = mysql_query($sql2, $con2) or die (mysql_error());
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo '<html>
<head>
<title>Lead Submitted successfully!!!</title>
</head>
<body>
<center>
<strong>Lead Submitted ---- Click Here To Enter New Lead</strong>
</center>
</body>
</html>!';
mysql_close($con)
?>
This is submitting 3 leads 1 is in table dupphones and 2 leads in table forms.
I want this to submit 1 lead in each table only.
Please help
Thanks
You create two connections to the same database. You also execute mysql_query numerous times, sometimes with $sql2, then again with $sql. To clear up your code a little bit this is how it could look:
<?php
$con = mysql_connect("localhost","************","***********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db=mysql_select_db("qserves1_uksurvey", $con);
$sql="INSERT INTO forms (date, Receivingsky, Title, Firstname, Lastname, House, Street, Town, County, Postcode, Number, WarrantyCoverForSky, Tvmake, Warrantycover, Payingmonthly, Agentnotes, Agentname)
VALUES
(NOW(),'$_POST[Receivingsky]','$_POST[Title]','$_POST[Firstname]',
'$_POST[Lastname]','$_POST[House]','$_POST[Street]','$_POST[Town]','$_POST[County]',
'$_POST[Postcode]','$_POST[Number]','$_POST[WarrantyCoverForSky]','$_POST[Tvmake]',
'$_POST[Warrantycover]','$_POST[Payingmonthly]','$_POST[Agentnotes]',
'$_POST[Agentname]')";
$sql_result = mysql_query($sql, $con) or die (mysql_error());
$sql2="INSERT INTO dupphones (date, Number)
Values
(NOW(),'$_POST[Number]')";
$sql_result = mysql_query($sql2, $con2) or die (mysql_error());
echo '<html>
<head>
Note that your queries are still vulnerable to sql injection. Use escaping or prepared statements to get rid of sql injection.
Just a few words of advice. Sanitize your $_POST data before you submit. And consider using a primary key. Also, why do you make a new connection to run the second query?
At least use mysql_real_escape()
You get two queries because you do
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
Which runs the query again. You already run it once on top
$sql_result = mysql_query($sql, $con) or die (mysql_error());