I just want to transfer the information from a text form into a database, but the value doesn't appear in the database properly. Here's what I have:
HTML code, for the form:
<form method="post" action="process.php">
<input type="text" maxlength="150" name="textbox">
<input type="submit" name="submit">
</form>
process.php
<?php
$con=mysqli_connect($host, $username, $password, $database);
$sql = mysqli_query($con,"INSERT INTO notes (User, Note)
VALUES ('test', '$_POST [textbox]')");
// I also tried writing $_POST ['textbox'] instead; didn't make a difference.
?>
However, the output in the database is as follows:
User: test
Note: Array [textbox]
How would I be able to correct the value in the Note column (i-e to make it the value entered in the form)?
First off...you had a space between $_POST and ['textbox'];
it shoulda just been $_POST['textbox']...
But also you need to sanitize the data first so...
Try this
$input = mysqli_real_escape_string($_POST['textbox']);
$sql = mysqli_query($con,"INSERT INTO notes (User, Note)
VALUES ('test', '$input')");
But really you should use PDO instead of the deprecated mysql_* functions...
Google PDO, and learn to do prepared statements.
Here it is with PDO...
$conn = new PDO("mysql:host=$host;dbname=$database",$username,$password);
$user = 'Test';
$note = $_POST['textbox'];
$sql = "INSERT INTO notes (User, Note) VALUES (:user,:note)";
$q = $conn->prepare($sql);
$q->execute(array(':user'=>$user,
':note'=>$note));
EDIT...
I also noticed your inputs aren't closed, there should be a / at the end of each...
<form method="post" action="process.php">
<input type="text" maxlength="150" name="textbox" />
<input type="submit" name="submit" />
</form>
You have a space between $_POST and [textbox]. $_POST is an array. Hence, Array [textbox], ie: ArraySPACE[textbox]
You should remove the space, then look into using prepared statements. You should not use user submitted data directly without sanitizing it first.
$sql = mysqli_query($con,"INSERT INTO notes (User, Note)
VALUES ('test', '{$_POST['textbox']}')");
Related
I made a simple form with two variables which should be sent to database after SUBMITing them. However even thought there is no bug reports, the database is still empty after submit. Where Can I look for mistake?
I already tried multiple ' or " or '", none of these worked. I can with no problem SELECT data from fdatabase so the connection is established.
$total = $_POST['kwota'];
$way = $_POST['sposob'];
echo $total . "<BR>" . $way;
$sql = "INSERT INTO payments (Total, Way) VALUES ('$kwota', '$sposob');";
mysqli_query($conn, $sql);
header("Location: ../index.php?Payment=success");
<form action="includes/Platnosc.inc.php" method="POST">
<input type="text" name="kwota" placeholder="kwota"><br>
<input type="text" name="sposob" placeholder="sposób"><br>
<button type="submit" name="submit">Dodaj płatność</button>
</form>
You are inserting $_POST array indexes as php variables. Change your query to this
$sql = "INSERT INTO payments (Total, Way) VALUES ('$total', '$way')";
However, I suggest you to use prepared statements to prevent from sql injections
I've been searching for some answers but can't figure out what's happening.
The SQL connection is working perfectly, I've checked it. So I have this POST method.
if(isset($_POST['new_data'])) {
$new_nm = mysqli_real_escape_string($db, $_REQUEST['new_name']);
$new_pstn = mysqli_real_escape_string($db, $_REQUEST['new_position']);
...
$db->query("INSERT INTO data (name, position, description, twitter, email, image) VALUES('$new_nm', '$new_pstn',
'$new_dscrpt', '$new_twt', '$new_mail', '$new_img')");
}
And here's the form from where I'm getting the data:
<form role="form" method="post">
<label>Name</label>
<input name="new_name" class="form-control" />
<label>Position</label>
<input name="new_position" class="form-control" />
...
<button type="submit" name="new_data">Submit!</button>
</form>
When I click in the button I don't get the data inserted. What am I doing wrong? I have another POST method with a different name which is working (that one makes an UPDATE).
Thanks a lot.
Well, I'll try to answer this question.
According to table structure, problem is in id field, which should be int with AUTO_INCREMENT.
Also, I want to make some suggestion for your input
if(isset($_POST['new_data']))
{
//Always check your input and sanitize it with htmlspecialchars() or htmlentities()
$new_nm = htmlspecialchars(isset($_REQUEST['new_name']) ? $_REQUEST['new_name'] : "");
$new_nm = mysqli_real_escape_string($db, $new_nm);
...
$db->query("INSERT INTO data (name, position, description, twitter, email, image) VALUES('$new_nm', '$new_pstn',
'$new_dscrpt', '$new_twt', '$new_mail', '$new_img')");
}
dear Stackoverflow users, I start learning PHP and MySQLi. And now I have some issues. On every page reload in DB added 1 full empty row, every cell is null. Can someone give me advice about issue? Code below:
PHP before html tag:
<?php
$mysqli = new mysqli("", "", "", "");
$mysqli->set_charset('utf8');
$name = $mysqli->real_escape_string($_POST['name']);
$email = $mysqli->real_escape_string($_POST['email']);
$link = $mysqli->real_escape_string($_POST['link']);
$query = "INSERT INTO demos (name, email, link) VALUES ('$name', '$email', '$link')";
$mysqli->query($query);
$mysqli->close();
?>
HTML inside body tag:
<form action="" method="post">
<input type="text" name="name" maxlength="20" required />
<input type="text" name="email" required />
<input type="text" name="link" required />
<input type="submit" value="Send" />
</form>
You should first check if your form is submitted by using isset or !empty.
By using isset, you can check wether or not a variable is set:
<?php
if(isset($_POST['name']) && isset($_POST['email']) && isset($_POST['link'])) {
// your code
}
?>
By using !empty, you can check if a variable is set and not empty. Note however that if you are using empty you can not submit a '0' or leave a field blank.
<?php
if(!empty($_POST['name']) && !empty($_POST['email']) && !empty($_POST['link'])) {
// your code
}
?>
Try using prepared statement for easier use and protection for SQL injection:
$stmt = $mysqli->prepare("INSERT INTO demos (name, email, link) VALUES(?, ?, ?)");
$stmt->bind_param("sss", $name, $email,$link);
$stmt->execute();
Read more about prepared statements: https://www.w3schools.com/php/php_mysql_prepared_statements.asp
Use var_dump to debug your code to make sure the values are not null
Add this before and after escaping the strings:
var_dump(array($name, $email, $link));
Also, switch to using prepared statements
$stmt = $mysqli->prepare("INSERT INTO demos (name, email, link) VALUES (?,?,?)");
$stmt->bind_param('sss', $name, $email, $link); // bind vars to the parameter
$stmt->execute(); // Execute statement
I am trying to build an "admin" section of my website. One where I can update customer status on work orders (or tickets if you prefer the term). I have it where I can input an int in a text field and hit submit to DELETE, but I cannot get my addRow function to work. It is not causing an error, which makes me believe that I am not passing my variables correctly.
Here are the forms on admin.php:
<form name="newRow" METHOD="post" ACTION="q.php">
Status of New Entry: <input type="text" value="Open" name="newStatus" /><br>
Type of Maintenance being completed: <input type="text" value="Software Maintenance" name="maintType" /><br>
<input type="submit" value="Add" name="newEntry" />
</form>
<form name="delRow" METHOD="post" ACTION="q.php">
<input type="text" name="deleteID" />
<input type="submit" value="Delete" name="delEntry"/>
</form>
As for my q.php, here is what I have after I connect to my db (which again, I have no problems using the delEntry/delRow section, so I can't see how a connection/mysqli initialization problem would be the issue:
//prepare statements
$addData = $conn->prepare("INSERT INTO $tname (status, mainttype) VALUES (?, ?)");
$addData->bind_param("s,s", $newStatus, $maintType);
$delData = $conn->prepare("DELETE FROM $tname WHERE id=?");
$delData->bind_param("i", $deleteID);
//end prepared statements
//if New Entry Button is pressed
$newStatus = isset($_POST['newStatus'])
? $_POST['newStatus']
: '';
$maintType = isset($_POST['maintType'])
? $_POST['maintType']
: '';
$addData->execute();
if ( false===$addData ) {
die('prepare() failed: ' . htmlspecialchars($mysqli->error));
}
else{
printf("rows inserted: %d\n", $addData->affected_rows);
}
//if Del Entry Button is pressed
if ( isset( $_POST['delEntry'] ) ) {
$deleteID = $_POST['deleteID'];
$delData->execute();
}
$addData->close();
$delData->close();
$conn->close();
?>
my columns are matching according to phpMyAdmin:
$addData = $conn->prepare("INSERT INTO $tname (status, mainttype) VALUES (?, ?)");
status and mainttype (yes 2 t). my ID (primary) is an auto_incriment so I left it out because I don't want to cause any key duplicate errors by accident. It's auto_incriment has been tested and seems to be working fine.
Too make it more fun, I added an echo $newStatus; after my prepared statement execution, and it comes back with the correct value. I appear to be having a problem with the addition of the new row. Still no error being generated.
printf("rows inserted: %d\n", $addData->affected_rows);
returns with 0 rows affected as well.
Simple comma issue. On:
$addData->bind_param("ss", $newStatus, $maintType);
I had it listed as:
$addData->bind_param("s,s", $newStatus, $maintType);
I have some problems while trying to send data from form to mysql database using php.I know how to fix this when i set form action to anothen page (<form action="example.php>, but i want that all procces stay on one page.
WHen i run my php script and enter name in both of fields and go send, only url page changes, nothing else.Hope u can help me.Thanks
<?php
$con=mysqli_connect("localhost","root","","test");
if (mysqli_connect_errno())
{
echo"Error connecting to database". mysqli_connect_error();
}
if (isset($_POST['input_send']))
{
$name=($_POST['input_name']);
$lastname=($_POST['input_lastname']);
$insert="INSERT INTO test_mysql (name, lastname) VALUES ('$name', $lastname)";
echo"record added";
}
?>
<form action="" action="post">
First name: <input type="text" name="input_name"/>
Last name: <input type="text" name="input_lastname"/>
<input type="submit" value="send" name="input_send"/>
</form>
Your error is that you typed
action="post"
instead of
method="post"
Without a method specified, PHP will fall back to GET.
Hence your isset($_POST) will return false and you are not seeing 'record added'
Another error, as pointed out by echo_ME is that you are not submitting the MySQL Query to the Database:
$insert="INSERT INTO test_mysql (name, lastname) VALUES ('$name', $lastname)";
With the function mysqli_query you can perform your query:
mysqli_query($insert);
As noted by others you should escape your variables to prevent SQL Injections
change this
$insert="INSERT INTO test_mysql (name, lastname) VALUES ('$name', $lastname)";
to
mysqli_query("INSERT INTO test_mysql (name, lastname) VALUES ('$name', '$lastname')");
and this
action="post"
to
method="post"
and escape your variables like that:
$name=mysqli_real_escape_string($_POST['input_name']);
$lastname=mysqli_real_escape_string($_POST['input_lastname']);
<form action="<?=echo $_SERVER['PHP_SELF']?>" method='post'>
You can take info about the page url from your server.
It basicly action to the same page, i mean itself.