Here is the code:
contact_us2.php
<form id="form1" method="post" action="enquires.php">
<fieldset>
<legend>Form to database example</legend>
<label for="text">
<span>Comments:</span>
<textarea id="text" name="comments" rows="4" cols="80"></textarea>
</label>
<label for="name">
<span>Name:</span>
<input id="name" type='text' name='name' size='50'/>
</label>
<label for="email">
<span>Email:</span>
<input id="email" type='text' name='email' size='50'/>
</label>
<label for="submit1" id="submit"><span> </span>
<input id="submit1" class="submit" type="submit" name="submit" value="Submit"/>
</label>
</fieldset>
</form>
enquires.php
<?php
session_start();
error_reporting(E_ALL & ~E_NOTICE);
require('authenticate.php');
include_once"../scripts/connect_to_mysql.php";
$name = $_post['name'];
$email = $_post['email'];
$comments = $_post['comments'];
echo "$email";
// Query the body section for the proper page
mysql_select_db("hardware_cms" )or die (mysql_error());
$sqlCommand = MYSQL_QUERY("INSERT INTO enquires (id, name, email, comments)". "VALUES ('NULL', '$name', '$email', '$comments')") or die (mysql_error());
?>
There is no errors. The only thing that is inserted into the database is the id. I think the problem is in contact_us2.php. I'm new to html and php sorry if this is a silly question.
The error is in the php code because you have to use $_POST and don't $_post
$name = $_POST['name'];
$email = $_POST['email'];
$comments = $_POST['comments'];
Replace $_post with $_POST and see what happens.
Also, PLEASE sanitize your SQL inputs (either by using mysql_real_escape_string, or better - by using PDO prepared statements).
Related
I'm sorry if this has been mentioned many times in the thread but I just want to ko some answer. Can someone tell me how I got an error like this
Parse error: syntax error, unexpected ';' in C:\xampp\htdocs\create.php on line 8
Here is my code:
<?php
mysql_connect("localhost","root");
mysql_select_db("comment");
if(isset($_POST['submit']))
(
$Name = $_POST['name'];
$Email = $_POST['email'];
mysql_query("INSERT INTO demo (c_name,c_email) VALUES ('$Name','$Email')");
echo "Inserted !!!";
)
?>
<form method = "post" action = "">
<div>
<label for="name">Your Name</label>
<input type="text" name="name" id="name">
<label for="email">Your Email</label>
<input type="text" name="email" id="email">
<label for="submit">Submit</label>
<input type="submit" name="submit" id="submit">
</div>
</form>
I'm pretty sure the php codes are correct so I ended up in confusion.
P.S. I've acknowledged that mysql_function are outdated now but I don't have the luxury to study for PDO or mysqli_ this semestral end term. Thanks
if clauses in PHP have to be surrounden with curly brackets:
if(statement) { /* your code goes here */ }
Your code works this way:
if(isset($_POST['submit']))
{
$Name = $_POST['name'];
$Email = $_POST['email'];
mysql_query("INSERT INTO demo (c_name,c_email) VALUES ('$Name','$Email')");
echo "Inserted !!!";
}
BTW [OT]: beware of SQL injections.
I am not sure why people don't use any IDE like phpStorm or NetBeans
If you were using an IDE you should see something like this and never post this question:
You can guess something is wrong with (
<?php
mysql_connect("localhost","root");
mysql_select_db("comment");
if(isset($_POST['submit'])) {
$Name = $_POST['name'];
$Email = $_POST['email'];
mysql_query("INSERT INTO demo (c_name,c_email) VALUES ('$Name','$Email')");
echo "Inserted !!!";
}
?>
<form method = "post" action = "">
<div>
<label for="name">Your Name</label>
<input type="text" name="name" id="name">
<label for="email">Your Email</label>
<input type="text" name="email" id="email">
<label for="submit">Submit</label>
<input type="submit" name="submit" id="submit">
</div>
</form>
I am new to PHP and MySQL.
I created a php form to save some data to the databse table.
After submitting the form, it gives
"1 recorded added"
as specified in the php insert string.
But after opening the table in phpmyadmin, it shows a new row added but no data in it..
The php form is:
<h2>Register Yourself</h2>
<form method="post" action="get-member.php">
<div>
<span><p>First Name:</p></span>
<span><input type="text" class="form-control" id="FirstName"></span>
</div>
<div>
<span>Last Name:</span>
<span><input type="text" class="form-control" id="LastName"></span>
</div>
<div>
<span>Father's Name: </span>
<span><input type="text" class="form-control" id="FatherName"></span>
</div>
<div>
<span>Mother's Name: </span>
<span><input type="text" class="form-control" id="MotherName"></span>
</div>
<div>
<span>Date of Birth: </span>
<span><input type="date" class="form-control" id="DOB"></span>
</div>
<div>
<span>Address: </span>
<span><input type="text" class="form-control" id="Address"></span>
</div>
<div>
<span>City: </span>
<span><input type="text" class="form-control" id="City"></span>
</div>
<div>
<span>District: </span>
<span><input type="text" class="form-control" id="District"></span>
</div>
<div>
<span>Postal Code: </span>
<span><input type="text" class="form-control" id="PostalCode"></span>
</div>
<div>
<span>Personal Mobile #:</span>
<span><input type="number" class="form-control" id="Pmobile"></span>
</div>
<div>
<span>Father's Contact #:</span>
<span><input type="number" class="form-control" id="Fmobile"></span>
</div>
<div>
<span>Mother's Contct #:</span>
<span><input type="number" class="form-control" id="Mmobile"></span>
</div>
<div>
<span>Home contact #:</span>
<span><input type="number" class="form-control" id="Hmobile"></span>
</div>
<div>
<span><input type="submit" value="Register"></span>
</div>
</form>
and the get-member.php file is:
<?php
//stablising connection
include("../database/connection.php");
//escape variables for security
$FirstName = mysqli_real_escape_string($con, $_POST['FirstName']);
$LastName = mysqli_real_escape_string($con, $_POST['LastName']);
$FatherName = mysqli_real_escape_string($con, $_POST['FatherName']);
$MotherName = mysqli_real_escape_string($con, $_POST['MotherName']);
$DOB = mysqli_real_escape_string($con, $_POST['DOB']);
$Address = mysqli_real_escape_string($con, $_POST['Address']);
$City = mysqli_real_escape_string($con, $_POST['City']);
$District = mysqli_real_escape_string($con, $_POST['District']);
$PostalCode = mysqli_real_escape_string($con, $_POST['PostalCode']);
$Pmobile = mysqli_real_escape_string($con, $_POST['Pmobile']);
$Fmobile = mysqli_real_escape_string($con, $_POST['Fmobile']);
$Mmobile = mysqli_real_escape_string($con, $_POST['Mmobile']);
$Hmobile = mysqli_real_escape_string($con, $_POST['Hmobile']);
$sql="INSERT INTO RUPmembers (FirstName, LastName, FatherName, MotherName, DOB, Address, City, District, PostalCode, Pmobile, Fmobile, Mmobile, Hmobile)
VALUES ('$FirstName','$LastName','$FatherName','$MotherName','$DOB','$Address','$City','$District','$PostalCode','$Pmobile','$Fmobile','$Mmobile','$Hmobile')";
if (!mysqli_query($con,$sql))
{
die ('Error:' . mysqli_error($con));
}
echo "1 Record addedd";
//closing connection
include("../database/close-connection.php");
?>
The phpmyadmin table after inserting 3 data(s):
[sorry it is requesting to gain 10 repo to be able to add image, but here is the link of the screenshot http://oi60.tinypic.com/n6rtyu.jpg ]
Change
input type="text" class="form-control" id="LastName">
to
input type="text" class="form-control" name="LastName">
This should slove your problem however do not insert unmanipulated info from users into your query.
You are using id="FirstName"
You need to have the property name set for each field. For example:
name="FirstName"
To debug this, you should take a look at your $_POST vars using var_dump($_POST) to show what is being passed on from the form.
Note: Queries should be protected from any data received from the user to prevent sql injection. See this post to learn how to avoid this.
To catch data from the html form by php,the name should be given inside the $_post[''] method not the id.
use name="FirstName"
name="LastName"
name="DOB"
etc..
it will solve the problem..
Complete Newbie to PHP, but trying to do a simple form submit to a MySQL Database. I keep getting the Notice: Undefined index: warning on my form input variables. What could be issue here. The form is on a seperate PHP page submitting to the process.php file.
Form Code:
<form name="example" id="example" method="POST" action="process.php" enctype="multipart/form-data">
<p>
<label for="first_name">First Name:</label>
<input size="20" name="first_name" id="first_name" />
</p>
<p>
<label for="city">city</label>
<input size="20" name="city" id="city" />
</p>
<p>
<label for="state">state</label>
<input size="20" name="state" id="state" />
</p>
<p>
<label for="zip">zip</label>
<input size="20" name="zip" id="zip" />
</p>
<p>
<label for="email">e-mail</label>
<input size="20" name="email" id="email" />
</p>
<p>
<label for="form_upload">file</label>
<input size="40" type="file" name="form_data" id="form_data" />
</p>
<p>
<input type="submit" value="Submit form" name="submit" />
</p>
</form>
Process.php
<?php
mysql_connect("localhost", 'root', '') or die('Could not connect:' . mysql_error());
mysql_select_db("practice") or die(mysql_error());
mysql_query("CREATE TABLE user (id INT(5)NOT NULL AUTO, name VARCHAR(30), email VARCHAR(40), city VARCHAR(40), state VARCHAR(3), zip INT(5) )");
if (isset($_POST)) {
$name = $_POST['first_name'];
$email = $_POST['email'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
}
mysql_query("INSERT INTO user VALUES('$name', '$email', '$city', '$state', '$zip')");
?>
i guess you should change this
if (isset($_POST)){
and give an index like that
if (isset($_POST['submit'])){
and also
change the query to
mysql_query("INSERT INTO user (name , email, city,state, zip)
VALUES('$name', '$email', '$city', '$state', '$zip')" );
and you should escape your variables like that before inserting them.
$name = mysql_real_escape_string($name) ;
// and so on
last thing is why you create table everytime you submit ? you should check if exist .
I would like to get some user data using a php form and store it in a mysql database , trouble is, the page simply refreshes when I submit the form.
Here is my php form:
<form id="companyform" name="companyform" method="post" action="index3.php" data-ajax="false">
<b>To enlist your business fill in the form below:</b>
<p>
<label for="name">Company Name:</label>
<input type="text" name="companyname" id="companyname" data-mini="true"/>
</p>
<p>
<label for="name">Company Address:</label>
<input type="text" name="companynaddress" id="companynaddress" data-mini="true"/>
</p>
<p>
<label for="textfield">Tel No.:</label>
<input type="text" name="tel" id="tel" data-mini="true"/>
</p>
<p>
<label for="textfield">Fax No.:</label>
<input type="text" name="fax" id="fax" data-mini="true"/>
</p>
<p>
<label for="textfield">Email:</label>
<input type="text" name="email" id="email" data-mini="true"/>
</p>
<p>
<label for="textfield">Website Address:</label>
<input type="text" name="website" id="website" data-mini="true"/>
</p>
<p>
<label for="textfield">Contact Person Name:</label>
<input type="text" name="contactname" id="contactname" data-mini="true"/>
</p>
<p>
<label for="textfield">Contact Person Number:</label>
<input type="text" name="contactnumber" id="contactnumber" data-mini="true"/>
</p>
<p>
<label for="textfield">Contact Person Email:</label>
<input type="text" name="contactemail" id="contactemail" data-mini="true"/>
</p>
<p>
<input name="submit" type="submit" id="submit" value="Submit" />
</p>
</form>
and here is my database connection code:
<?php
if (array_key_exists('submit', $_POST)) {
$con = mysql_connect("host", "user", "pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("botswanasearchdb", $con);
$companyname = $_POST['companyname'];
$companyaddress = $_POST['companyaddress'];
$tel = $_POST['tel'];
$fax = $_POST['fax'];
$emailid = $_POST['emailid'];
$website = $_POST['website'];
$contactname = $_POST['contactname'];
$contactnumber = $_POST['contactnumber'];
$contactemail = $_POST['contactemail'];
// prepare the SQL query
$sql = "INSERT INTO businessuser (companyname, companyaddress, tel, fax, emailid, website, contactname, contactnumber, contactemail) VALUES ('$companyname', '$companyaddress', '$tel', '$fax', '$emailid', '$website', '$contactname', '$contactnumber', '$contactemail')";
mysql_close($con);
}
?>
This is your form tag:
<form id="companyform" name="companyform" method="post" action="index3.php" data-ajax="false">
So you are submitting the form to index3.php (the action attribute). According to your comment index3.php contains your form and that is why the form refreshes when you submit it. You are basically reloading your form on form submit.
You need to submit the form to your php script that contains the php code you posted.
Edit: If everything is on the same page, you can do something like:
if (array_key_exists('submit', $_POST))
{
// your code
// show thank you message
}
else
{
// show form
}
Another edit: As you are using the deprecated mysql_* functions and not escaping the data, you have an sql injection whole and a ' character in your data will break your query. You should switch to PDO / mysqli and prepared statements. And always add error handling.
pswThe index.php part seems to work fine, but the handler throws a internal server error (500).
index.php
<div id="contact">
<h1>Contact us</h1>
<form id="ContactForm" method="post" action="submit.php">
<p>
<label>Name<span>(optional)</span></label>
<input id="name" name="name" class="inplaceError" maxlength="120" type="text" autocomplete="on"/>`enter code here`
<span class="error" style="display:none;"></span>
</p>
<p>
<label>Email<span>(optional)</span></label>
<input id="email" name="email" type="text" />
</p>
<p>
<label>Subject<span>(optional)</span></label>
<input id="website" name="website" />
</p>
<p>
<label>Your message<br /> <span>700 characters allowed</span></label>
<textarea id="message" name="message" cols="6" rows="5"></textarea>
</p>
<p class="submit">
<input id="send" type="submit" value="Submit" name="submit"/>
<span id="loader" class="loader" style="display:none;"></span>
</p>
<input id="newcontact" name="newcontact" type="hidden" value="1"></input>
</form>
submit.php -->
if(isset($_POST['submit'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$website = $_POST['website']; //subject
$message = $_POST['message'];
$connection = mysql_connect ("localhost", "root", "pswd") or die ('DB connection fail:' .mysql_error());
mysql_select_db ("contactform");
$query = "INSERT INTO contact (pk_contact, name, email, website, message, added_date)VALUES ('NULL','$name','$email','$sub','$msg','NULL')";
//good to know about the quotes, but the page still insist there's an error
mysql_query($query) or die ('Error uploading DB');
mysql_close($connection);
echo "<span id="success_message" class="success">YAY! It worked.</span>";
} else {
echo "<span class='error'>Try again.</span>";
}
I think you've got an error with your query string. It should look like
$query = "INSERT INTO contact (name, email, website, message, added_date)VALUES ('$name','$email','$sub','$msg',NULL)";
The double quotes were breaking up your string, and the different parts weren't being concatenated.
As Mikecito mentioned. You'll want to remove the quotes around NULL.
$query = "INSERT INTO contact (pk_contact, name, email, website, message, added_date)VALUES (NULL,'$name','$email','$sub','$msg',NULL)";
Assuming you have set you mysql table so the added_date field is a mysql timestamp format, attempting to enter 'NULL' into the table will result in a mysql error.
Also make sure the mysql table allows null values to be entered into the pk_contact and added_date fields.