Storing emails in a MySQL database using an HTML Form and PHP

Question

I am working to make a form where I can collect names and email addresses and send them to a MySQL database for storage. I wrote the HTML and PHP file and it seems to be working. It echoes "Thank you for entering an email!". When I look at the database it creates a line for the data but all the fields are blank. I am not sure what's going on, and this is the first time I have worked with a database. Thanks for all your help!

HTML

<form action='/submitEmail.php' action='POST'>
  <p>First name: <input type='text' id="firstname" name='firstname' /></p>
  <p>Last name: <input type='text' id="lastname" name='lastname' /></p>
  <p>Email: <input type='text' name='email' /></p>
  <input type='submit' value='Submit Email' />
</form>

PHP

<?php
  // Connecting to the MySQL server
  $host="myHost";
  $user_name="myUsername";
  $pwd="myPassword";
  $database_name="myDatabase"; //assuming you created this
  $db=mysql_connect($host, $user_name, $pwd);
  if (mysql_error() > "") print mysql_error() . "<br>";
  mysql_select_db($database_name, $db);
  if (mysql_error() > "") print mysql_error() . "<br>";
  // Storing form values into PHP variables
  $firstname = $_POST["firstname"]; // Since method="post" in the form
  $lastname = $_POST["lastname"];
  $email = $_POST["email"];
  // Inserting these values into the MySQL table
  // we created above
  $query = "insert into email_list (firstname, lastname, email) values ('" . $firstname . "', '" . $lastname . "', '" . $email . "')";
  $result = mysql_query($query);
  // mysql_query() is a PHP function for executing
  // MySQL queries
  echo "<p>Thank you for entering an email!</p>";
?>

Note: Your code is vulnerable to SQL injection, and sooner or later your database will be tampered with. At a minimum, you _must_ call `mysql_real_escape_string()` on all of those query inputs `$firstname = mysql_real_escape_string($_POST['firstname']);` More idea is to switch to a newer API supporting prepared statements, such as PDO or MySQLi. — Michael Berkowski, Nov 02 '12 at 23:58
[Please, don't use `mysql_*` functions in new code](http://stackoverflow.com/q/12859942). They are no longer maintained and the deprecation process has begun, see the [red box](http://php.net/mysql-connect). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli); [this article](http://php.net/mysqlinfo.api.choosing) will help you decide which. If you choose PDO, [here is a good tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers). — vascowhite, Nov 03 '12 at 00:09

score 5 · Accepted Answer · answered Nov 02 '12 at 23:59

5

Attribute method should be post.

<form action='/submitEmail.php' method='POST'>

answered Nov 02 '12 at 23:59

a.ilic

354
3
11

1

A.ilic is right. Also its good practice to use capitals for the statements - INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...) – Nov 03 '12 at 00:02

score 0 · Answer 2 · answered Nov 03 '12 at 13:21

0

You wrote action='POST' instead of method='POST'. Try to use later one. It should work.

Happy coding!!

answered Nov 03 '12 at 13:21

Unpredictable

113
4

Storing emails in a MySQL database using an HTML Form and PHP

2 Answers2