1

I am fairly new to PHP and I am trying to save input from a user into a mysql database. I followed a tutorial online on how to do it, but every time I enter the user's info, the website tells me it failed. The only thing that I can think of is the host name(I copied and pasted it from phpadmin).Please let me know if there is something wrong.

contact.html

<section id="mid_section">
                <div id="boxes">
                    <h1>
                        Leave your information here for a quick reponse:
                    </h1>
                    <br/>
                    <form id="myform" action="userinfo.php" method="post">
                        Name:<input type="text" value="name">
                        Email:<input type="email" value="email">
                        Phone:<input type= "tel" value="phone(opt)">
                        <button id="sub">Submit</button>
                    </form>

db.php

<?php
    $conn = mysql_connect('custsql.eigbox.net','username','password');
    $db= mysql_select_db('visitors');
?>

userinfo.php

<?php
    include_once('db.php');

    $name =$_POST['name'];
    $email =$_POST['email'];
    $phone =$_POST['phone'];

    if(mysql_query("INSERT INTO users (name,email,phone) VALUES ('$name','$email','$phone')"))
    echo"successfully inserted";
    else
    echo "failed";
?>

myscript.js

$("#sub").click(function(){

    $.post($("#myform").attr("action"), $("#myform:input").serializeArray(), function(info){$("#result").html(info);});
    });

$("#myform").submit(function(){
    return false;
    });
jorgeAChacon
  • 319
  • 2
  • 5
  • 21
  • Your code is incredibly easy to hack. Learn how to sanitize variables and stop using `mysql_*` as it is deprecated. Use `mysqli_*` or `PDO`. Is there a specific error message you can state? We can't magically find errors unless it's blatantly obvious. – Sterling Archer Aug 30 '13 at 01:39
  • Do you have your own mysql database? – bfavaretto Aug 30 '13 at 01:40
  • yes I have my own sql database @bfavaretto – jorgeAChacon Aug 30 '13 at 01:41
  • @RUJordan can you please be more specific? I am new to PHP – jorgeAChacon Aug 30 '13 at 01:42
  • How do you know it's not working? Is the page white? Does it say syntax error on line 3? Does is give you a mysql error? Every little detail helps – Sterling Archer Aug 30 '13 at 01:43
  • So, if you have the db on your local machine, use localhost as the hot name, and the username and password you defined when you installed the mysql server. – bfavaretto Aug 30 '13 at 01:44
  • @RUJordan I saw a few persons use mysqli_* why is that better?.Also, the error message that comes up is "failed" which is under userinfo.php – jorgeAChacon Aug 30 '13 at 01:45
  • @bfavaretto the database is online – jorgeAChacon Aug 30 '13 at 01:46
  • Okay, but if the php is running on the same machine as the db, localhost should work too. – bfavaretto Aug 30 '13 at 01:46
  • @bfavaretto ok I will change it to localhost and let you know – jorgeAChacon Aug 30 '13 at 01:47
  • To answer your question to RUJordan: `VALUES ('$name','$email','$phone')` is a security hole, and mysqli and pdo provide safer options. See http://bobby-tables.com/ – bfavaretto Aug 30 '13 at 01:48
  • @bfavaretto I changed it to localhost,but it still threw me the"echo "failed";" message from userinfo.php – jorgeAChacon Aug 30 '13 at 01:50
  • Remove your if statement, and try this: `mysql_query("INSERT INTO users (name,email,phone) VALUES ('$name','$email','$phone')") OR die(mysql_error())`. If the query fails, it should tell you exactly what the problem is. – bfavaretto Aug 30 '13 at 01:51

2 Answers2

4

As you might fairly be a newcomer to php, on one hand it is great to follow tutorials, however chosing a right source might be a frequent disasterous problem.

When you are using functions like mysql_select_db and mysql_query it basiaclly means that you are using a deprecated mysql style.

If you go to official php documentation and search for mysql method, it is going to tell you about its deprecation.

Problem here, though, is not a way you interact with database, your style of coding still works and many people still do it just like that.

I just tell you as a newcomer that instead of mysql_ functions, people tend to favor mysqli and or PDO. Consider them as your future friends.

What about your problem, I believe all is okay, except your mysql_query functions looks odd. Try following code instead of your query statement

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".$name."','".$email."','".$phone."')"))

or for security reasons even better

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".mysql_real_escape_string($name)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($phone)."')"))

If it is not a case and you still get a 'Fail' error statement, you will need to do a very little debugging and people here will be able to help you out

So, you will need to use following instead of what you have now

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".mysql_real_escape_string($name)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($phone)."')")) {
    echo 'Success!'
} else {
    echo mysql_error();
    exit;
}

Let's see what happens

Davit
  • 1,394
  • 5
  • 21
  • 47
  • Thanks for the security advise. I updated everything and now I am getting this message: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2).. I tried using localhost as a host as well as custsql.eigbox.net . – jorgeAChacon Aug 30 '13 at 01:59
  • Well, this probably means that `mysqld` has to be started for `mysql.sock` to be created and being accessed. You will need to check if it is running. I think you need to refer to this question http://stackoverflow.com/questions/11990708/error-cant-connect-to-local-mysql-server-through-socket-var-run-mysqld-mysq or look for similar. Good luck! – Davit Aug 30 '13 at 02:03
1

At first, use name on every attributes of the form. So, contact.html will be 

<form id="myform" action="userinfo.php" method="post">
                        Name:<input type="text" value="name" name='name'>
                        Email:<input type="email" value="email" name='email'>
                        Phone:<input type= "tel" value="phone(opt)" name='phone'>
                        <button id="sub">Submit</button>
</form>

Use mysqli_* instead of mysql_* as it is deprecated. You can also use PDO. More on mysqli_*

Filter the data before inserting them into database. So, userinfo.php will look like

include_once('db.php');

$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db,$_POST['email']);
$phone = mysqli_real_escape_string($db,$_POST['phone']);

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".$name."','".$email."','".$phone."')"))
echo"successfully inserted";
else
echo "failed";
Debashis
  • 566
  • 2
  • 14
  • 34
  • I did everything like you explained and now I have the following error:"Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log." – jorgeAChacon Aug 30 '13 at 02:06