How do I retrieve data from HTML form in MySQL using PHP?

Question

I am trying to put data that a user submits in a form onto a MySQL database that I have but I can't seem to figure it out! I've searched everywhere and ended up copying some php code that I found on the internet but it is still not putting the data into the Database!

Here is my HTML form:

<form action="Sendtodatabase.php" method="POST" name="EmailForm">

    First Name:<br>
    <input type="text" size="25" name="firstname"><br><br>
    Last Name:<br>
    <input type="text" size="25" name="lastname"<br><br><br>
    Email:<br>
    <input type="text" size="25" name="email"<br><br><br>
    Telephone Number:<br>
    <input type="text" size="25" name="telephone"<br><br><br>
    <input type="submit" value="Submit">

</form>

and my PHP file:

<?php
$con=mysqli_connect(sql307.byethost33.com, b33_13775589, *********, b33_13775589_murdermystery);
if (mysqli_connect_errno($con)) {
    echo "Failed to connect to MySQL: ".mysqli_conect_error();
}
$sql="INSERT INTO Murder (FirstName, LastName, Email, Telephone) VALUES ('$_POST [firstname]', '$_POST [lastname]',
'$_POST [email]', '$_POST [telephone]')";
if (!mysqli_query($con,$sql)) {
    die('Error: '.mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);

What am I doing wrong here? Thank you!

Answer 1

Looks like an issue with your INSERT statement. Switch to PDO and use prepared statements to prevent injection. I added mysqli_real_escape_string to help some.

$sql="INSERT INTO Murder (FirstName, LastName, Email, Telephone) VALUES (
    '" . mysqli_real_escape_string($_POST["firstname"])."', 
    '" . mysqli_real_escape_string($_POST["lastname"]) . "', 
    '" . mysqli_real_escape_string($_POST["email"]) . "', 
    '" . mysqli_real_escape_string($_POST["telephone"]) . "')";

Answer 2

Are you sure youre contructing your form correctly?

HTML CODE :

<form action="Sendtodatabase.php" method="POST" name="EmailForm">

        First Name:<br>
        <input type="text" size="25" name="firstname"><br><br>
        Last Name:<br>
        <input type="text" size="25" name="lastname"><br><br><br>
        Email:<br>
        <input type="text" size="25" name="email"><br><br><br>
        Telephone Number:<br>
        <input type="text" size="25" name="telephone"><br><br><br>
        <input type="submit" value="Submit">

</form>

PHP CODE :

    <?php

    // validate to check if $_POST array have datas needed.
    print_r($_POST);
    exit;


    $con=mysqli_connect('sql307.byethost33.com', 'b33_13775589', '*********', 'b33_13775589_murdermystery');
    if (mysqli_connect_errno($con)) {
        echo "Failed to connect to MySQL: ".mysqli_conect_error();
    }
    $sql="INSERT INTO Murder (FirstName, LastName, Email, Telephone) VALUES (".$_POST ['firstname']", ".$_POST ['lastname'].",
    ".$_POST ['email'].", ".$_POST ['telephone'].")";
    if (!mysqli_query($con,$sql)) {
        die('Error: '.mysqli_error($con));
    }
    echo "1 record added";
    mysqli_close($con);
?>

Answer 3

From the code that you post in HTML part, you are lacking to put ">" after the name of each input attribute. Please make the correction and your code will run smoothly already.