Adding data to mysql database through html form

Question

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel = "stylesheet" href = "css/mystyle.css" type = "text/css/">
<title> APPOINTMENT FORMS </title>
</head>
<body>
<form method="post" action="<?php $_PHP_SELF ?>">
    <p> <?php if(isset($_REQUEST['message'])) echo $_REQUEST['message'] ?> </p>
<table width = '50%' border = '0' cell spacing = '0' cell padding = '2'>
<tr>
<td align = 'right' style='padding:10px'>EM_ID: </td>
<td> <input type = 'text' name = 'em_id' placeholder = 'Enter your ID here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Appointment Type: </td>
<td><input type = 'text' name = 'appointment_type' placeholder = 'Enter either part time/full time here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Appointment Category: </td>
<td><input type = 'text' name = 'appointment_category' placeholder = 'Enter either Academic/Non-Academic here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Date of Appointment: </td>
<td><input type = 'text' name = 'date_of_appointment' placeholder = 'Enter yy/mm/dd here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Date of Confirmation: </td>
<td><input type = 'text' name = 'date_of_confirmation' placeholder = 'Enter date of confirmation of appointment here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style = 'padding:20px'><input type = 'submit' value ='Submit'></td>
</tr>
</table>
</form>

<?php
if (isset($_POST['submit'])) {

$connect = mysql_connect('localhost','root','oluwaseun') or die ("Could not connect to the  database");
mysql_select_db('school_of_science', $connect) or die ("Could not find the database");

$em_id = $_POST['em_id'];
$appointment_type = $_POST['appointment_type'];
$appointment_category= $_POST['appointment_category'];
$date_of_appointment = $_POST['date_of_appointment'];
$date_of_confirmation = $_POST['date_of_confirmation'];



mysql_query("INSERT into appointment     (em_id,appointment_type,appointment_category,date_of_appointment,date_of_confirmation) 
    VALUES('$em_id','$appointment_type','$appointment_category','$date_of_appointment','$date_of_confirmation')") or die(mysql_error());

$message = "Your data has been entered successfully";
header("location:practice.php? message=$message");
}
?>


</body>
</html>

Pls am new in php ans am trying to create a link between my html form and database but it's not working. pls help me. Thanks I have the html tags and the php codes on the same page and i have install mysql correctly and created my database but it remain the linking.

I guess you ate the letter `M` in your question title, also, *but it's not working* is too vague, can you be more precise what exactly is not working? — Mr. Alien, Sep 23 '13 at 11:07
**By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. — Andy Lester, Sep 23 '13 at 11:23
I humbly suggest you get very familiar with `mysql_real_escape_string();`. — rfoo, Sep 23 '13 at 11:24

prk · Answer 1 · 2013-09-23T11:33:02.713

Well, like the people asked in the comments; what is it that isn't working? I'd also suggest you use mySQLi instead of mySQL.

An example on how to make an form that inserts into a table;

<form action='index.php?a=register' method='post'> <!-- You can use if(isset($_POST['submit'])) as well, but I prefer ?a(ction)= :) -->
Username: <input type='text' name='username /> Password: <input type='password' name='password' />
<input type='submit' value='Register' />
</form>

<?php
$db = mysqli_connect("server_name", "user", "password", "database") or die (mysqli_error());
if($_GET['a']=='register')
{
$username = $_REQUEST['username']; // Can also use $_POST
$password = md5($_REQUEST['password']); // Same here ^.
mysqli_query($db, "INSERT INTO users(username, password) VALUES('$username', '$password')");
}
?>

If you still want to use mysql, just change "mysqli" to "mysql" and edit the connect along with the query. I would help you with your code but as you didn't really point out what's wrong I'll simply give you this example. :) And as others also said; you should get familiar with how to prevent SQL injections.

mysqli can do multi statements in one query, your code doesn't look any better than the OP's code, it looks even worse. md5 without salt, mysqli directly passing variables, it's all still messy and less secure — Daniel W., Sep 23 '13 at 11:36
@DanFromGermany - I simply showed him how to pass data from a form to a database as that's what he asked about. — prk, Sep 23 '13 at 11:38
you showed him, the wrong way. Look at my answere here on how to use mysqli the good way: http://stackoverflow.com/a/18196311/1948292 — Daniel W., Sep 23 '13 at 11:40

Adding data to mysql database through html form

1 Answers1