I am trying to store form information in a mysql database but it does not foward to the database

Question

So I have a form and the form action= the file that contains the code below. I am getting a connection but the data is not saving. I formatted my form with input type textarea and the database with long text because I want to give the user as much space as they need to write their information. I think this might be my issue and have been searching the web to see if it is but I can't find anything that says it is or not. The weird part is that one time i did see an increase in the row of the database but when I checked it the row didn't contain the info I sent, it was blank.

 <?php 
    session_start();

    if (strlen($_POST['recipe'])|| strlen($_POST['usrtext'])||strlen($_POST['usrtxt'])    ='0')
    {header('location:shareerror.php');}  
    else
    {
     $connection = mysql_connect("localhost","root","")
    or die("no connection");
    $db_select=mysql_select_db("smqr",$connection)
    or die("no connection to db");


    $query=mysql_query("INSERT INTO seafood(`recipe`,`usrtext`,'usrtxt')
    VALUES('$recipe','$usrtext''$usrtxt')");

    header ('location:thanks.php'); }

    ?>

You missed a comma in your insert into code. Change it to `$query=mysql_query("INSERT INTO seafood('recipe','usrtext','usrtxt') VALUES('$recipe','$usrtext','$usrtxt')");` — sushant-hiray, Nov 21 '13 at 12:41
imulsion's comment is misleading. PHP's mysql_ connection method is deprecated. MySQL is doing just fine. — Strawberry, Nov 21 '13 at 12:44

score 1 · Answer 1 · answered Nov 21 '13 at 12:45

1

By mistake you are assigning instead of checking corrected statement is:

if (strlen($_POST['recipe'])|| strlen($_POST['usrtext'])||strlen($_POST['usrtxt']) ==0)

answered Nov 21 '13 at 12:45

Vipin Kumar Soni

826
10
18

score 0 · Answer 2 · answered Nov 21 '13 at 12:38

There is an error in your query

 $query=mysql_query("INSERT INTO seafood(`recipe`,`usrtext`,'usrtxt')
    VALUES('$recipe','$usrtext''$usrtxt')");

change this to

 $query=mysql_query("INSERT INTO seafood(`recipe`,`usrtext`,`usrtxt`)
    VALUES('$recipe','$usrtext','$usrtxt')");

score 0 · Answer 3 · edited May 23 '17 at 12:28

You are not setting the values for $recipe, $usrtext and $usrtxt

You are missing a comma in the values.

You are using strlen instead of isset

Also please take a look at How can I prevent SQL injection in PHP?. Your code is vulnerable to sql injection.

Here is the fixed code (with sql injection vulnerability intact!!)

 <?php 
    session_start();

    if (!isset($_POST['recipe'])|| !isset($_POST['usrtext'])||!isset($_POST['usrtxt']))
    {
        header('location:shareerror.php');
    }  
    else
    {
        $connection = mysql_connect("localhost","root","")
        or die("no connection");

        $db_select=mysql_select_db("smqr",$connection)
        or die("no connection to db");

        $recipe = $_POST['recipe'];
        $usrtext = $_POST['usrtext'];
        $usrtxt = $_POST['usrtxt'];

        $query=mysql_query("INSERT INTO seafood(`recipe`,`usrtext`,'usrtxt')
        VALUES('$recipe','$usrtext','$usrtxt')");

        header('location:thanks.php'); 
    }
?>

Kevinvhengst · Answer 4 · 2013-11-21T12:52:26.043

0

Also you didn't assign the variables used in the query.

$query=mysql_query("INSERT INTO seafood(`recipe`,`usrtext`,`usrtxt`)
VALUES('$recipe','$usrtext','$usrtxt')");

do that like this:

$recipe = $_POST['recipe'];
$usrtext = $_POST['usrtext'];
$urstxt = $_POST['usertxt'];

Then you can use the variables in the query

edited Nov 21 '13 at 12:52

answered Nov 21 '13 at 12:43

Kevinvhengst

1,672
4
27
40

1

You missed a comma in the insert into query. The original query has a typo. – sushant-hiray Nov 21 '13 at 12:49

I am trying to store form information in a mysql database but it does not foward to the database

4 Answers4