Php mysql html form submission error

Question

I'm working on a cms for my site and this form is not submitting. I know its a query problem, but I can't figure out whats wrong. Any help? Also, the $db is in my config and I do include it at the top of the page. The problem is its not submitting and all it does it refresh, nothing else. I also want to display there form submissions in a table later, but I don't know how to do that, if anyone can help me with that part that would be great as well.

php:

    <?php
if(isset($_POST['submit']))
{
  $c_name = $_POST['channel_username'];
  $v_link = $_POST['video_link'];
  $v_title = $_POST['video_title'];
  $v_desc = $_POST['vido_description'];
  $v_tags = $_POST['video_tags'];
  $m_sources = $_POST['music_sources'];
  $s_requests = $_POST['special_requests'];

  if(empty($c_name) or empty($v_link) or empty($v_title) or empty($v_title) or empty($v_desc) or empty($v_tags))
  {
    echo 'You must fill in the first 5 fields.';
  }
  else
  {
    $getRank = $db->query("SELECT * FROM users WHERE username = '".$_SESSION['username']."'");
    while ($row = $getRank->fetch_assoc())
    {
      $usename = $row['username'];
      $rank = $row['rank'];
    }
   $db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES ('$username', '$rank', '$c_name', '$v_link', '$v_title', '$v_desc', '$v_tags', '$m_sources', '$s_requests')");
    echo 'Form submitted successfully.';
    }
  }
?>

Html:

    <form method="POST">
  <p>Channel name <input type="text" name="channel_name" required>*</p>
  <p>Video Link   <input type="text" name="video_link" required>*</p>
  <p>Video Title  <input type="text" name="video_title" required>*</p>
  <p>Video Description <input type="text" name="video_description" required>*</p>
  <p>Video Tags   <input type="text" name="video_tags" required>*</p>
  <p>Music Sources <input type="text" name="music_sources"></p>
  <p>Special Requests <input type="text" name="special_requests"></p>
  <br></br>
  <p><input type="submit" name="submit" value="Submit"></p>
</form>

Sorry, the field names in HTML and PHP doesn't match a bit. Thus, this question is useless. — SteAp, Feb 13 '14 at 22:28
In addition to the form fields / post keys not matching (`c_name` != `channel_username`, etc), your query has mismatched single / double quotes -> `"INSERT INTO submitted_forms ... VALUES (''.$username.'',` should be `"INSERT INTO submitted_forms ... VALUES ('".$username."',` or simply `"INSERT INTO submitted_forms ... VALUES ('$username',` — Sean, Feb 13 '14 at 22:31
also, you are checking `if(isset($_POST['submit']))`, but your submit button does not have the name `submit` -> `` should be ``. It looks like you need to go through your html and your php and make sure each form element is the same as each php post variable. — Sean, Feb 13 '14 at 22:35
I matched up the html and php and changed the query to what the guy below posted, but still didn't work. I'm going to do the submit button now and see if that works — user3051246, Feb 13 '14 at 22:37
Yeah, I changed the button, still didn't work, I changed the query, still didn't work, I matched up all the html, still didn't work. — user3051246, Feb 13 '14 at 22:42
do any of your values have a single quote? You should escape/sanitize your data to be safe. — Sean, Feb 13 '14 at 22:54
take a look at http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Sean, Feb 14 '14 at 22:15
Thanks @sean but i'm just trying to fix the error, then i'll worry about security, plus this isn't a public website, so i'm not too worried about sql injections or anything like that. — user3051246, Feb 14 '14 at 23:40

score 1 · Answer 1 · answered Feb 13 '14 at 22:31

If the problem is indeed with the query, then it's probably this:

$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES (''.$username.'', ''.$rank.'', ''.$c_name.'', ''.$v_link.'', ''.$v_title.'', ''.$v_desc.'', ''.$v_tags.'', ''.$m_sources.'', ''.$s_requests.'')");

I think instead, you want:

$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES ('$username', '$rank', '$c_name', '$v_link', '$v_title', '$v_desc', '$v_tags', '$m_sources', '$s_requests')");

-- edit --

further to that, although it won't give you an error as-is, you really oughtn't insert fresh POST data in there. At the very least you probably want to use mysqli_real_escape_string on it.

Php mysql html form submission error

1 Answers1