An empty row gets inserted into the database in spite of the posted data through a form

Question

I made a simple HTML form with [post] method, and with an external action php page. The problem I face is that every time I press the submit button, an empty row gets inserted in database instead of my input data.

This is my index page :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Webediah Add new hosting customer</title>
<style type="text/css">
.auto-style1 {
    text-align: left;
}
.auto-style2 {
    text-align: center;
}
</style>
</head>

<body>
<form id="form1" name="form1" method="post" action="add.php">
  <p>&nbsp;</p>
  <h1 class="auto-style2"><strong>New Hosting Customer </strong></h1>
  <p>&nbsp;</p>
  <table width="43%" border="0" align="center">
    <tr>
      <td width="36%" scope="row" class="auto-style1">Customer name :</td>
      <td width="64%"><label for="cname"></label>
      <input type="text" name="cname" id="cname" style="width: 233px" /></td>
    </tr>
    <tr>
      <td scope="row" class="auto-style1">Customer Domain :</td>
      <td><label for="cdomain"></label>
      <input type="text" name="cdomain" id="cdomain" style="width: 234px" /></td>
    </tr>
    <tr>
      <td scope="row" class="auto-style1">Host start on :</td>
      <td><label for="hstart"></label>
      <input type="text" name="sdate" id="hstart" style="width: 236px" /></td>
    </tr>
    <tr>
      <td scope="row" class="auto-style1">Host ends on :</td>
      <td><label for="hends"></label>
      <input type="text" name="edate" id="hends" style="width: 236px" /></td>
    </tr>
    <tr>
      <td scope="row" class="auto-style1">Customer Email :</td>
      <td><label for="cemail"></label>
      <input type="text" name="cemail" id="cemail" style="width: 237px" /></td>
    </tr>
    <tr>
      <th scope="row">&nbsp;</th>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <th scope="row"><input type="submit" name="Submit" id="Submit" value="Submit" /></th>
      <td>&nbsp;</td>
    </tr>
  </table>
  <p>&nbsp;</p>
</form>


</body>
</html>

And this is my external action php page:

<?php $con = mysqli_connect("localhost","root","111","awamah");


if (mysqli_connect_errno())
echo " error in mysql connection" . mysqli_connect_errno(); 


$sql = "INSERT INTO `customer` (`cname`,`cdomain`,`sdate`,`edate`,`cemail`) VALUES ('$_post[cname]','$_post[cdomain]','$_post[sdate]','$_post[edate]','$_post[cemail]')";

if(!mysqli_query($con,$sql))
{
    die('Error: ' . mysqli_error($con));
}
echo "1 record added";

?>

$_POST not $_post. Also you are wide open to SQL injection attacks. — JBES, Apr 07 '14 at 22:35
Reference: "The variable name is case-sensitive." http://www.php.net/manual/en/language.variables.basics.php — showdev, Apr 07 '14 at 22:39
thank you , :) i am a beginner in php and mysql so i didn't notice this points ... — abdullah alawa, Apr 07 '14 at 22:56
Yes, and you failed to accept the first correct answer, instead you accepted the last answer that was a blatant copy of the first correct answer. — JBES, Apr 07 '14 at 22:59
@JBES not true my friend , i accept the most valuable answer for me :) — abdullah alawa, Apr 09 '14 at 18:54

score 2 · Accepted Answer · edited May 23 '17 at 12:05

2

$_POST is a superglobal and must be in uppercase.

You have $_post in your VALUES query, change them all to $_POST which is the main explanation.

These are also superglobals:

$GLOBALS
$_SERVER
$_GET
$_POST
$_FILES
$_COOKIE
$_SESSION
$_REQUEST
$_ENV

To learn more about superglobals, visit the PHP.net Website:

http://www.php.net/manual/en/language.variables.superglobals.php

Warning

Your present code is open to SQL injection. Use prepared statements, or PDO

edited May 23 '17 at 12:05

Community

1
1

answered Apr 07 '14 at 22:51

Funk Forty Niner

74,450
15
68
141

Another duplicate of my answer? Fred -ii-. Shame on you. :) – JBES Apr 07 '14 at 22:52
I actually "wrote" this. @JBES with an explanation. You wrote it's case sensitive; it's a superglobal, which is the main reason; read it. Nobody provided the actual reason. Case-sensitivity has something to do with it, but not all of it. So big deal; I don't care for the damn points, just to get the information right. – Funk Forty Niner Apr 07 '14 at 22:52
@JBES I rarely "spoonfeed" OP's. Give them an answer where they'll type it in themselves, and they won't do the same mistake twice ;-) Plus, if you're in this just for the points, you're doing it for all the wrong reasons. – Funk Forty Niner Apr 07 '14 at 22:57
1

He/she won't even know what a superglobal is, and certainly won't care. Expanding an answer with useless info for the OP won't help. And I'm not here for points, I don't bother posting let alone visiting much anymore. It didn't take me long to realise SO contributes nothing but problems and security issues to the Web. The sacrilege of the Internet in front of your eyes. It is also moderated by people who take no time to even read what they are moderating. A sham in totality, making a fool of trained professionals. – JBES Apr 07 '14 at 23:03
It's time they get to know the syntax/wording (*why get into PHP/SQL/etc. in the first place if someone doesn't know the terminologies?*). When someone gets into coding, it shouldn't be for fun and games and should be "taught" the correct terms as soon as possible. @JBES Just because the other guy's answer got accepted, move on. You win some, you lose some. If there's only one answer and it's been accepted yet doesn't give the proper explanation, then the next person who visits the question will not know the "why"; and that's part of the importance and to contribute as a community should. – Funk Forty Niner Apr 07 '14 at 23:09
Yeah, the accepted answer doesn't explain the problem! Exactly my point. It is useless to future visitors! There are major problems with this site, that will probably never be addressed. All these kiddies are simply pushing out rubbish code, full of holes, all bodged together, and we are helping them. I'm out. :) – JBES Apr 07 '14 at 23:13
Exactly. Now, another thing about case-sensitivity is this: writing `pOst` and `pOST` and `POst` and `A!=a;` now that's saying it's case-sensitive. Letter-case can mean many things; I've been in the typesetting industry for over 20 years (FYI) and a type editor. In saying that it's a superglobal and "must" be in uppercase is what you should have been written in your answer. In doing so, you would've probably not have "won" the answer, but would most probably have been UPvoted by others by explaining the "why". @JBES - *Just saying* ;-) – Funk Forty Niner Apr 07 '14 at 23:18
I don't know why you deleted your answer. I was just typing up a comment stating "I will upvote this, because there was an explanation given, as opposed to the accepted answer" @JBES Soon as I hit "Add comment", it froze. – Funk Forty Niner Apr 07 '14 at 23:22
2

thank you for your comments and your answers , @JBES i read the most valuable answer for me and accept it , another thing i have to mention , professional coder basically was a beginner in past time , and his mistakes what makes him professional in future ,, so please there is no need for negative sentences :( – abdullah alawa Apr 08 '14 at 18:49
@abdullahalawa You're welcome Abdullah. I was glad to be able to share that information with you, cheers. – Funk Forty Niner Apr 08 '14 at 19:04

An empty row gets inserted into the database in spite of the posted data through a form

1 Answers1