Execute PHP Script using HTML Form

Question

Hello dear why i always fail to learning php, would be grateful if someone can help me. :'( i was followed step by step here :

http://www.w3schools.com/php/php_mysql_insert.asp

but when i click button submit query nothing happen, just show a blank white screen and i dont see new data on database?

enter image description here

<html>
<body>

<form action="insert.php" method="post">
Firstname: <input type="text" name="firstname">
Lastname: <input type="text" name="lastname">
Age: <input type="text" name="age">
<input type="submit">
</form>

</body>
</html>

    <?php
    $con=mysqli_connect("localhost","root","","garutexpress");
    // Check connection
    if (mysqli_connect_errno())
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }

    $sql="INSERT INTO Persons (FirstName, LastName, Age)
    VALUES
    ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";

    if (!mysqli_query($con,$sql))
      {
      die('Error: ' . mysqli_error($con));
      }
    echo "1 record added";

    mysqli_close($con);
   ?>

if data successfull added it should give echo "1 record added"; but i never see this message.

**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Apr 24 '14 at 06:53
Note `// escape variables for security` part in the tutorial. — pawel7318, Apr 24 '14 at 06:53
thanks for suggestion dear, i have ever hear about sql injection maybe when i was understand PHP and sql step by step i will learning how to defend myself :)) — Aillaa, Apr 24 '14 at 07:01

Paul Bele · Accepted Answer · 2014-04-24T07:58:30.757

1

Your table name is "persons", not "Persons"

When you make a query, your table name has to be the same as in your database. If you look in phpMyAdmin , your table is "persons" with lowercase

Edited according to : @I Can Has Cheezburger

Please change the name of your table in your code like and make sure about to wrap quotes accordingly :

  <?php
    $con=mysqli_connect("example.com","peter","abc123","my_db");
    // Check connection
    if (mysqli_connect_errno())
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }



    $sql='INSERT INTO persons (Firstname, Lastname, Age)
VALUES
("'.$_POST['firstname'].'","'.$_POST['lastname'].'","'.$_POST['age'].'");

    if (!mysqli_query($con,$sql))
      {
      die('Error: ' . mysqli_error($con));
      }
    echo "1 record added";

    mysqli_close($con);
   ?>

edited Apr 24 '14 at 07:58

answered Apr 24 '14 at 06:51

Paul Bele

1,514
1
11
12

so uppercase and lowercase will take effect? – Aillaa Apr 24 '14 at 06:55
use the same in both ( table name and when you query ) if you have "persons" in database, when you query, put "persons" also – Paul Bele Apr 24 '14 at 06:56
oh okaay, you are right deaar .. thank you so much :)) – Aillaa Apr 24 '14 at 06:59
The columns are also mismatched (`FirstName` => `Firstname` and `LastName` => `Lastname`). – Sverri M. Olsen Apr 24 '14 at 07:55

AyB · Answer 2 · 2014-04-24T07:11:20.813

1

Common error, you are not wrapping your POST array index with quotes.

Do it like:

$sql='INSERT INTO persons (FirstName, LastName, Age)
VALUES
("'.mysqli_real_escape_string($con,$_POST['firstname']).'","'.mysqli_real_escape_string($con,$_POST['lastname']).'","'.mysqli_real_escape_string($con,$_POST['age']).'");

Also, as @seblaze mentioned, table names are case-sensitive, so use persons instead of Persons

For more security, use prepared statements.

edited Apr 24 '14 at 07:11

answered Apr 24 '14 at 06:54

AyB

11,609
4
32
47

like this dear? $sql="INSERT INTO persons (FirstName, LastName, Age) VALUES (mysqli_real_escape_string('$_POST[firstname]'),mysqli_real_escape_string('$_POST[lastname]'),mysqli_real_escape_string('$_POST[age]'))"; – Aillaa Apr 24 '14 at 07:03
dear thankyou so much :)) but i cant give reputation to two people at the same time :( – Aillaa Apr 24 '14 at 08:05

score 0 · Answer 3 · edited May 23 '17 at 10:26

0

A blank screen means most of the time that you are dealing with some error. You have to turn error reporting on for your local development. How do I enable error reporting in PHP?
Check that your column names are written camelCase in your script but not in your database.
In most cases it's handy to have an ID column which is your unique identifier.
Good practice: Start using PDO

edited May 23 '17 at 10:26

Community

1
1

answered Apr 24 '14 at 06:52

Duikboot

1,093
1
12
24

score 0 · Answer 4 · edited May 23 '17 at 12:28

0

First,

You need to update the PHP configurations as:
memory_limit = 64M
Make sure you increase the memory .

Then, you need to enable Error reporting, using .htaccess file or configure it with php.ini. Read this for help

After that you can debug your work.

edited May 23 '17 at 12:28

Community

1
1

answered Apr 24 '14 at 06:53

Alaa Badran

1,848
15
19

thanks dear for coming here and tried to help me :)) – Aillaa Apr 24 '14 at 07:03

score 0 · Answer 5 · answered Apr 24 '14 at 06:59

0

Try the code in this, http://www.tizag.com/mysqlTutorial/mysqlinsert.php

in w3schools it uses mysqli I also had some issues with it.

in the link it has some sample codes and it uses mysql

answered Apr 24 '14 at 06:59

Shashika Fernando

66
5

okay dear thanks for coming here, i will learning on that site :) – Aillaa Apr 24 '14 at 07:05
1

yea also look at the manual atwww.php.net/manual/en/ there you can get all the information about PHP functions with how to use it. Hope with it you will get a better idea. – Shashika Fernando Apr 24 '14 at 07:14

Execute PHP Script using HTML Form

5 Answers5