Storing data from form into a database

Question

It does not show any error when I run it but it does not store anything on the bookstore_hw3 database on the table clients.

There is one more column on the table clients called client_id and is auto incremented. Is this the problem?

Can someone review this code and suggest what the problem is?

This is the HTML form:

<form  action="clientData.php" method="post">
First Name: <input type='text' id='client_fname' /><br />
Last Name: <input type='text' id='client_lname' /><br />
City: <select id='client_city'>
    <option>Please Choose</option>
    <option>Prishtine</option>
    <option>Mitrovice</option>
    <option>Peje</option>
    <option>Gjakove</option>
        <option>Ferizaj</option>
        <option>Prizren</option>
</select><br />
Gender: <select id='client_sex'>
    <option>Please Choose</option>
    <option>F</option>
    <option>M</option>
</select><br />
Username(3-10 characters): <input type='text' id='client_username' /><br />
Password(3-10 characters): <input type='password' id='client_pass' /><br />
<input type='submit' value='Submit' />
<input type="reset" value="Clear" />
</form>

This is the PHP code:

<?php
include('db_login.php');
// Connect
$connection = mysql_connect($db_host, $db_username, $db_password);
if (!$connection){
  die("Could not connect to the database: <br />". mysql_error( ));
}

// Select the database
$db_select = mysql_select_db($db_database);
if (!$db_select){
  die ("Could not select the database: <br />". mysql_error( ));
}
$fname = isset($_POST['client_fname']);
$lname = isset($_POST['client_lname']);
$city = isset ($_POST['client_city']);
$sex = isset($_POST['client_sex']);
$username = isset ($_POST['client_username']);
$pass = isset($_POST['client_pass']);

$sql = "INSERT INTO clients (client_fname, client_lname, client_city, client_sex, client_username, client_pass) VALUES ('$fname','$lname','$city','$sex','$username','$pass')";

mysql_close();

echo "Data stored on database.";
?>

This is the login code:

<?php
$db_host='localhost';
$db_database='bookstore_hw3';
$db_username='root';
$db_password='';
?>

Answer 1

The first problem is in the HTML code. PHP recognizes the data from the HTML form by the attribute name not id, so you should modify your HTML tags this way:

<input type='text' id='client_fname' name='client_fname' />

The second problem is with your PHP code. Replace this part:

$fname = isset($_POST['client_fname']);
$lname = isset($_POST['client_lname']);
$city = isset ($_POST['client_city']);
$sex = isset($_POST['client_sex']);
$username = isset ($_POST['client_username']);
$pass = isset ($_POST['client_pass']);

with this:

$fname = isset($_POST['client_fname']) ? $_POST['client_fname'] : null;
$lname = isset($_POST['client_lname']) ? $_POST['client_lname'] : null;
$city = isset ($_POST['client_city']) ? $_POST['client_city'] : null;
$sex = isset($_POST['client_sex']) ? $_POST['client_sex'] : null;
$username = isset ($_POST['client_username']) ? $_POST['client_username'] : null;
$pass = isset ($_POST['client_pass']) ? $_POST['client_pass'] : null;

isset() only checks if the variable exists and returns true/false. In my code, the statement isset(foo) ? foo : bar checks if the variable exists and if yes, its content is returned, if no, then null is returned.

The third problem is that you are not executing your SQL query on the database. So add there also this:

mysql_query($sql);

Also your PHP code is vulnerable to SQL injection and should be fixed (you can read more about it in this post: How can I prevent SQL injection in PHP?)

Answer 2

The problem is here:

$fname = isset($_POST['client_fname']);
$lname = isset($_POST['client_lname']);
$city = isset ($_POST['client_city']);
$sex = isset($_POST['client_sex']);
$username = isset($_POST['client_username']);
$pass = isset ($_POST['client_pass']);

All isset does is return a 1 (true) or 0 (false) so you are setting your data values to 1 or 0. So it should be this instead:

$fname = isset($_POST['client_fname']) ? $_POST['client_fname'] '';
$lname = isset($_POST['client_lname']) ? $_POST['client_lname'] '';
$city = isset ($_POST['client_city']) ? $_POST['client_city'] '';
$sex = isset($_POST['client_sex']) ? $_POST['client_sex'] '';
$username = isset($_POST['client_username']) ? $_POST['client_username'] '';
$pass = isset($_POST['client_pass']) ? $_POST['client_pass'] '';

Note the format of isset([something]) ? [something] : ''; which is a ternary operator which equates to [check something] ? [if true do this] : [if false do this]. It’s basically a simple if/else bit of logic but in one compact line.

Also, you set the query but never run it:

$sql = "INSERT INTO clients (client_fname, client_lname, client_city, client_sex, client_username, client_pass) VALUES ('$fname','$lname','$city','$sex','$username','$pass')";

So that should be this:

$sql = "INSERT INTO clients (client_fname, client_lname, client_city, client_sex, client_username, client_pass) VALUES ('$fname','$lname','$city','$sex','$username','$pass')";
mysql_query($sql, $connection);

Answer 3

The html attribute you use is wrong, you should use name attribute. For example:

<select name='client_city'>

And the code

$fname = isset($_POST['client_fname']);

Is wrong because the function isset return true or false if the argument is or not isset.

So the query inserted is

"INSERT INTO clients (client_fname, client_lname, client_city, client_sex, client_username, client_pass) VALUES ('false','false','false','false','false','false')";

Answer 4

The use of isset function is incorrect.

You can use as shown below :

    $fname = "";                             // default for var for insert statement    
    if (isset($_POST['client_fname']))       // check if the field if not emprty
    {
        $fname = $_POST['client_fname']      // set the var for insert statement
    }

Using the same method with the other fields.