How do I append data from a HTML form to a database on a button press? Possibly using PHP?

Question

Okay so I have a webserver running off a Raspberry Pi at the moment and I have a really basic form with seven textboxes. I want the values entered into the textboxes to append to a database when I click the 'Submit' button. I have HTML code to create the form:

<!DOCTYPE html>
<html>
        <head>
                <title>Assignment Submission Form</title>
        </head>
        <body>
                <form name="assi_subm" METHOD="POST" >
                        <p><label for="title">Title: </label><br><input id="title" name="title" type="text" size="25"></p>
                        <p><label for="password">Password: </label><br><input type="password" id="password" name="password" size="25" maxlength="20"></p>
                        <p><label for="soc">Statement of Contribution: </label><br><textarea style="width:300px;height:100px;"  name="soc" id="soc"></textarea></p>
                        <p><label for="object">Project Objectives: </label><br><textarea style="width:300px;height:100px;" name="object"  id="object"></textarea></p>
                        <p><label for="discuss">Review and Discussion of Technologies Used: </label><br><textarea style="width:300px;height:100px;" name="discuss" id="discuss"></textarea></p>
                        <p><label for="design">Design and Implementation: </label><br><textarea style="width:300px;height:100px;"  name="design" id="design"></textarea></p>
                        <p><label for="references">References: </label><br><textarea style="width:300px;height:100px;"  name="references" id="references"></textarea></p>
                        <p><input type="button" value="Submit"></p>
                </form>
        </body>
</html>

and that's fine, that opens as you'd expect. However I can't make the data from those textboxes actually append to the database when I click. I'm not totally sure if I'm even meant to be using PHP (I don't think I fully understand the concept in this situation) but I have the following code which is attempting to insert the data into the database by checking the button submission isn't empty? I'm not sure, I've been trying lots of different things but at the moment I'm just getting a blank page, I'm really confused, any help would be really appreciated. This is my current PHP code:

<?php
$con = mysql_connect("localhost", "root", "password") or die("Could not connect");
$database = mysql_select_db("assignment_submission", $con) or die("Could not do");
$title_IP = $_POST['title'];
$password_IP = $_POST['password'];
$soc_IP = $_POST['soc'];
$object_IP = $_POST['object'];
$discuss_IP = $_POST['discuss'];
$design_IP = $_POST['design'];
$references_IP = $_POST['references'];

if (!empty($_POST)){
    mysql_query($database, "INSERT INTO file_data (title, password, soc, object, discuss, design, references) values ($title_IP, $password_IP, $soc_IP, $object_IP, $discuss_IP, $design_IP, $references_IP);
}
?>

The code that you posted is invalid with missing pieces too, unless some weird thing happened when you pasted it in. There's `$` signs everywhere. — Funk Forty Niner, May 28 '14 at 03:52
he copied it from a console window , the end $ gives it away — , May 28 '14 at 03:52
look at the end of line 2 and 3, is that seriously the code you are running? — , May 28 '14 at 03:54
When you want to append (to add to), you don't use INSERT, you need to use UPDATE. You're overwriting using INSERT. You might even make use of `CONCAT()` — Funk Forty Niner, May 28 '14 at 04:00
Okay fixed it, sorry, not experienced with consoles obviously, oops. — user3682051, May 28 '14 at 04:01
Now for your present code, you need to add quotes for this `($title_IP, $password_IP, $soc_IP, $object_IP, $discuss_IP, $design_IP, $references_IP)` so it's `('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')");` you also had a missing double quote and bracket. — Funk Forty Niner, May 28 '14 at 04:04
Well it's not just a blank screen anymore but it still isn't appending. — user3682051, May 28 '14 at 04:10
Consult my answer below. There were more things wrong and is too long to write in comments. — Funk Forty Niner, May 28 '14 at 04:15

score 2 · Accepted Answer · edited May 23 '17 at 10:32

You have missing quotes around your values and a double quote plus a missing bracket.

You're also using the wrong variable $database for your insert, you can just remove it since you are using mysql_ as opposed to mysqli_ where DB connection is mandatory.

Another thing is the word references, it's a reserved word and must be wrapped in backticks.

`references`

Replace with the following:

mysql_query("INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')");

Or you can also use:

if (!empty($_POST)){
$sql = "INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')";

$query = mysql_query( $sql, $con );

    if($query ){
    echo "Success";
    }
        else{
        die('Could not insert data: ' . mysql_error());
        }
    }

Your present code is open to SQL injection. Use prepared statements, or PDO.

As the very least, use mysql_real_escape_string() around your POST variables.

I.e.: $title_IP = mysql_real_escape_string($_POST['title']);

mysql_* functions deprecation notice:

http://www.php.net/manual/en/intro.mysql.php

This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.

Documentation for MySQL can be found at » http://dev.mysql.com/doc/.

During development

Add error reporting to the top of your file(s)

error_reporting(E_ALL);
ini_set('display_errors', 1);

which will signal errors found.

Edit

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

$con = mysql_connect("localhost", "root", "password") or die("Could not connect");
$database = mysql_select_db("assignment_submission", $con) or die("Could not do");

if (isset($_POST['submit'])){

    $title_IP = $_POST['title'];
    $password_IP = $_POST['password'];
    $soc_IP = $_POST['soc'];
    $object_IP = $_POST['object'];
    $discuss_IP = $_POST['discuss'];
    $design_IP = $_POST['design'];
    $references_IP = $_POST['references'];

$sql = "INSERT INTO file_data (title, password, soc, object, discuss, design, `references`) values ('$title_IP', '$password_IP', '$soc_IP', '$object_IP', '$discuss_IP', '$design_IP', '$references_IP')";

$query = mysql_query( $sql, $con );

    if($query ){
    echo "Success";
    }
        else{
        die('Could not insert data: ' . mysql_error());
        }
    }
?>

<!DOCTYPE html>
<html>
    <head>
            <title>Assignment Submission Form</title>
    </head>
    <body>
        <form name="assi_subm" METHOD="POST" action="">
                <p><label for="title">Title: </label><br><input id="title" name="title" type="text" size="25"></p>
                <p><label for="password">Password: </label><br><input type="password" id="password" name="password" size="25" maxlength="20"></p>
                <p><label for="soc">Statement of Contribution: </label><br><textarea style="width:300px;height:100px;"  name="soc" id="soc"></textarea></p>
                <p><label for="object">Project Objectives: </label><br><textarea style="width:300px;height:100px;" name="object"  id="object"></textarea></p>
                <p><label for="discuss">Review and Discussion of Technologies Used: </label><br><textarea style="width:300px;height:100px;" name="discuss" id="discuss"></textarea></p>
                <p><label for="design">Design and Implementation: </label><br><textarea style="width:300px;height:100px;"  name="design" id="design"></textarea></p>
                <p><label for="references">References: </label><br><textarea style="width:300px;height:100px;"  name="references" id="references"></textarea></p>
                <p><input type="submit" name="submit" value="Submit"></p>
        </form>
    </body>
</html>

score -1 · Answer 2 · answered May 28 '14 at 04:01

Correct your sql query, use this code:

if (!empty($_POST)){
    mysql_query($database, "INSERT INTO file_data ($title_IP, $password_IP, $soc_IP, $object_IP, $discuss_IP, $design_IP, $references_IP)
}

and $ signs in PHP are used to create as well as reference variables, so you gotta use them everywhere.

How do I append data from a HTML form to a database on a button press? Possibly using PHP?

2 Answers2