Values are not inserting in MySQL form from php form even after successful submission

Question

I am new to PHP and MySQL. I created a php form to save some data to the databse table. After submitting the form, it gives

"1 recorded added"

as specified in the php insert string. But after opening the table in phpmyadmin, it shows a new row added but no data in it..

The php form is:

<h2>Register Yourself</h2>
            <form method="post" action="get-member.php">
                <div>
                    <span><p>First Name:</p></span>
                    <span><input type="text" class="form-control" id="FirstName"></span>
                </div>
                <div>
                    <span>Last Name:</span>
                    <span><input type="text" class="form-control" id="LastName"></span>
                </div>
                <div>
                    <span>Father's Name: </span>
                    <span><input type="text" class="form-control" id="FatherName"></span>
                </div>
                <div>       
                    <span>Mother's Name: </span>
                    <span><input type="text" class="form-control" id="MotherName"></span>
                </div>
                <div>           
                    <span>Date of Birth: </span>
                    <span><input type="date" class="form-control" id="DOB"></span>
                </div>
                <div>
                    <span>Address: </span>
                    <span><input type="text" class="form-control" id="Address"></span>
                </div>
                <div>       
                    <span>City: </span>
                    <span><input type="text" class="form-control" id="City"></span>
                </div>
                <div>   
                    <span>District: </span>
                    <span><input type="text" class="form-control" id="District"></span>
                </div>
                <div>       
                    <span>Postal Code: </span>
                    <span><input type="text" class="form-control" id="PostalCode"></span>
                </div>
                <div>
                    <span>Personal Mobile #:</span>
                    <span><input type="number" class="form-control" id="Pmobile"></span>
                </div>
                <div>   
                    <span>Father's Contact #:</span>
                    <span><input type="number" class="form-control" id="Fmobile"></span>
                </div>
                <div>
                    <span>Mother's Contct #:</span>
                    <span><input type="number" class="form-control" id="Mmobile"></span>
                </div>
                <div>
                    <span>Home contact #:</span>
                    <span><input type="number" class="form-control" id="Hmobile"></span>
                </div>
                <div>
                    <span><input type="submit" value="Register"></span>
                </div>
            </form>

and the get-member.php file is:

<?php


//stablising connection
include("../database/connection.php"); 

//escape variables for security
$FirstName = mysqli_real_escape_string($con, $_POST['FirstName']);
$LastName = mysqli_real_escape_string($con, $_POST['LastName']);
$FatherName = mysqli_real_escape_string($con, $_POST['FatherName']);
$MotherName = mysqli_real_escape_string($con, $_POST['MotherName']);
$DOB = mysqli_real_escape_string($con, $_POST['DOB']);
$Address = mysqli_real_escape_string($con, $_POST['Address']);
$City = mysqli_real_escape_string($con, $_POST['City']);
$District = mysqli_real_escape_string($con, $_POST['District']);
$PostalCode = mysqli_real_escape_string($con, $_POST['PostalCode']);
$Pmobile = mysqli_real_escape_string($con, $_POST['Pmobile']);
$Fmobile = mysqli_real_escape_string($con, $_POST['Fmobile']);
$Mmobile = mysqli_real_escape_string($con, $_POST['Mmobile']);
$Hmobile = mysqli_real_escape_string($con, $_POST['Hmobile']);




$sql="INSERT INTO RUPmembers (FirstName, LastName, FatherName, MotherName, DOB, Address, City, District, PostalCode, Pmobile, Fmobile, Mmobile, Hmobile)

VALUES ('$FirstName','$LastName','$FatherName','$MotherName','$DOB','$Address','$City','$District','$PostalCode','$Pmobile','$Fmobile','$Mmobile','$Hmobile')";

if (!mysqli_query($con,$sql))
{
    die ('Error:' . mysqli_error($con));
}
echo "1 Record addedd";




//closing connection
include("../database/close-connection.php");

?>

The phpmyadmin table after inserting 3 data(s):

[sorry it is requesting to gain 10 repo to be able to add image, but here is the link of the screenshot http://oi60.tinypic.com/n6rtyu.jpg ]

This code is susceptible to sql-injection. This is very dangerous as attackers can maniupulate your database. Also your string concatenation is not working. PHP string concatenation would look something like `VALUES ('".$FirstName."' ` — Pankrates, Jun 08 '14 at 07:40
Please note, that such code is vulnerable to SQL injection attack. You should sanitize your inputs before working with database, or use parametrized parameters: $stmt = mysqli->prepare("INSERT INTO RUPmembers (FirstName) VALUES (?)"); $stmt->bind_param("s", $FirstName); $stmt->execute(); — mikiqex, Jun 08 '14 at 07:42
Dear Pankrates and @mikiqex the above questing has been updates as per your suggestion to sql injection susceptibility. Thnks to you both. — Anuj TBE, Jun 08 '14 at 08:05

score 1 · Answer 1 · edited May 23 '17 at 12:00

1

You are using id="FirstName"

You need to have the property name set for each field. For example:

name="FirstName"

To debug this, you should take a look at your $_POST vars using var_dump($_POST) to show what is being passed on from the form.

Note: Queries should be protected from any data received from the user to prevent sql injection. See this post to learn how to avoid this.

edited May 23 '17 at 12:00

Community

1
1

answered Jun 08 '14 at 07:36

mseifert

5,390
9
38
100

although true, this is not the least of this problems. His string concatenation is incorrect and he is massively vulnerable to sql injection – Pankrates Jun 08 '14 at 07:41
Thanks @mseifert, actualy i'm newbie to php. You have solved my problem within seconds. Thanks again, I had lost my last night solving this. – Anuj TBE Jun 08 '14 at 07:44
you are right @Pankrates, i understand the same, actualy the escape variable string was like this, $FirstName = mysqli_real_escape_string($con,$_POST['FirstName']); but i removed the same in shake to solve the problem bt nothing special happend, I will add it back again. Thanks to you too – Anuj TBE Jun 08 '14 at 07:45
Glad to help. It is often the simplest of things when starting out. My answer stayed strictly to what you were asking and what I believed was holding you up. However, the comment from @Pankrates regarding sql injection is something you should look into. Queries should be protected from Any data received from the user to prevent sql injection. See this [post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) to learn how to avoid this. – mseifert Jun 08 '14 at 07:55
@mseifert the question has been updated with regarding sql injection, this syntax I got from www.w3schools.com the official tutorial site of w3.org – Anuj TBE Jun 08 '14 at 08:07

score 1 · Accepted Answer · answered Jun 08 '14 at 07:42

1

Change

input type="text" class="form-control" id="LastName">

to

input type="text" class="form-control" name="LastName">

This should slove your problem however do not insert unmanipulated info from users into your query.

answered Jun 08 '14 at 07:42

user3655857

55
7

score 0 · Answer 3 · answered Jun 08 '14 at 16:31

0

To catch data from the html form by php,the name should be given inside the $_post[''] method not the id. use name="FirstName" name="LastName" name="DOB" etc..

it will solve the problem..

answered Jun 08 '14 at 16:31

Sanjaya

156
1
9

Values are not inserting in MySQL form from php form even after successful submission

3 Answers3