Exporting data from a form to my database ( PHP / MySQL )

Question

I have a problem with my web app, when I fill the form and I validate it, I didn't get anything in my phpmyadmin page! The connection is well made, but no data exported.

Here's my php code :

  <?php
      $connect=mysqli_connect("localhost","root","","ramsa");

      if (mysqli_connect_errno()) {
        echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
        exit();
    }


$db_selected = mysqli_select_db($connect,"ramsa");

if (!$db_selected)
  {
  die ("Can\'t use this databse : " . mysqli_error());
  }


$query = " INSERT INTO 'reservoir' (CodeReservoir, NomReservoir, AdresseReservoir, Latitude, Longtitude, Capacite, CodeRadial, Type, PseudoType, Alimentation)
           VALUES ('$_POST[coderes]', '$_POST[nomres]', '$_POST[adressres]', '$_POST[latitude]', '$_POST[longitude]', '$_POST[capaciteres]', '$_POST[coteradres]', '$_POST[typeres]','$_POST[pseutype]', '$_POST[alimentationres]')";

echo "Resvoir bien ajouté.";
mysqli_query($connect,$query);
mysqli_close($connect);



?>

and here's my form's html code :

    <form id="formulaire" role="form" action="send.php" method="POST">
                    <h3 style="color:red;">Ajouter un reservoir</h3>
                    <label for="coordlat" style="margin-bottom:7px;">Latitude du point</label>
                    <input type="text" class="form-control" id="latitude" name="latitude" placeholder="Latitude"  style="margin-bottom:7px;" required>
                    <label for="coordlng" style="margin-bottom:7px;">Longitude de point</label>
                    <input type="text" class="form-control" id="longitude" name="longitude"  placeholder="Longitude" style="margin-bottom:7px;" required>
                    <label for="coordlng" style="margin-bottom:7px;">Code du reservoir</label>
                    <input type="text" class="form-control" id="coderes" name="coderes" placeholder="Code" style="margin-bottom:7px;" required>
                    <label for="coordlng" style="margin-bottom:7px;">Nom du reservoir</label>
                    <input type="text" class="form-control" id="nomres" name="nomres"  placeholder="Nom" style="margin-bottom:7px;" required>
                    <label for="coordlng" style="margin-bottom:7px;">Adress du reservoir</label>
                    <input type="text" class="form-control" id="adressres" name="adressres"  placeholder="Adress" style="margin-bottom:7px;" required>
                    <label for="coordlng" style="margin-bottom:7px;">Capacité du reservoir</label>
                    <input type="text" class="form-control" id="capaciteres" name="capaciteres"  placeholder="Capacité" style="margin-bottom:7px;" required>
                    <label for="coordlng" style="margin-bottom:7px;">Alimentation</label>
                    <input type="text" class="form-control" id="alimentationres" name="alimentationres"  placeholder="Alimentation" style="margin-bottom:7px;" required>
                    <label for="coordlng" style="margin-bottom:7px;">Cote radial du reservoir</label>
                    <input type="text" class="form-control" id="coteradres" name="coteradres"  placeholder="Cote radial" style="margin-bottom:7px;" required>
                    <div style="padding-top:10px;">
                        <select name="typeres" style="margin-bottom:7px;" required>
                                <option value="" disabled selected>Type du reservoir</option>
                                <option value="enterre">Enterré</option>
                                <option value="semi-enterre">Semi enterré</option>
                        </select>
                        <select name="pseutype" style="margin-bottom:7px;" required>
                                <option value="" disabled selected>Pseudo-type du reservoir</option>
                                <option value="onep">Reservoir ONEP</option>
                                <option value="ramsa">Reservoir RAMSA</option>
                                <option value="onep">Forage C</option>
                                <option value="onep">Forage RA</option>
                        </select>
                    </div>
                    <div style="padding-top:10px;">
                        <input type="submit" value="Valider" id="Reservoirbtn" class="btn btn-success" name="submit">
                        <input type="reset" value="Vider es champs" id="Reservoirbtn" class="btn btn-danger"   style="margin-left:25px;">
                    </div>
            </form>

Even if this code were working correctly, you'd have a problem: you're wide open to [SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — John Flatness, Jul 15 '14 at 00:47

score 0 · Answer 1 · answered Jul 15 '14 at 01:01

First, I would say you need to absolutely not directly add anything from the $_POST super global into an SQL query like that. You are wide WIDE open to an SQL Injection attack doing that.

That being said, have you verified the column names and value types?

I would recommend first trying something like this in your php to identify the error

<?php
      $connect=mysqli_connect("localhost","root","","ramsa");

      if (mysqli_connect_errno()) {
        echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
        exit();
    }


$db_selected = mysqli_select_db($connect,"ramsa");

if (!$db_selected)
  {
  die ("Can\'t use this databse : " . mysqli_error());
  }


$testData = Array(); //fill this with a false data set for each column of data

$testInput = "'".implode("','",$testData)."'";

$query = " INSERT INTO `reservoir` (`CodeReservoir`, `NomReservoir`, `AdresseReservoir`, `Latitude`, `Longtitude`, `Capacite`, `CodeRadial`, `Type`, `PseudoType`, `Alimentation`)
           VALUES ($testInput)";

echo $query."<br/>";  //so that you can run it directly in the server using PHPMyAdmin or MySQL Workbench or similar application
mysqli_query($connect,$query);
echo mysqli_error($connect);
mysqli_close($connect);
?>

Obviously the Insert is failing for some reason. In my experience, this is almost always due to an incorrect field name. Without seeing your field list it's difficult to say for certain if that's the case. Regardless, the debugging code above should help you identify where the error is so that you can correct it.

Edit: Just noticed that you enclosed your table name in single quotes. This is invalid syntax. You'd want to enclose them in ticks ` (or accent marks, i.e. the key right below the escape key). Also enclose all field names in ticks (I've edited my code sample above to reflect these changes).

As an addition note, please read up on SQL Injection attacks and how to prevent them. https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet — deimal, Jul 15 '14 at 01:05

Exporting data from a form to my database ( PHP / MySQL )

1 Answers1