1

For some reason I cannot get my form to insert into the database. I have re-written this 3 times using different methods and cant seem to get it to work. Was hoping someone could help in my over site. Here is my html code.

<?php 
include_once 'layout/header.php'; 
?>

<!DOCTYPE html>
<html lang="en">

<div class= "jumbotron"></div>
<body>

<form  action="send_form_email.php" method = "POST"/>
<p> First Name: <input  type="text" name="first_name" maxlength="50" size="30"/></p>
<p> Last Name: <input  type="text" name="last_name" maxlength="50" size="30"/></p>
<p> Email:<input  type="text" name="email"       maxlength="80" size="30"/></p>
<p> Telephone: <input  type="text" name="telephone" maxlength="12" size="30"/></p>
 <p> Comments: <textarea  name="comments" maxlength="1000" cols="32" rows="6"></textarea></p>
 <br>
 <input type="submit" value="Submit">   
 <br>
 </br>

</form>
</body>
 </html>
 <?php include_once 'layout/footer.php'; ?>

Here is the PHP code.

<?php 
include_once 'layout/header.php'; 
include_once 'db_function.php';
include_once 'helpers/helper.php';
session_start();

$DB_HOST = 'localhost';
$DB_USER = 'Chris';
$DB_PASSWORD = 'Uraloser82';
$DB_NAME = 'newsite';
$conn = mysqli_connect($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME);


$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$telephone = $_POST['telephone'];
$comments = $_POST['comments'];

$query = "INSERT INTO contact(first_name, last_name, email, telephone, comments) VALUES  ('$first_name', '$last_name', '$email', '$telephone', '$comments')";
?>

 <h4>Thank you for contacting Plank's Brickyard we will get back to you very soon!</h4>

<img class= "gamer" src= "assets/uploads/gamer.jpg">
<?php include_once 'layout/footer.php'; ?>
planker1010
  • 75
  • 2
  • 2
  • 10

2 Answers2

2

The reason why data isn't being inserted is that you're not querying.

Do the following by adding/using mysqli_query()

$query = mysqli_query($conn, "INSERT INTO contact ...

as a rewrite:

$query = mysqli_query($conn, "INSERT INTO contact 
(first_name, last_name, email, telephone, comments) 
VALUES  ('$first_name', '$last_name', '$email', '$telephone', '$comments')")

        or die(mysqli_error($conn));

using or die(mysqli_error($conn)) to catch DB errors, should any be present.

For more information on the function, visit:

Plus, your present code is open to SQL injection.
Use prepared statements, or PDO with prepared statements.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • This worked!! Thanks, this is my first html/PHP based site so i was unaware about the injection attack that you and the previous poster mentioned. I will look into re working that. Thanks – planker1010 Nov 08 '14 at 04:16
  • @planker1010 You're quite welcome. Injection attack prevention is very important. PDO with prepared statements go rather well, which is a personal preference of mine. *Cheers* – Funk Forty Niner Nov 08 '14 at 13:38
1

Looks like you are missing $conn->query($query);. Also you'll want to protect yourself from an sql injection attack by escaping your inputs. Example $first_name = $conn->real_escape_string($_POST['first_name']); If you still have issues then try testing by echoing your query and then running it in phpmyadmin.

Joel Caton
  • 116
  • 5
  • I added the missing $conn->query($query) and got 2 erros. So I echoed and the results are correct as to what is entered on the form. The first error tells me that the newly added code is "undefined". the Second error is empty querey? – planker1010 Nov 08 '14 at 04:14
  • Change your declaration of `$conn` to `$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME);` and it should work using the object oriented approach. See [php manual mysqli query](http://php.net/manual/en/mysqli.query.php) for details. – Joel Caton Nov 08 '14 at 04:22
  • I should have stuck with your procedural approach in my answer which would be `mysqli_query($conn,$query);` – Joel Caton Nov 08 '14 at 04:28