Php+data from form to database

Question

I have a problem trying to save data from a html form to a SQL database.I saw some other posts but nothing helped. That's the form code:

<?php

    require("connection.php");
echo '<html>
<title>Υποβολή Βιογραφικού</title>
</head></head>
<body>
    <form method='Post' action='insert.php'>
    Όνομα:<br>
    <input type="text" name="firstname">
    <br>
    Επώνυμο:<br>
    <input type="text" name="lastname">
    <br>
    Ηλικία:<br>
    <input type="number" name="age">
    <br>
    Σπουδές:<br>
    <textarea name="education" rows="10" cols="30"></textarea>
    <br>
    Επαγγελματική Εμπειρία:<br>
    <textarea name="experience" rows="10" cols="30"></textarea></textarea>
    <br>
    Ξένες Γλώσσες:<br>
    <textarea name="languages" rows="5" cols="10"></textarea>
    <br>
    Δυνατότητα Μετακίνησης:<br>
    <input type="text" name="travelling">
    <br>
    <br>
    <input type='submit' value='Υποβολή Βιογραφικού' />
    </form>




</body>
</html>';
?>

And that's the code that saves the data to the database.

<?php

include("connection.php");

$firstname=$_POST["firstname"];
$lastname=$_POST["lastname"];
$age=$_Post["age"];
$education=$_Post["education"];
$experience=$_Post["experience"];
$languages=$_Post["languages"];
$travelling=$_Post["travelling"];

mysql_query("INSERT INTO cv (Onoma, Epwnimo, Hlikia, Spoudes,
EpagelmatikiEmpeiria, KsenesGlwsses, DinatotitaMetakinisis)
VALUES 
('".$firstname."', '".$lastname."', '".$age."', '".$education."', 
'".$experience."', '".$languages."', '".$travelling."')");
header("Location:index.php");

?>

I'm new to programming with php so the mistake might be something little

Sidenote: You don't need to echo out your full HTML. Just do `` then your HTML. — Funk Forty Niner, Jan 05 '15 at 18:32
**warning** your code is extremely vulnerable to sql injection attacks! — Daniel A. White, Jan 05 '15 at 18:33
It may help to describe what you are actually observing when you run your code. Are some fields persisting to the DB but not others? Is incorrect data persisting? etc. — rchang, Jan 05 '15 at 18:44

score 1 · Answer 1 · edited May 23 '17 at 12:12

Here is one of the problems. All your $_Post must be in uppercase $_POST as it is a superglobal.

More on this at:

http://php.net/manual/en/language.variables.superglobals.php

Plus, your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

I also don't know why you're echoing HTML like that.

Just do <?php require("connection.php"); ?> then your HTML so you won't have to deal with quotes issues, where you're using single quotes to echo with...

then having them inside <form method='Post' action='insert.php'> and

<input type='submit' value='Υποβολή Βιογραφικού' />

which as Marc stated in his answer, would cause a parse error.

To get back to your using require("connection.php");. If you're not querying inside that page and that your query is in another file as your action handler, then you don't need it and can be safely removed and just using standard un-echo'd HTML.

You're doing it in what seems to be the "insert.php" file include("connection.php");

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Also add or die(mysql_error()) to mysql_query().

Sidenote: Error reporting should only be done in staging, and never production.

@FélixGagnon-Grenier Yes I am Félix. Must be the "cactus grower" in me. — Funk Forty Niner, Jan 05 '15 at 18:39

score 1 · Answer 2 · answered Jan 05 '15 at 18:36

Basic PHP strings: You cannot use the same quotes INSIDE the string as you're using the DEFINE the string:

echo '<html>
     ^---start of string
<title>Υποβολή Βιογραφικού</title>
</head></head>
<body>
    <form method='Post' action='insert.php'>
                 ^---end of string
    Όνομα:<br>

So you're doing the equivalent of

echo 'foo' Post

which is a flat-out syntax error.

There is absolutely NO reason to use a multi-line echo this way. YOu have no variables in the code, there is nothing "dynamic" about the html. so just break out of PHP mode:

<?php
    require ...
?>
<html>
etc...

Now you don't have to worry about PHP syntax errors, since you're not "using" PHP anymore while outputting that html.

Good catch on the quotes Marc. – Funk Forty Niner Jan 05 '15 at 18:43 — Funk Forty Niner, Jan 05 '15 at 18:43

score 0 · Answer 3 · answered Jan 05 '15 at 18:36

Make Post in the form method all uppercase! POST and all $_Post should be uppercase like $_POST Also Try Removing all the Double quotes and periods like I did below.

mysql_query("INSERT INTO cv (Onoma, Epwnimo, Hlikia, Spoudes, EpagelmatikiEmpeiria, KsenesGlwsses, DinatotitaMetakinisis) VALUES ('$firstname', '$lastname', '$age', '$education', '$experience', '$languages', '$travelling')");

Php+data from form to database

3 Answers3