PHP adding information to database

Question

I have a slight problem here with my PHP page. I have difficulties getting the filled in data in a database.

Let me show you the code of the index;

<form action="aanmelden.php" method="post">
Naam: <input type="text" name="naam"><br>
Achternaam: <input type="text" name="achternaam"><br>
<input type="submit">
</form>
<php
$nm = $_POST['naam;];
$anm = $_POST['achternaam'];
?>

Now I thought I had obtained the variabled and sent to the 'aanmelden.php' file. The contents of the aanmelden.php file are:

<?php
$nm = $_GET['naam'];
$anm = $_GET['achternaam'];
$connect = mysql_connect('localhost', 'root', 'usbw'); 
mysql_select_db ('kantine'); 
$sql = "INSERT into kantine (naam, achternaam) 
VALUES ('$nm', '$anm')"; 
$res = mysql_query($sql); 
mysql_close ($connect); ?>

Looks all quite good to me, but when I press the submit button I get the following errors.

Notice: Undefined index: naam in I:\USBWebserver v8.6\root\aanmelden.php on line 2

Notice: Undefined index: achternaam in I:\USBWebserver v8.6\root\aanmelden.php on line 3

Please help me out if you can.

Regards,

Demiën

Answer 1

Since your form is configured to use method="post", you should be using the $_POST array rather than $_GET.

$name = $_POST['name'];
$lname = $_POST['lastname'];

See The Method Attribute.

Also, to avoid potential undefined indexes, I'd advise setting these variables with the ternary operator. That way, you can check for the existence of particular indexes before trying to access them.

$name = isset($_POST['name']) ? $_POST['name'] : false;
$lname = isset($_POST['lastname']) ? $_POST['lastname'] : false;

Edit

Other potential issues (or typos) with your code are:

// invalid, should be <?php
<php

// semi-colon instead of a closing quote, should be $_POST['name']
$name = $_POST['name;];

Answer 2

Note the mismatch:

<form action="register.php" method="post">
                                    ^^^^

$name = $_GET['name'];
         ^^^^

You probably want $_POST instead.

And note that you are vulnerable to sql injection attacks

Answer 3

You are using method POST when you submit the form; however you are using the GET method to retrieve the information.

Change $_GET to $_POST on register.php and that should do the trick.

Answer 4

You probably don't want SQL Injection vulnerabilites, so I coded you a nice example of connecting to a DB and writing some values in it from POST.

<?php

$DB_SERVER = 'server_adress';
$DB_USER = 'mysql_server';
$DB_PASSWORD = 'myPassword';
$DB_NAME = 'myFancyDB';

try {
    $db = new PDO("mysql:host=" . $DB_SERVER . ";dbname=" . $DB_NAME, $DB_USER, $DB_PASSWORD, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_PERSISTENT => true, PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8mb4'));
} catch (PDOException $e) {
    //Remove this Errormessage in Production as it leaks dbname + password
    echo $e->getMessage();
}

//Now the DB has been initialized.

try {
    $name = $_POST['name'];
    $lastname = $_POST['lastname'];

    $sql = "INSERT INTO `registrierung` (Name, Lastname) VALUES (:name, :lastname);";

    $query = $db->prepare($sql);
    $query->execute(array(
        ':name' => $name,
        ':lastname' => $lastname));

    if (!$query) {
        echo 'Fail when executing query';
        exit;
    }
} catch (PDOException $e) {
    //Remove this Errormessage in Production!! Leaks DB info. Replace with generic Errormessage
    echo $e->getMessage();
    exit;
}
echo "Success!";