0

I'm trying to do simple script with PHP and insert some data, but nothing happens! I knew that I missed something but what is it?

This my code:

<?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="dddd";

$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

//====== Get Variable======= //
$name = $_POST['name'];
$email=$_POST['email'];
$rate=$_POST['select_style'];
$content=$_POST['content'];

$insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";

//====== Get Variable======= //
if($_POST['submit-comment'])  {
if($name && $email && $content == true) {

mysqli_query($con,$insert);
$success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
}
else {

$error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";

}
}
mysqli_close($con);
?>

And this it the form and the "action" ..

                        <form method="post" action="" id="form-contact" class="clearfix">
                        <div id="form-left">
                            <label for="text-name">Name *</label><br />
                            <input type="text" name="name" class="input" id="text-name" /><br />
                            <label for="text-email">From *</label><br />
                            <input type="text" name="email" class="input" id="text-email" /><br />
                            <label for="text-phone">Rate us *</label><br />
                            <div class="select-style">
                            <select>
                            <option value="5.0">5.0</option>
                            <option value="4.5">4.5</option>
                            <option value="4.0">4.0</option>
                            <option value="3.5">3.5</option>
                            <option value="3.0">3.0</option>
                            <option value="2.5">2.5</option>
                            <option value="2.0">2.0</option>
                            <option value="2.0">2.0</option>
                            <option value="1.5">1.5</option>
                            <option value="1.0">1.0</option>
                            </select>
                            </div>
                        </div>
                        <div id="form-right">
                            <label for="text-comment">Review <span></span></label><br />
                            <textarea name="content" cols="10" rows="20" class="input textarea" id="text-comment"></textarea><br />
                            <input type="submit" name="submit-comment" class="button" value="Rate Us" />
                        </div>
                        <p id="text-contact">
                        <br><br><font color="#980303">Please Note *</font> Thate Your Reviews Will Not Published Untill We Check it and sure that the review don't contain Bad words or bad language, and be sure that we will publish all reviews and we accept criticism! 
                    </form>

So what I missed please?

halfer
  • 19,824
  • 17
  • 99
  • 186
bel
  • 27
  • 5
  • no error message at all – bel Feb 18 '15 at 08:49
  • yes, as you do not escape your variables, you might have a quote or something similar that breaks your insert query... – JBA Feb 18 '15 at 08:50
  • besides: `$name && $email && $content == true` are you aware of what you are doing in that line? This may be working, but I am sure you wanted some more strict checking.. – serjoscha Feb 18 '15 at 08:50
  • try to escape your vars as is: $name = $con->real_escape_string($_POST['name']); just to be sure… – JBA Feb 18 '15 at 08:52
  • don't forget to turn on your error reporting in PHP and utilize `mysqli_error` – Kevin Feb 18 '15 at 08:52
  • did it all and nothing happens – bel Feb 18 '15 at 09:02
  • You should also check return value of mysqli_query to see if the query have been actually executed. As of now you just print success message even if the query failed. – Kyborek Feb 18 '15 at 10:45

3 Answers3

0

Note:

  • Put your insert query and passed on variables (POST) inside your if statement isset(POST["submit-comment"] to eliminate errors of undefined variables.

  • You should use mysqli_* prepared statement instead to prevent SQL injections.

Answer:

If you insist on retaining your code, you can use mysqli_real_escape_string() function to fertilize a bit the content of your variables before using it in your query.

Your PHP file should look like this:

<?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="cookindoor";

$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

//====== IF SUBMIT-COMMENT ======= //
if(isset($_POST['submit-comment']))  {
  if(!empty($_POST["name"]) && !empty($_POST["email"]) && !empty($_POST["content"])) {

    //====== GET VARIABLES ======= //
    $name = mysqli_real_escape_string($con,$_POST['name']);
    $email = mysqli_real_escape_string($con,$_POST['email']);
    $rate = mysqli_real_escape_string($con,$_POST['select_style']);
    $content = mysqli_real_escape_string($con,$_POST['content']);

    $insert="INSERT INTO reviews (name,email,rate,content) VALUES ('$name','$email','$rate','$content')";

    mysqli_query($con,$insert);
    $success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
  }

  else {
    $error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
  }
}
mysqli_close($con);
?>

Recommendation:

But if you execute it in mysqli_* prepared statement, your insert query would look like this. Though this is just a simple example but still executable:

if($stmt = $con->prepare("INSERT INTO reviews (name, email, rate, content) VALUES (?,?,?,?)")){ /* CHECK THE QUERY */
  $stmt->bind_param('ssss', $_POST["name"], $_POST["email"], $_POST["rate"], $_POST["content"]); /* BIND VARIABLES TO YOUR QUERY */
  $stmt->execute(); /* EXECUTE YOUR QUERY */
  $stmt->close(); /* CLOSE YOUR QUERY */
}
Community
  • 1
  • 1
Logan Wayne
  • 6,001
  • 16
  • 31
  • 49
0

try to put your get variables inside the if else statement check if there are datas in POST when done submitting:

if($_POST['submit-comment'])  {
        $name = $_POST['name'];
        $email=$_POST['email'];
        $rate=$_POST['select_style'];
        $content=$_POST['content'];

        $insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";

        if ($con->query($sql) === TRUE) {
            echo "New record created successfully";
        } else {
            echo "Error: " . $sql . "<br>" . $conn->error;
        }

        var_dump($_POST);
}

$con->close();

check for errors:

$check = mysqli_query($con,$insert);
var_dump($check);

if you found one, let me know

0

Check this working code. Also you had not set element name for Drop down as select_style. It was throwing error for that too.

PHP Code

if(isset($_POST['submit-comment']) && $_POST['submit-comment']!='')  {

  $host= "localhost";
  $user="root";
  $pass="";
  $db="test";

  $con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

    //====== Get Variable======= //
    $name  = mysqli_real_escape_string($con,$_POST['name']);
    $email = mysqli_real_escape_string($con,$_POST['email']);
    $rate  = mysqli_real_escape_string($con,$_POST['select_style']);
    $content = mysqli_real_escape_string($con,$_POST['content']);

  $insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')"; 

  if($name && $email && $content == true) {

    mysqli_query($con,$insert);
    $success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
    echo $success;
  }
  else {

    $error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
    echo $error;

  }

  mysqli_close($con);
}

HTML

<form method="post" action="" id="form-contact" class="clearfix">
<div id="form-left">
  <label for="text-name">Name *</label><br />
  <input type="text" name="name" class="input" id="text-name" /><br />
  <label for="text-email">From *</label><br />
  <input type="text" name="email" class="input" id="text-email" /><br />
  <label for="text-phone">Rate us *</label><br />
  <div class="select-style">
  <select name="select_style">
  <option value="5.0">5.0</option>
  <option value="4.5">4.5</option>
  <option value="4.0">4.0</option>
  <option value="3.5">3.5</option>
  <option value="3.0">3.0</option>
  <option value="2.5">2.5</option>
  <option value="2.0">2.0</option>
  <option value="2.0">2.0</option>
  <option value="1.5">1.5</option>
  <option value="1.0">1.0</option>
  </select>
  </div>
</div>
<div id="form-right">
  <label for="text-comment">Review <span></span></label><br />
  <textarea name="content" cols="10" rows="20" class="input textarea" id="text-comment"></textarea><br />
  <input type="submit" name="submit-comment" class="button" value="Rate Us" />
</div>
<p id="text-contact">
<br><br><font color="#980303">Please Note *</font> Thate Your Reviews Will Not Published Untill We Check it and sure that the review don't contain Bad words or bad language, and be sure that we will publish all reviews and we accept criticism! 
</form>
Ruprit
  • 733
  • 1
  • 6
  • 23