Why php script is adding blank fields in table?

Question

I have a form that is connected to my database via php and when you submit the form it adds a new entry into the table, but all fields are blank in phpmyadmin. This happens every time. This form is just a test form.

<form action="demo.php" method="post" />
<p>Name: <input type="text" name="name" /></p>
<p>Comment: <input type="text" name="comment" /></p>
<input type="submit" value="submit" />
</form>

This is the php

<?php

define('DB_NAME', 'name');
define('DB_USER', 'user');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
    die('Could not connect: ' . mysql_error());
}

$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) {
    die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}

$name = $_POST['name'];
$comment = $_POST['comment'];

$sql = "INSERT INTO test (name, comment) VALUES ('$name', '$comment')";

if (!mysql_query($sql)) {
    die('Error: ' . mysql_error());
}

mysql_close();
?>

I know that this isn't secure, but I haven't done php in a long time. Could that maybe be the problem, that it isn't SQLi? If so, can someone help me out please?

dont use mysql as they are deprecated http://php.net/manual/en/migration55.deprecated.php plus just echo your name and comment variable to check that if they contain a value or not?? — habib ul haq, Mar 28 '15 at 05:05
Can you consider adding `$test_server = $_SERVER['SERVER_NAME'] == "127.0.0.1" || $_SERVER['SERVER_NAME'] == "localhost" || substr($_SERVER['SERVER_NAME'],0,3) == "192"; ini_set('display_errors',$test_server); error_reporting(E_ALL|E_STRICT);` on your `demo.php` top of the file and let us know any error if you expects. — Keep Coding, Mar 28 '15 at 05:07
before adding values into table try to echo them to see whether values are coming. for ex; `echo $_POST['name']; echo $_POST['comment'];` — Ahmed Syed, Mar 28 '15 at 05:21
Why are you putting quotes around the variable names? `VALUES ('$name', '$comment')` — Elin, Mar 30 '15 at 19:59
It seems the only problem of your code is/was the extra `/` at the end of the `form` open tag. It makes the form empty (declared in XHTML-style) and the `input` elements are included in a `form` created by the browser. This implicitly created form has the default values for its attributes: `action="" method="get"`. Your code was inserting values from an empty `$_POST[]`. — axiac, Apr 01 '15 at 16:41

score 0 · Answer 1 · edited May 23 '17 at 12:06

On the face of it, your code looks correct but also somewhat minimal - you're missing some key features I have added below:

<form action="demo.php" method="post" enctype="application/x-www-form-urlencoded" />
<p>Name: <input type="text" name="name" /></p>
<p>Comment: <input type="text" name="comment" /></p>
<input type="submit" value="submit" />
</form>

Obviously, the PHP is called demo.php, yes?

I have also changed your PHP to use MySQLi which is Improved .

The error reporting code at the top of the page is from How do I get PHP errors to display?

<?php

   /*** 
    * First some debug output: 
    ***/
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);

print "<pre>";
print_r($_POST);
print "</pre>";

define('DB_NAME', 'name');
define('DB_USER', 'user');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!$link) {
    die("Connection Error (" . mysqli_connect_errno() . ") ". mysqli_connect_error());
}


$name = mysqli_real_escape_string($link, $_POST['name']);
$comment = mysqli_real_escape_string($link, $_POST['comment']);

$sql = "INSERT INTO test (name, comment) VALUES ('$name', '$comment')";

mysqli_query($link, $sql) or die('Error ".__LINE__." : ' . mysqli_error($link));

To clarify some changes : You do not need MySQLi_close because the connection automatically closes at the end of the script (You also do not need to close the PHP tag, if this is the end of the file).

I have also expanded the error outputs if the MySQL connection doesn't start.

I have added real_escape_string to auto escape special characters .

At the top of the page you should see the output of $_POST showing all values passed to the MySQL - are these populated?

I added the __LINE__ magic variable which shows the line number errors occur on. Using it in this context on a larger page is extremely useful.

Give feed back if i) this works now? and ii) if not, what notices do you get from the page?

Update:

Add value elements to the input boxes.

<form action="demo.php" method="post" enctype="application/x-www-form-urlencoded">
<p>Name: <input type="text" name="name" value="name text"/></p>
<p>Comment: <input type="text" name="comment" value="comment text"/></p>
<input type="submit" value="submit" />
</form>

also remove the closing slash from the form element!

It is still just adding a line in the database with no values. This is the notice that I get now: Array ( ) Notice: Undefined index: name in /home/gei/public_html/demo.php on line 25 Notice: Undefined index: comment in /home/gei/public_html/demo.php on line 26 — Tarynitup, Mar 30 '15 at 18:34
Thank you for updating the code by the way, and for helping me, but I just can't seem to get it to show the values in the table in phpmyadmin. — Tarynitup, Mar 30 '15 at 18:35
Have you filled in details in the form input fields? You should have `value=""` in the form input field elements too — Martin, Mar 30 '15 at 19:34
Do you get no readout of the values for POST from the top of the demo page? This means the form does not submit the data. Your issue is in your HTML. — Martin, Mar 30 '15 at 19:38

score 0 · Answer 2 · answered Mar 28 '15 at 07:30

if form and php code writed in demo.php file you should check $_POST

Otherwise after load blog.php file send null data to mysql

true code :

if(isset($_POST["name"]) && $_POST["name"]!=""){
    define('DB_NAME', 'gei_demo');
    define('DB_USER', 'gei_ch');
    define('DB_PASSWORD', 'magnolias3');
    define('DB_HOST', 'localhost');

    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

    if (!$link) {
        die('Could not connect: ' . mysql_error());
    }

    $db_selected = mysql_select_db(DB_NAME, $link);

    if (!$db_selected) {
        die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
    }

    $name = $_POST['name'];
    $comment = $_POST['comment'];

    $sql = "INSERT INTO test (name, comment) VALUES ('$name', '$comment')";

    if (!mysql_query($sql)) {
        die('Error: ' . mysql_error());
    }

    mysql_close();
}

score 0 · Answer 3 · answered Apr 01 '15 at 16:28

Alright so I figured out the answer to my question. After I updated my php to the one @Martin gave me I was still having issues. Then I read an article that said run a print script. So this is what I added as the very last line of my php document:

print("<script> window.location='http://geiaus.net/test-form/'; </script>");

And now it is adding the information into the table properly. I don't know why that makes a difference, but that was the solution in case anyone runs into a similar problem.

Thanks again Martin!!!

Why php script is adding blank fields in table?

3 Answers3

Update: