-1

I have started learning php and just got stuck in forms part,i am not able to insert data into the database.With phpmyadmin running on port 80 and everything working fine.Please help. Here is the fellow.php code

<?php
    $dbc=mysqli_connect('127.0.0.1','root','','abhishek')
        or die("error connecting to the databsase");
    $nama=$_POST['hell'];
    $nanu=$_POST['email'];
    print $nama;
    $ab="INSERT INTO attempt('name','email')VALUES('$nama','$nanu')";
    if(mysqli_query($dbc,$ab)) {
        echo "Records added successfully.";
    }
    else {
        echo "Records not added successfully."; 
    }
    mysqli_close($dbc);
?>

And here is the first.html code-

<html>
    <head>
        <title>first attempt</title>
    </head>
    <body>
        <form action="fellow.php" method="post" >
            Name:
            <input type="text" name="hell" id="hell" value="hell">
            Email
            <input type="text" name="email" id="email" value="email">
            <input type="submit" name="submit" value="submit">
        </form>
    </body>
</html>

Please help as i am not able to proceed futher

beresfordt
  • 5,088
  • 10
  • 35
  • 43
Abhishek
  • 49
  • 9
  • 1
    Do you have any PHP errors? Also, **beware**, you are vulnerable to `SQL injection`: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – D4V1D Mar 29 '15 at 09:17

1 Answers1

1

You are using single quotes instead of back ticks and you are vulnerable to SQL injection, so use prepared statement like:

$stmt = $dbConnection->prepare('INSERT INTO attempt(`name`,`email`)VALUES(?, ?)');
$stmt->bind_param(..., $nama);
..set other parameter
$stmt->execute();
SMA
  • 36,381
  • 8
  • 49
  • 73
  • Sql injection etc all right.But first of all the data should be saved.I used the back ticks too.BUT WHEN I CLICK the submit button instead of showing any error or so the php code is displayed and no data is updated in the database. – Abhishek Mar 29 '15 at 13:30