-3

I am using the following form

<section id="formSection">
  <form id="dataForm" action="addUser.php" method="post">
  <div>
    <h2>Add Product:</h2>
    <lable>First Name:</lable>
    <input class="inputForm" id="inputFirstName" type="text" name="firstname">
  </div>
  <div>
    <lable>Last Name:</lable>
    <input class="inputForm" id="inputLastName"  type="text" name="lastname">
  </div>
  <div>
    <lable>Address:  </lable>
    <input class="inputForm" id="inputAdress" type="text" name="address">
  </div>
  <div>
    <lable>Post Code:</lable>
    <input class="inputForm" id="inputPostcode" type="text" name="postcode">
  </div>
  <div>
    <lable>Delievery Type:</lable>
    <input class="inputForm" id="inputDelievery" type="text" name="delievery">
  </div>
  <input type="submit">
  </form>
</section>

and the following php code to add entries from the form to the database.

 $FirstName = $_POST[firstname];
     $LastName = $_POST[lastname];
     $address = $_POST[address];
     $postcode = $_POST[postcode];
     $delivery = $_POST[delievery];

     $sql = "INSERT INTO USERS (FIRSTNAME, SECONDNAME, ADDRESS, POSTCODE, DELIVERY_TYPE) 
             VALUES ('$FirstName', '$LastName', '$address', '$postcode', '$delivery')";
     $conn->exec($sql);

However it is not working, and having stared at the screen for the last 2 hours trying to fix it.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Dave5678
  • 41
  • 5

1 Answers1

0

All your POST arrays are missing quotes:

$FirstName = $_POST[firstname];

should read as

$FirstName = $_POST['firstname'];

and do the same for the rest.

Plus, since you seem to be using PDO, use prepared statements instead.

You're open to SQL injection.

Error reporting would have spotted the parse errors.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

I also suggest you check if any fields are left empty, by using a conditional empty() for your form elements.

Otherwise, you may get a notice from MySQL, depending on how your table is setup.

I.e.:

if(!empty($_POST['firstname'])){
   $FirstName = $_POST['firstname'];
}

For all:

if(
    !empty($_POST['firstname']) && 
    !empty($_POST['lastname'])  && 
    !empty($_POST['address'])   && 
    !empty($_POST['postcode'])  && 
    !empty($_POST['delievery']) 
)

{

    $FirstName =  $_POST['firstname'];
    $LastName  =  $_POST['lastname'];
    $address   =  $_POST['address'];
    $postcode  =  $_POST['postcode'];
    $delivery  =  $_POST['delievery'];

}
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • thank you, this has been alot of help, i will accept the answer for you when the time limit runs out! – Dave5678 Mar 31 '15 at 13:39
  • @Dave5678 You're welcome. I also made a slight edit since about `$_POST['delievery']` which grammatically speaking, should read as `$_POST['delivery']`, check that in your form, just to be sure. – Funk Forty Niner Mar 31 '15 at 13:40
  • 1
    About `error_reporting`. Perhaps it would be more correct to say _`display_errors` should only be done in staging, and never production_. – Cthulhu Mar 31 '15 at 14:07
  • @Cthulhu You have a point there, but I've been asked to change this so many times lol we'll just leave your comment there, if you don't mind. I will upvote it. – Funk Forty Niner Mar 31 '15 at 14:09
  • @Dave5678 I've made an additional edit in regards to checking for empty fields. – Funk Forty Niner Mar 31 '15 at 14:10