3

Trying to figure out how to submit a new post to a preexisting table already created with data entries from mysql database. I want it to test if the request came from a POST first and if so, to insert a new row into the database and to display the new data in the table. This is what I've came up with so far but on submit, nothing seems to happen and my table disappears. Any help is greatly appreciated.

Here's what I have so far:

      $result = mysqli_query($dbconnect, $query);
            $num_rows = mysqli_num_rows($result);
        }
        if ($num_rows > 0) // build a table to show results
        {
        echo "<table border='1'>";
        echo "<tr>";
        echo "<th>Post ID </th>"; echo "<th>Author</th>";
        echo "<th>Title</th>"; echo "<th>Post</th>";
        echo "</tr>";

     while($row = mysqli_fetch_array($result))
        {
        echo "<tr>";
        echo "<td>" . $row['pid'] . "</td>";
        echo "<td>" . $row['author'] . "</td>";
        echo "<td>" . $row['title'] . "</td>";
        echo "<td>" . $row['post'] . "</td>";
        echo "</tr>";
        }   
        echo "</table>";
    } else{
        echo "No rows returned.";
    }
    ?>

 <form name ="myForm" action ="second.php<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"   
       method = "POST"> <br><br><br>

     <h3> Create a Post </h3>

     Author  <input type ="text" size ="40" name ="author"/><br>
     Title <input type ="text" size ="30" name ="title"/><br><br>
     Post <br><textarea rows ="15" cols ="10" name ="post"></textarea><br>
     <input type ="submit" name = "submitpost" value ="Submit Post"/>
    </form>
    <?php


  // $sql = "INSERT INTO blog_posts (pid, author, title, post) 
        VALUES (NULL, '$_POST[author]', '$_POST[title]', '$_POST[post]')";

  //if($_SERVER['REQUEST_METHOD'] === 'POST'){
   //if(isset($_POST['submitpost'])){

  //post the $sql back into the exisiting table somehow
   ?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
StevieP
  • 131
  • 1
  • 14
  • do you indeed have the matching closing braces for `if($_SERVER['REQUEST_METHOD'] === 'POST'){ if(isset($_POST['submitpost'])){` ? if not, there's your problem. error reporting should be throwing you a notice. Plus, no closing `` tag. your question is unclear and your code is unsafe. – Funk Forty Niner Apr 22 '15 at 22:36
  • I put those two code sections just as I knew they had to be there just not sure what to do with them from there. I'll comment them out and my is present too. – StevieP Apr 22 '15 at 22:39
  • 1
    Add error reporting to the top of your file(s) right after your opening PHP tag for example ` – Funk Forty Niner Apr 22 '15 at 22:40
  • you could narrow down `action ="second.php"` to just `action=""` could be the reason why also. you shouldn't need to use the filename and the additional parameter. – Funk Forty Niner Apr 22 '15 at 22:40
  • Thank you, now it's really just how to plug my new data into my database table – StevieP Apr 22 '15 at 22:42
  • use a conditional `isset()` or `!empty()` and your code should work fine. you commented out `// $sql = "INSERT INTO blog_posts (pid, author, title, post)` what you need to do is add `mysqli_query()` and pass your DB connection to it. – Funk Forty Niner Apr 22 '15 at 22:45
  • Not sure if I follow that completely, I edited my code to what I think you mean. – StevieP Apr 22 '15 at 22:50
  • I posted an answer below to better illustrate. you also have 2 missing braces at the end. – Funk Forty Niner Apr 22 '15 at 22:52
  • **WARNING**: When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). **NEVER** put `$_POST` data directly into a query. – tadman Apr 22 '15 at 23:00
  • Is it possible for you to rollback to your original post http://stackoverflow.com/revisions/29810159/1 ? just in case people wonder why my answer about placing the query inside your conditional statement, which wasn't part of your original post. Just to be safe ;-) I can also perform the rollback myself if you want. – Funk Forty Niner Apr 22 '15 at 23:05
  • @Fred-ii- if i knew how I would do it, if you don't mind doing it that'd be fine by me! – StevieP Apr 23 '15 at 21:21
  • @StevieP All done Stevie, *cheers* – Funk Forty Niner Apr 23 '15 at 22:43

1 Answers1

5
  • Note to future readers. This answer was based on OP's original post. See the revisions.

Place your INSERT query inside your conditional statements:

if($_SERVER['REQUEST_METHOD'] === 'POST'){

  if(isset($_POST['submitpost'])){

  $sql = mysqli_query($dbconnect, "INSERT INTO blog_posts (pid, author, title, post) 
        VALUES (NULL, '$_POST[author]', '$_POST[title]', '$_POST[post]')") 

     or die(mysqli_error($dbconnect));

    }

}

and change action ="second.php<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" to just action=""

Use a conditional !empty() with your POST arrays to make sure you don't get any empty data and possibly throw an error.

Sidenote:

Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

As per your edit, you're missing two closing braces } which error reporting would have thrown a notice if it were used.

 <form name ="myForm" action =""  method = "POST"> <br><br><br>

     <h3> Create a Post </h3>

     Author  <input type ="text" size ="40" name ="author"/><br>
     Title <input type ="text" size ="30" name ="title"/><br><br>
     Post <br><textarea rows ="15" cols ="10" name ="post"></textarea><br>
     <input type ="submit" name = "submitpost" value ="Submit Post"/>
    </form>
    <?php

   if($_SERVER['REQUEST_METHOD'] === 'POST'){

     if(isset($_POST['submitpost'])){

   $sql = "INSERT INTO blog_posts (pid, author, title, post) 
        VALUES (NULL, '$_POST[author]', '$_POST[title]', '$_POST[post]')";

   $data = mysqli_query($dbconnect, $sql)

        or die(mysqli_error($dbconnect));

    }

  }
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Thank You very much! Seemed to do the trick I just have a foreign key error. I don't get how data is entered in for the foreign key or why it would even need to be but I'll have to sort through this next. – StevieP Apr 22 '15 at 22:58
  • @StevieP don't forget to give him the big green tick(he likes blood suckers) –  Apr 22 '15 at 23:00
  • @Dagon Just an "all-day sucker" will do lol I don't like quickies haha – Funk Forty Niner Apr 22 '15 at 23:00