Form stopped submitting into database

Question

Okay, it was working before.... now all of a sudden it has stopped. i'm not sure why. The only thing i've added was a delete feature.. and after that it no longer submits. I can delete an entry though =D

php code for form

 <?php

if (isset($_POST['submit'])){   

$con = mysql_connect("localhost", "", "");
if (!$con){
die("Cannot connect:" . mysql_error()); 
}

$Firstname = $_POST['Firstname'];
$Email = $_POST['Email'];
$Prayer = $_POST['Prayer'];



//if there is no input these messages will come up//    
if($Firstname==''){
echo "<script>alert('Please enter your name!')</script>";
exit();
}
if($Email==''){
echo "<script>alert('Please enter your email!')</script>";
exit(); 
}
if($Prayer==''){
echo "<script>alert('Please enter your prayer request!')</script>";
exit(); 
}


mysql_select_db("dxh6110",$con);

//if everything is good, information will be submitted to database
$sql = "INSERT INTO ChurchPrayer (Firstname, Email, Prayer) VALUES('$_POST[Firstname]','$_POST[Email]','$_POST[Prayer]')";



if(mysql_query($sql,$con)){

echo "<script>alert('Congratulations, You have successfully submitted your prayer requests. You will hear from us very soon!')</script>";


}

mysql_close($con);
}

?>

Oh, I'm aware that I should be using prepared statements to prevent SQL injection... but I'm not sure exactly what it is or what it looks like. I will definitely add them later, when I get further into my school project. Currently worried about the functionality..

not sure what else needs to be added... i'll add my delete.php

<?php session_start(); //starting the session?>
<?php
//connecting to database
$con = mysql_connect("localhost","","","dxh6110");

//defining variable
$delete_id = $_GET['del'];
//command to remove input from SQL DB
$query = "delete from ChurchPrayer where id='$delete_id'";

if(mysql_query($con,$query)){

echo "<script>window.open('view_prayers.php?deleted=User has been deleted!','_self')</script>";

}



?>

My admin log-in works, and when the admin logs in it brings them to a page which will allow them to view entries and delete entries made to the DB. Currently there are two, but when I try to add more requests.... they don't go to the DB. No errors are given when submit is clicked.

Answer 1

Firstly, ("localhost","xxx","xxx","xxx") doesn't do what you think.

mysql_connect() takes 3 parameters, not 4. The fourth is for something else. Four parameters are what one would use with mysqli_connect(), but those different MySQL APIs do not intermix with each other, so don't use that connection method if you're going to use mysql_ functions.

Consult:

• http://php.net/manual/en/function.mysql-connect.php
• http://php.net/manual/en/function.mysql-select-db.php

Do as you did in your other question:

$con = mysql_connect("localhost", "xxx", "xxx");
if (!$con){
die("Cannot connect:" . mysql_error()); 
}

mysql_select_db("your_db",$con);

Then this if(mysql_query($con,$query)){ the connection comes 2nd.

Plus, $_GET['del'] and ?deleted=User inspect that. Those are the two things that stood out for me.

If your delete link is ?deleted=XXX, it needs to be ?del=XXX - XXX being an example.

$_GET['del'] needs to match the parameter in the ?parameter in your method.

I.e.: view_prayers.php?del=XXX if view_prayers.php is the file you're using to delete with.

---

Plus, as mentioned in comments, this method is insecure.

It's best that you use mysqli with prepared statements, or PDO with prepared statements.