0

So I'm attempting to create an html form that posts data to a database full of customers in MySQL using PHP, but am very new to PHP.

Currently, I'm getting a 404 whenever I try to submit everything with the submit button "The requested URL /bankyprinting/post was not found on this server." The data is also not injected into the MySQL database, but I'm not getting any other errors indicating that the connection to the database wasn't made.

The applications I'm attempting to write/use are:

customers.html

<html>
    <head>
    </head>
    <body>
        <form method = "post" action = "customers.php" id="customers">
        First Name:
        <input type = "text" name = "FirstName"/><br>
        LastName:
        <input type = "text" name = "LastName"/><br>
        Company:
        <input type = "text" name = "Company"/><br>
        Position:
        <input type = "text" name = "Position"/><br>
        Address:
        <input type = "text" name = "Address"/><br>
        Phone Number:
        <input type = "text" name = "PhoneNumber"/><br>
        Cell Number:
        <input type = "text" name = "CellNumber"/><br>
        Alternate Number:
        <input type = "text" name = "AlternateNumber"/><br>
        E-Mail:
        <input type = "text" name = "EMail"/><br>   
        <input type = "submit" name="submit" value = "submit"/><br>
        </form>
    </body>
    <footer>
    </footer>
</html>

index.html

</html>
    <head>
    </head>
    <body>
    <a href = "customers.html">New Customer</a>
    </body>
    <footer>
    </footer>
</html>

connect.php

<?php
    $host="localhost";
    $port=3306;
    $socket="/tmp/mysql.sock";
    $user="root";
    $password="";
    $dbname="bankyprinting";

    $con = mysqli_connect($host, $user, $password, $dbname, $port, $socket)
        or die ('Could not connect to the database server' . mysqli_connect_error());   

    //$con->close();
?>

and customers.php

<?php
    /*Needs the connection object created in the connect.php file to work*/
    header("LOCATION:customers.html");
    require('connect.php');
    /*require('customers.html');*/

    /*Data from the html form is on the right. The objects that will be composed of that data is on the left.*/
    if(isset($_POST['submit'])) {
    $Company = mysqli_real_escape_string($con, $_POST['Company']);
    echo 'Company';
    $Position = mysqli_real_escape_string($con, $_POST['Position']);
    echo 'Position'; 
    $FirstName= mysqli_real_escape_string($con, $_POST['FirstName']);
    echo 'FirstName';
    $LastName = mysqli_real_escape_string($con, $_POST['LastName']);
    echo 'LastName';
    $Address = mysqli_real_escape_string($con, $_POST['Address']);
    echo 'Address';
    $PhoneNumber = mysqli_real_escape_string($con, $_POST['PhoneNumber']);
    echo 'PhoneNumber';
    $CellNumber = mysqli_real_escape_string($con, $_POST['CellNumber']);
    echo 'CellNumber';
    $AlternateNumber = mysqli_real_escape_string($con, $_POST['AlternateNumber']);
    echo 'AlternateNumber';
    $EMail = mysqli_real_escape_string($con, $_POST['Email']);
    echo 'EMail';

    $sql = "INSERT INTO tblcustomers (Company, Position, FirstName, LastName, Address, PhoneNumber, CellNumber, AlternateNumber, EMail) 
                VALUES ('$Customer', '$Position', '$FirstName', '$LastName', '$Address', '$PhoneNumber', '$CellNumber', '$AlternateNumber', '$EMail')";

        if ($con->query($sql) === TRUE) {
            echo "New record created successfully";
        } 
        else {
            echo "Error: " . $sql . "<br>" . $con->error;
        }

$con->close();
    }
?>

I've got all of these stored on a folder hosted by a WAMP server- and yes I already know that the html forms are not secured- but that's outside the scope of my problem right now ><.

I don't know exactly why I'm getting the PHP error (POST error?) and am not sure how to address that by getting the form to inject into the database properly.

user3734311
  • 23
  • 2
  • 8
  • Are they all in the same folder? These four files? – Logan Wayne Oct 15 '15 at 01:07
  • 1
    enclose variables in quotes `''` e.g `'$Customer'` – Shehary Oct 15 '15 at 01:09
  • you cant include php files in html as you written in **bankyprinting.html** – Joomler Oct 15 '15 at 01:10
  • `Company` != `$Company` (all other variable assignments and usage as well). You are open to SQL injections as well. Also as noted above your PHP variables must be enclosed in quotes when they make it to the DB the DB knows they are strings. – chris85 Oct 15 '15 at 01:11
  • @RishiVishwakarma OP could, if has modified the configuration to handle `.html`/`.htm` as PHP. https://encodable.com/parse_html_files_as_php/ – chris85 Oct 15 '15 at 01:14
  • 1
    you have not added **method="post"** in your form tag – Joomler Oct 15 '15 at 01:24
  • thanks @chris85 i didnt know this :) – Joomler Oct 15 '15 at 01:24
  • changes made as noted - the database is located elsewhere, however- as I am not sure how to navigate to it in its current location due to the Workbench. – user3734311 Oct 15 '15 at 01:33
  • @RishiVishkarma - I modded the conf file as noted in another tutorial elsewhere. – user3734311 Oct 15 '15 at 01:36
  • @user3734311 Have you tried using `CTRL+SHIFT+R` to refresh the page since you changed the method? This may be a caching issue – Riet Nov 30 '15 at 16:54
  • @Riet- I've just been refreshing the browser page the typical way (F5). I tried the keyboard shortcut you posted, and it functions properly now. Thank you very much :) – user3734311 Dec 04 '15 at 00:38

2 Answers2

0

These files should be in the same folder.

You are not using apostrophe (') for binding variables to your query.

$sql = "INSERT INTO tblcustomers (Company, Position, FirstName, LastName, Address, PhoneNumber, CellNumber, AlternateNumber, EMail) 
                          VALUES ('$Customer', '$Position', '$FirstName', '$LastName', '$Address', '$PhoneNumber', '$CellNumber', '$AlternateNumber', '$EMail')";

You should use *_real_escape_string to prevent some SQL injections.

$Company = mysqli_real_escape_string($con, $_POST['Company']);

Remove your included customers.php in your bankyprinting.html and just let it submit to your customers.php file as instructed in your form's action tag. And you have two action tags in your form, where one should be method tag.

<form method = "post" action = "customers.php" id="customers">

And for your if(isset($_POST["submit"])) condition, in order for it to recognize the submitted form, you should add a name tag for your submit button.

<input type = "submit" name="submit" value = "submit"/>

Why do you have a semi-colon after your closing bracket? Remove it.

}; /* AND TURN IT TO */ }

And also take a look at prepared statement.

Community
  • 1
  • 1
Logan Wayne
  • 6,001
  • 16
  • 31
  • 49
  • If connect.php is in another file, try changing your require code to `require("/website/directory/connect.php");`. Just replace with the necessary directory. What is your directory for your connect.php? – Logan Wayne Oct 15 '15 at 02:07
  • Absolutely everything except for the database itself is in the same folder. – user3734311 Oct 15 '15 at 07:31
  • Data not being inserted into the database (the code for the database connection is gotten from MySQL workbench's utilities, if it makes a difference). The form merely spits out a blank page once submitted. – user3734311 Oct 15 '15 at 23:15
  • Yes, it will only be a blank page, because customers.php is only for insert query. You can use `header("LOCATION:bankyprinting.html");` to redirect back to your bankyprinting.html page. – Logan Wayne Oct 16 '15 at 00:15
  • Okay- that helps quite a bit. But I still get nothing when attempting to insert the contents of the form into the database. I filled all field values with "test" and submitted, but got no result upon checking the database itself. – user3734311 Oct 16 '15 at 00:21
  • Put a name tag in your submit button. `name="submit"` – Logan Wayne Oct 16 '15 at 00:25
  • Okay- I'm double checking for any syntax or spelling mistakes. Is there any other information I could provide that would be of any help? – user3734311 Oct 16 '15 at 00:40
  • Just refer to my answer and also look at [prepared statement](http://php.net/manual/en/mysqli.prepare.php). – Logan Wayne Oct 16 '15 at 00:51
0

It's all in the error message:

<form action = "post" action = "customers.php" id="customers">

should be 

<form method= "post" action = "customers.php" id="customers">

The server is looking for a file called post, which it cannot find.

EDIT: Also,

If you have changed the contents of the html file, and you have not configured the cache settings of the Apache server, you might be looking at the old html file instead of the new one with the changes (see mod_expires). You will need to clear your browser's cache, or load the page with CTRL+SHIFT+R in order to get the new html file to be accessed. This happened to me when I was working on webpages a lot.

Riet
  • 1,240
  • 1
  • 15
  • 28
  • I'm guessing that my post was edited when it was marked as a duplicate? That was something brought up in the previous question I asked. I edited the code since then to correct that issue among several others (PHP injection, etc). What I posted was the corrected code. This change was already made. – user3734311 Nov 25 '15 at 00:34
  • The current incarnation of the code is exactly what I have posted now. – user3734311 Nov 25 '15 at 00:43
  • If you have changed the action statement, then you will have a different error message. If you think that it isn't the problem, make a file called post in the same directory, put some gibberish in it, and see if submitting your form shows you the post file. The 404 is only for a file not found error, not a php error or anything else. Make sure that the requested url is the file you expect it to be. – Riet Nov 25 '15 at 06:31