-1

I'm using an ubuntu server on an Amazon Web Services instance. I have the database set up and have been able to connect to other tables I've created except this new table "data" is giving me some problems. Through an if statement in the php code I know that I am connected to the database and that apparently the data is being submitted. However, when I go into phpmyadmin I see that the table is blank. Is there an issue with the code below? If not, what could this be? 

<?php 

if(isset($_POST['submit'])){


$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$facebook = $_POST['facebook'];
$linkedin = $_POST['linkedin'];
$twitter = $_POST['twitter'];
$yourstory = $_POST['yourstory'];



$connection = mysqli_connect('xxxxxx.xxxxxxxxx.us-west-1.rds.amazonaws.com', 'root', 'welcome', 'awstutorial', 3306);

}


    $query = "INSERT INTO data(name, email, phone, facebook, linkedin, twitter, yourstory)";
    $query .= "VALUES ('$name', '$email', '$phone'. '$facebook', '$linkedin', '$twitter', '$yourstory')";

    $result = mysqli_query($connection, $query);

    if(!result) {

    die('Query Failed' . mysqli_error());

    } echo "Submitted!";

?>
Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
Lauren
  • 87
  • 2
  • 2
  • 12
  • also, what if it is *not* isset($_POST['submit'])? You are out of the if { } and you are inserting blanks – Drew Nov 06 '15 at 00:10
  • Good points. I was just getting the initial setup ready. What do you mean if it is not isset($_POST['submit'])? – Lauren Nov 06 '15 at 00:29
  • when this PHP that you show runs, "if the if" is not in that block, those variables are not set to anything. Then you would plod forward with no variables set into your insert stmt. Just a Programming 101 point to make – Drew Nov 06 '15 at 00:39
  • when u run the script , does it show "submitted" , if yes , then apply echo $query;die; just before $result variable and run the script and then copy the sql string and run it in your phpmyadmin ,you may get something – Master Yoda Nov 06 '15 at 05:24

2 Answers2

0

There are a few issues with the code:

  • you are not checking for error after connecting to the database
  • your code is vulnerable to SQL injection because you are not properly escaping user-supplied input in the query.
  • if submit field was not present in the request or if the request was not of type POST you will not connect to the database, but you will attempt to execute the query

However, if you are seeing Submitted message, with the code as is the insert would have been successful. If so, is it possible that you might be connecting to another server in phpMyAdmin?

Sasha Pachev
  • 5,162
  • 3
  • 20
  • 20
  • Thanks for the suggestions. This is just round one for me; I will certainly be adding in security. I realized the issue is that I have a period after 'phone' instead of a comma! – Lauren Nov 06 '15 at 00:30
0

Your problem is with these two lines:

$query = "INSERT INTO data(name, email, phone, facebook, linkedin, twitter, yourstory)";
$query .= "VALUES ('$name', '$email', '$phone'. '$facebook', '$linkedin', '$twitter', '$yourstory')";

When you simplify it comes to:

"INSERT INTO data(...)VALUES (...)"

Which should be:

"INSERT INTO data(...) VALUES (...)"

Problems:

  • You forgot to put a space before "VALUES", so VALUES got stuck on the )
  • You did not put a semicolon on the end. Probably not what caused the problem, but you never know.
Lux
  • 1,540
  • 1
  • 22
  • 28