-2

I cannot seem to get the data from a website's forms to mysql running it locally using XAMPP.

I get the "Cannot POST /ph/contactFormHandler.php" error.

Here is the HTML for the forms:

            <div class="contact-grid mdl-grid">

                <div class="contact-title mdl-typography--headline">
                    Contact the team
                </div>
                <form action="../ph/contactFormHandler.php" method="post">
                    <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                        <input class="mdl-textfield__input" size="" type="text" name="name">
                        <label class="mdl-textfield__label" for="name">Name</label>
                    </div>
                </form>
                <form action="../ph/contactFormHandler.php" method="post">
                    <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                        <input class="mdl-textfield__input" size="" type="email" name="email">
                        <label class="mdl-textfield__label" for="email">Email</label>
                    </div>
                </form>
                <form action="../ph/contactFormHandler.php" method="post">
                    <div class="mdl-textfield mdl-js-textfield">
                        <textarea class="mdl-textfield__input" type="text" rows="6" name="message"></textarea>
                        <label class="mdl-textfield__label" for="message">Message</label>
                    </div>
                </form>
                <form action="../ph/contactFormHandler.php" method="post">
                    <input class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect mdl-button--accent" type="submit" name="send">
                </form>
            </div>

I have tried using mysqli also and I receive the same error.

The php:

    <?php

$sql_connection = mysql_connect("localhost","root","root");

$db = mysql_select_db("mdlDemoDB", $sql_connection);

$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];

if(isset($_POST["send"])){

$query = mysql_query("insert into messages(ContactID, ContactName, ContactEmail, ContactMessage) values ('$name', '$email', '$message') ");   
}

mysql_close($sql_connection);

?>
Razvan V.
  • 46
  • 6
  • You are trying to insert 3 values (`$name`, `$email`, `$message`) into 4 fields (`ContactID`, `ContactName`, `ContactEmail`, `ContactMessage`). each set of values you insert must match to the number of fields you have specified. currently right now you are setting `ContactID` as `$name` and nothing for `ContactMessage` – Memor-X Nov 16 '15 at 22:07
  • Why do you have a bunch of `form`-s? – FirstOne Nov 16 '15 at 22:09
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 16 '15 at 22:10
  • 2
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Nov 16 '15 at 22:10
  • ` – Funk Forty Niner Nov 16 '15 at 22:11
  • plus, you've a scope issue – Funk Forty Niner Nov 16 '15 at 22:12
  • and column miscount. – Funk Forty Niner Nov 16 '15 at 22:16
  • Thanks but i dont care about sql injection yet. this is for a personal project and it wont go live. I use just 3 fields now (ContactName, ContactEmail, ContactMessage) but still doesnt work – Razvan V. Nov 17 '15 at 18:24

1 Answers1

0

First and foremost, even when/if you get this working your code has SQL injection vulnerabilities which can result in malicious activities including but not limited to stealing all your database and/or deleting everything you have. I would recommend doing some reading into how to prevent these things.

Secondly, every single input on your form has a form element wrapped around it. That is incorrect, should look like this:

        <div class="contact-grid mdl-grid">

            <div class="contact-title mdl-typography--headline">
                Contact the team
            </div>
            <form action="../ph/contactFormHandler.php" method="post">
                <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                    <input class="mdl-textfield__input" size="" type="text" name="name">
                    <label class="mdl-textfield__label" for="name">Name</label>
                </div>
                <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                    <input class="mdl-textfield__input" size="" type="email" name="email">
                    <label class="mdl-textfield__label" for="email">Email</label>
                </div>
                <div class="mdl-textfield mdl-js-textfield">
                    <textarea class="mdl-textfield__input" rows="6" name="message"></textarea>
                    <label class="mdl-textfield__label" for="message">Message</label>
                </div>
                <input class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect mdl-button--accent" type="submit" name="send">
            </form>
        </div>
skrilled
  • 5,350
  • 2
  • 26
  • 48