0

php single submission fails and page remains the same, data is not added to the database as well. When i click the cancel button, am redirected to a new form as it should work.

How do i get the submission to work and add the form data to the database? Below is the php and form html code and attached is the form picture

<div class="form-group">
                <label for="s_fname">First name</label> *
                <input type="text" class="form-control" placeholder="First name"> 
                <label for="s_lname">Last name</label> *
                <input type="text" class="form-control" placeholder="Last name"> 
                <label for="s_mname">Middle name</label>
                <input type="text" class="form-control" placeholder="Middle name">
                <label for="s_dob">Date of Birth</label> *
                <input type="text" class="form-control" placeholder="DD/MM/YYYY"> 
                <label for="g_phone">Phone Number</label> *
                <input type="text" class="form-control" placeholder="Phone number"> 
                <label for="g_email">Email</label> *
                <input type="text" class="form-control" placeholder="Email address"> 
                <label for="entry_year">Entry level</label> *
                <input type="text" class="form-control" placeholder="Entry level"> 
            </div>

            <div class="row text-right">
                <input type="submit" name="submit" value="Save" class="btn btn-default" /> 
                &nbsp 
                <button type="button" class="btn btn-default" aria-label="Left Align"><a href="new_student.php">Cancel</a></button>
            </div>

<?php 
if (isset($_POST['submit'])) {
    # process the form

    $s_fname = $_POST["s_fname"];
    $s_lname = $_POST["s_lname"];
    $s_mname = $_POST["s_mname"];
    $s_dob = $_POST["s_dob"];
    $g_phone = $_POST["g_phone"];
    $g_email = $_POST["g_email"];
    $entry_year = $_POST["entry_year"];

    $query  = "insert into students (s_fname, s_lname, s_mname, s_dob, g_phone, g_email, entry_year) ";
    $query .= "values ('{$s_fname}', '{$s_lname}', '{$s_mname}', {$s_dob}, {$g_phone}, {$g_email}, {$entry_year})";

    $result = mysqli_query($connection, $query);

    if ($result) {
        # successful
        redirect_to("student.php");
    } else {
        # failure
        redirect_to("new_student.php");
    }
}
?>

Form

chris85
  • 23,846
  • 7
  • 34
  • 51
Mena
  • 1,873
  • 6
  • 37
  • 77
  • 3
    Your inputs do not have names. – Don't Panic Nov 19 '15 at 22:46
  • 1
    Once you correct `input` names you need to correct your SQL injection hole, http://php.net/manual/en/mysqli.quickstart.prepared-statements.php and/or http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – chris85 Nov 19 '15 at 22:47
  • In addition to the other issues pointed out by others, there appears to be haphazard use of single quotes around the values passed in to the sql, for example `{$g_email}` has none yet I guess this is most likely to be a string. Date of birth also might be an issue.... – Professor Abronsius Nov 19 '15 at 23:29

3 Answers3

0
  1. Add names to your elements.
  2. Make sure the form method is "post" not "get".
Ali Sheikhpour
  • 10,475
  • 5
  • 41
  • 82
  • 1
    Also, make sure there is actually a `
    ` that has method.
     – Don't Panic Nov 19 '15 at 22:59
  • @Don'tPanic I have made the corrections as pointed out. Now faced with a new issue, when i submit the form data the data is cleared up and am redirected to the same page which should only happen when the submission isn't successful - no data is added to the database table. What could i be doing wrong and how do share the edited code here? – Mena Nov 21 '15 at 12:24
0

Mena -

I see a few problems with this code:

  1. You do not have this HTML in a element. You will want to wrap that entire in a element and ensure that it is submitted as POST instead of GET. See the W3C documentation on forms here: http://www.w3schools.com/html/html_forms.asp

  2. As Don't Panic mentions, your form input fields do not have names, and therefore won't be submitted with the form. See the link above about the name attribute for input fields.

  3. Unless you emitted it for security reasons (if you did, good call!), you will need a valid mysqli connection. See the PHP manual for instructions on how to create a connection: http://php.net/manual/en/function.mysqli-connect.php

  4. Lastly, your php code to redirect back to the student.php or new_student.php pages will not work unless you specifically created those functions somewhere else as they are not build into PHP. See the PHP manual for the header function here to correctly redirect your users: http://php.net/manual/en/function.header.php

Otherwise, everything else looks like it should work!

TheGrandPackard
  • 611
  • 4
  • 11
0

The problem seems to lie in your HTML. The inputs in the form are not named. And further, if that's the whole code, then some very crucial part is amiss. You did not enclose the form controls in the <form> tag. You need to do this and define the form action as SELF shown. Your code should therefore look like below:

<form name="myform" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<!--
   Your other form elements go here as in
   <input name="some name" class="some class" type="text" />
-->
</form>

That should work if its the php code that wasn't being reached by the form submission.

Supreme Dolphin
  • 2,248
  • 1
  • 14
  • 23
  • If the action is not specified, the form should submit to itself by default. – Don't Panic Nov 19 '15 at 23:01
  • Anyone serious about their code and wants to leave little room for possible browser based errors would seriously avoid defaults. But that was a good tip by the way. Don't Panic. – Supreme Dolphin Nov 19 '15 at 23:05
  • I'm not arguing whether or not it's good practice to explicitly define the form action. I'm just saying that _not_ doing so generally won't keep it from working. – Don't Panic Nov 19 '15 at 23:11
  • Though I seriously think putting `action=""` instead of omittng or using `PHP_SELF` is better off. It reduces security risks. Thank you Don't Panic. – Supreme Dolphin Nov 19 '15 at 23:15