mysql table not receiving data from form using php mysqli

Question

I am unable to insert data into the table instead it displays the same blank form. I know many would have posted this kind of question before but I tried and searched for answers but in vain. This was the last option. So please help me to solve my problem. Below is the php and html5 code. Have a look over it. Thank you.

 <?php

include_once("connection.php");
set_time_limit (1800);

$msg = "";
if(isset($_POST["submit"]))
{
    $first_name = $_POST["first_name"];
    $middle_name = $_POST["middle_name"];
    $last_name = $_POST["last_name"];
    $licence_no = $_POST["licence"];
    $qualification = $_POST["qualification"];
    $adress1 = $_POST["adress1"];
    $adress2 = $_POST["adress2"];
    $city = $_POST["city"];
    $state = $_POST["state"];
    $zipcode = $_POST["zipcode"];
    $phone = $_POST["phone"];
    $specialization = $_POST["specialization"];
    $consultation_fee = $_POST["consultation_fee"];
    $experience = $_POST["experience"];
    $timings = $_POST["timings"];


     //To avoid Mysql injections
    $first_name = mysqli_real_escape_string($db, $first_name);
    $middle_name = mysqli_real_escape_string($db, $middle_name);
    $last_name = mysqli_real_escape_string($db, $last_name);
    $licence_no = mysqli_real_escape_string($db, $licence_no);
    $qualification = mysqli_real_escape_string($db, $qualification);
    $adress1 = mysqli_real_escape_string($db, $adress1);
    $adress2 = mysqli_real_escape_string($db, $adress2);
    $city = mysqli_real_escape_string($db, $city);
    $state = mysqli_real_escape_string($db, $state);
    $zipcode = mysqli_real_escape_string($db, $zipcode);
    $phone = mysqli_real_escape_string($db, $phone);
    $specialization = mysqli_real_escape_string($db, $specialization);
    $consultation_fee = mysqli_real_escape_string($db, $consultation_fee);
    $experience = mysqli_real_escape_string($db, $experience);
    $timings = mysqli_real_escape_string($db, $timings);


        $query =  mysqli_query($db,"INSERT INTO t_doctorprofile (first_name,   
      middle_name, last_name,  licence, qualification, adress1, adress2,   
    city, state, zipcode, phone, email, specialization, consultation_fee, 
    experience, timings) VALUES ('$first_name','$middle_name', '$last_name',         
     '$licence_no','$qualification','$adress1','$adress2',
     '$city','$state','$zipcode','$phone',
       '$specialization','$consultation_fee','$experience','$timings')");   

    if($query)
        {
            $msg = "Thank You! you have updated your information.";
        }
     }


     ?>


     <!DOCTYPE HTML>
     <html> 
     <head>
     <title>Sign-Up</title>
     </head> 
     <body id="body-color"> <div id="update"> <fieldset style="width:30%">     
     <legend>Update Your Information</legend> <table border="0"> 
      <tr> <form method="POST" action="doctor_insert_updateprofile.php"> 
     <td>First Name</td>
     <td> <input type="text" name="first_name"></td> </tr>

     <td>Middle Name</td>
     <td> <input type="text" name="middle_name"></td> </tr>

     <tr> <td>Last Name </td><td> <input type="text" name="last_name"></td>         
     </tr>   

     <tr> <td>Licence No:  </td><td> <input type="text" name="licence"></td>   
     </tr> 

    <tr> <td>Qualification </td><td> <input type="text"    
    name="qualification"></td> </tr> 

   <tr> <td>Address1 </td><td> <input type="text" name="adress1"></td> </tr> 

   <tr> <td>Address2 </td><td> <input type="text" name="adress2"></td> </tr> 


     <tr> <td>City </td><td> <input type="text" name="city"></td> </tr>


   <tr> <td>State </td><td> <input type="text" name="state"></td> </tr>  


    <tr> <td>ZIP </td><td> <input type="text" name="zipcode"></td> </tr> 

   <tr> <td>Phone</td><td> <input type="text" name="phone"></td> </tr> 

  <tr> <td>Specialization</td><td> <input type="text" name="specialization">    
  </td> </tr> 

  <tr> <td>Consultation Fee</td><td> <input type="text" name="consultation   
  fee"></td> </tr> 

  <tr> <td>Experience</td><td> <input type="text" name="experience"></td>   
  </tr> 

   <tr> <td>Timings</td><td> <input type="text" name="timings"></td> </tr> 



   <div style="color:red; font-family:sans-serif"><?php echo $msg;?></div>

            <hr/>
            <button type="submit" name="submit" class="btn btn-  
    success">Update</button>

            <hr/>
    </form> 
    </table> 
    </body>
    </html>

Have you [enabled error reporting](http://stackoverflow.com/a/6575502/1438393)? — Amal Murali, Dec 09 '15 at 09:37
I have just added this statement $msg = "Thank You! you have updated your information."; } else die('error'.mysql_error()); } — , Dec 09 '15 at 09:40
Column and values are not equal !! I think you missing `email` in your values. — Saty, Dec 09 '15 at 09:41
please don't use escaping for security. use prepared statements instead. you are not protecting yourself against SQL injections. look at [this](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — BRoebie, Dec 09 '15 at 09:43
Please post the SQL that is produced by the code, before it is executed. it will help to debug the problem — yossi, Dec 09 '15 at 09:53
I agree with Jeff. @Saty since another answer was given, and they say it's wrong, that you should submit an answer in order to mark this one as solved. — Funk Forty Niner, Dec 09 '15 at 12:00

Abdulla Nilam · Answer 1 · 2015-12-09T10:14:04.513

Try this

if(isset($_POST["submit"]))
{
     //To avoid Mysql injections
    $first_name = mysqli_real_escape_string($db, $_POST["first_name"]);
    $middle_name = mysqli_real_escape_string($db, $_POST["middle_name"]);
    $last_name = mysqli_real_escape_string($db, $_POST["last_name"]);
    $licence_no = mysqli_real_escape_string($db, $_POST["licence"]);
    $qualification = mysqli_real_escape_string($db, $_POST["qualification"]);
    $adress1 = mysqli_real_escape_string($db, $_POST["adress1"]);
    $adress2 = mysqli_real_escape_string($db, $_POST["adress2"]);
    $city = mysqli_real_escape_string($db, $_POST["city"]);
    $state = mysqli_real_escape_string($db, $_POST["state"]);
    $zipcode = mysqli_real_escape_string($db, $_POST["zipcode"]);
    $phone = mysqli_real_escape_string($db, $_POST["phone"]);
    $specialization = mysqli_real_escape_string($db, $_POST["specialization"]);
    $consultation_fee = mysqli_real_escape_string($db, $_POST["consultation_fee"]);
    $experience = mysqli_real_escape_string($db, $_POST["experience"]);
    $timings = mysqli_real_escape_string($db, $_POST["timings"]);


    $query =  "INSERT INTO t_doctorprofile (first_name,   
    middle_name, last_name,  licence, qualification, adress1, adress2,   
    city, state, zipcode, phone, email, specialization, consultation_fee, 
    experience, timings) 
    VALUES ('$first_name','$middle_name', '$last_name',         
    '$licence_no','$qualification','$adress1','$adress2',
    '$city','$state','$zipcode','$phone', '$email'
    '$specialization','$consultation_fee','$experience','$timings')";   

    if (!mysqli_query($db,$query)) {
        die('Error: ' . mysqli_error($db));
    }
    if($query){
        echo 'Success'; 
    }

even though that is clearer and shorter, it wouldn't solve his problem. — Jeff, Dec 09 '15 at 09:47
@Abdulla Your way of assigning the values is cleaner and shorter that the original. still, it doesn't solve his problem. — Jeff, Dec 09 '15 at 09:59
@Jeff cz he still not respond the question !!. How you know its not working?? did you try this your own?? — Abdulla Nilam, Dec 09 '15 at 10:01
@Abdulla I know it's not working first because your answer doesn't change anything crucial to the logic, and second Saty's comment points out an obvious and breaking misstake in the code, that is still there in your answer. — Jeff, Dec 09 '15 at 10:12

score 0 · Answer 2 · answered Jun 23 '17 at 06:56

  <?php

  include_once("connection.php");
  set_time_limit (1800);

   $msg = "";
     if(isset($_POST["submit"]))
  {
$first_name = $_POST["first_name"];
$middle_name = $_POST["middle_name"];
$last_name = $_POST["last_name"];
$licence_no = $_POST["licence"];
$qualification = $_POST["qualification"];
$adress1 = $_POST["adress1"];
$adress2 = $_POST["adress2"];
$city = $_POST["city"];
$state = $_POST["state"];
$zipcode = $_POST["zipcode"];
$phone = $_POST["phone"];
$specialization = $_POST["specialization"];
$consultation_fee = $_POST["consultation_fee"];
$experience = $_POST["experience"];
$timings = $_POST["timings"];


 //To avoid Mysql injections
$first_name = mysqli_real_escape_string($db, $first_name);
$middle_name = mysqli_real_escape_string($db, $middle_name);
$last_name = mysqli_real_escape_string($db, $last_name);
$licence_no = mysqli_real_escape_string($db, $licence_no);
$qualification = mysqli_real_escape_string($db, $qualification);
$adress1 = mysqli_real_escape_string($db, $adress1);
$adress2 = mysqli_real_escape_string($db, $adress2);
$city = mysqli_real_escape_string($db, $city);
$state = mysqli_real_escape_string($db, $state);
$zipcode = mysqli_real_escape_string($db, $zipcode);
$phone = mysqli_real_escape_string($db, $phone);
$specialization = mysqli_real_escape_string($db, $specialization);
$consultation_fee = mysqli_real_escape_string($db, $consultation_fee);
$experience = mysqli_real_escape_string($db, $experience);
$timings = mysqli_real_escape_string($db, $timings);

var_dump($_POST) //use this to print data or print_r($_POST); //use this to print post data check if data is received correctly then there must be problem in your sql query or sql table

for that use sql query and then use this to print error or success msg

 if (!mysqli_query($db,$query)) {
    die('Error: ' . mysqli_error($db));
}
if($query){
    echo 'Success'; 
}

mysql table not receiving data from form using php mysqli

2 Answers2