0

I want to save my data in my phpmyadmin database.But it's not saving. So while saving my data, it refresh the page but data not showing in database

Here is my class by which i want to save data:

class User{
    public function __construct(){

        $host='localhost';
        $user='root';
        $password='';
        $conn=mysql_connect($host,$user,$password);
        if(!$conn){
            die("Database Not Connected" . mysql_error());
        }

        mysql_select_db("db_sign_up");
        echo "Database created! ";
    }

    public function save_user($data){
        $sql="INSERT INTO tbl_user(first_name,last_name,email_address,password,mobile_number,address,
                                   city_name,country_name,zip_code)
                   VALUES('$data[first_name]','$data[last_name]','$data[email_address]','$data[password]',
                  '$data[mobile_number]','$data[address]','$data[city_name]','$datacountry_name]','$data[zip_code]')";
            if(!mysql_query($sql)){
                die("sl Error". mysql_error());
            }
            echo "Saved Successfully!";
            //mysql_close($conn);
    }
}

here is UI

<?php
    require_once './classes/user.php';
    $obj=new User();
    if(isset($_POST['btn'])){
        $obj->save_user($_POST);
    }
?>

<html>
<head><title> Database Basic</title></head>
<body>
    <form action="sign_up.php" method="post">
        <table border="1">
            <tr><td>Personal Information</td><td></td></tr>
            <tr>
                <td> First Name</td>
                <td>
                    <input type="name" name="first_name" value="<?php if(isset($_POST['first_number'])){ echo htmlentities($_POST['first_name']);} ?> "/>
                </td>
            </tr>
            <tr>
                <td> Last Name</td>
                <td>
                    <input type="name" name="last_name" value="<?php if(isset($_POST['last_name'])){ echo htmlentities($_POST['last_name']);} ?> "/>
                </td>
            </tr>
            <tr>
                <td> Email Address</td>
                <td>
                    <input type="name" name="email_address" value="<?php if(isset($_POST['email_address'])){ echo htmlentities($_POST['email_address']);} ?> "/>

                </td>
            </tr>
            <tr>
                <td> Password</td>
                <td>
                    <input type="password" name="password" value="<?php if(isset($_POST['password'])){ echo htmlentities($_POST['password']);} ?> "/>
                </td>
            </tr>
            <tr>
                <td> Mobile Number</td>
                <td>
                    <input type="name" name="mobile_number" value="<?php if(isset($_POST['mobile_number'])){ echo htmlentities($_POST['mobile_number']);} ?> "/>
                </td>
            </tr>
            <tr>
                <td> Address</td>
                <td>
                    <textarea name="address" rows="4" cols="30"></textarea>
                </td>
            </tr>
            <tr>
                <td> City</td>
                <td>
                    <input type="" name="city_name" value="<?php if(isset($_POST['city_name'])){ echo htmlentities($_POST['city_name']);} ?> "/>
                </td>
            </tr>
            <tr>
                <td> Country</td>
                <td>
                    <select name="country_name">
                        <option value=" ">Select Country ...</option>
                        <option value="bangladesh">Bangladesh</option>
                        <option value="srilanka">Srilanka </option>
                        <option value="india">India</option>
                    </select>
                </td>
            </tr>
            <tr>
                <td> Zip Code</td>
                <td>
                    <input type="name" name="zip_code" value="<?php if(isset($_POST['zip_code'])){ echo htmlentities($_POST['zip_code']);} ?> "/>
                </td>
            </tr>
            <tr>
                <td></td>
                <td>
                    <input type="submit" name="btn" value="Save">
                </td>
            </tr>
        </table>
    </form>
</body>
Hola
  • 2,163
  • 8
  • 39
  • 87
  • Please show your codes.. – Sazzadur Rahman Jan 17 '16 at 10:50
  • added..please check. – Hola Jan 17 '16 at 10:53
  • is the `$data` variable is an array? – Sazzadur Rahman Jan 17 '16 at 10:55
  • yes array... solved it.by mistake i haven't put

    tag. BTW thanks for helping!

     – Hola Jan 17 '16 at 10:58
  • PHPMyAdmin is a database client, not a database. – Quentin Jan 17 '16 at 11:25
  • You're using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php) and are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) against. You're using [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php) and should [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of passwords. – Quentin Jan 17 '16 at 11:26
  • Omitting an HTML end tag isn't going to break anything. The tag is optional in HTML. – Quentin Jan 17 '16 at 11:27

2 Answers2

0

You have an error in your INSERT STATEMENT:

you are using countryname variable in your query as:

'$datacountry_name]'

I think this should be like this:

'$data[country_name]'

Side note:

You are using mysql_ its deprecated I suggest you to use mysqli_ or PDO.

secondly your code is open for SQL Injection, you need to prevent with sql injection.

devpro
  • 16,184
  • 3
  • 27
  • 38
-1

its function receives an array, then check your array. The type fields in the db, and if are properly filled. field int type = int value

if it is returned as a string, you can convert this:

$string = $data[mobile_number];
$int = (int)$string; // convert string type for int.

or use the type varchar to the field if not the case, say more about the your code.

Júlio Jamil
  • 109
  • 1
  • 6
  • Telephone numbers frequently start with a `0`. You can't treat them as integers. – Quentin Jan 17 '16 at 11:26
  • I do not use zeros in front of the number to save the db. :) but what was put just one example – Júlio Jamil Jan 17 '16 at 11:54
  • thanks for -1 Quentin, I'm happy to see people negativando only because they think that everyone is equal. in my country, there are no Telephone numbers beginning with "0" – Júlio Jamil Jan 17 '16 at 12:21