Why I can't pass the data to database

Question

I've been breaking my head around this. I supose that should be a simple error that a can't find, and I'm looking for new eyes to help solve.

I want to update the content of a form ("myForm") to a mysql database ("dbcerberus") via PHP, and for some reason, a just can't.

Here is my HTML

    <div id="form">
        <select></select>
        <form id="postForm" method="POST" action="userForm.php">
            <p>Nome:</p>
            <input id="_nome">
            <p>CPF:</p>
            <input id="_cpf">
            <p>Telefone:</p>
            <input id="_tel">
            <p>Endereço:</p>
            <input id="_adress">
            <button id="submit">Save</button>
       </form>
       <button id="openVideoButton">LOAD</button>
   </div>

And here is mais postForm.php and connect.php

connect.php
<?php

// Create connection
$conn = mysql_connect('localhost', 'root', '');
$db = mysql_select_db(dbcerberus);

?>






postForm.php
<?php

    include_once('connect.php');

    $name = $_POST['_nome'];
    $cpf = $_POST['_cpf'];
    $tel = $_POST['_tel'];
    $address = $_POST['_adress'];

    if(mysql_query("INSERT INTO tbvisitante VALUES('$cpf', '$name', '$address', '$tel')"))
        echo "Succes"
    else
        echo "Error"

?>

Thanks in advance. P.s.: Sorry for my bad english.

**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jan 22 '16 at 19:26
Hi lucas just consider looking into PDO instead of mysql_connect — Raja Khoury, Jan 22 '16 at 19:26
The action attribute on you form needs to be updated to postForm.php. — Rhuarc13, Jan 22 '16 at 19:26
besides answers given, you have missing semi-colons for `echo "Succes" else echo "Error"` and that alone will throw parse errors. — Funk Forty Niner, Jan 22 '16 at 19:29

cssyphus · Accepted Answer · 2016-01-22T19:31:57.020

Change this:

<div id="form">
    <select></select>
    <form id="postForm" method="POST" action="userForm.php">
        <p>Nome:</p>
        <input id="_nome">
        <p>CPF:</p>
        <input id="_cpf">
        <p>Telefone:</p>
        <input id="_tel">
        <p>Endereço:</p>
        <input id="_adress">
        <button id="submit">Save</button>
   </form>
   <button id="openVideoButton">LOAD</button>
</div>

To this:

<div id="form">
    <select></select>
    <form id="postForm" method="POST" action="userForm.php">
        <p>Nome:</p>
        <input name="_nome">
        <p>CPF:</p>
        <input id="_cpf" name="_cpf">
        <p>Telefone:</p>
        <input name="_tel">
        <p>Endereço:</p>
        <input name="_adress">
        <button id="submit">Save</button>
   </form>
   <button id="openVideoButton">LOAD</button>
</div>

Note: The id is not used. It does not hurt, but it is not used in a form post. On the other side, the name becomes the variable name and the field contents are that variable's value.

Also, correct your mysql_query statement to:

mysql_query("INSERT INTO tbvisitante (`cpf`,`name`,`address`,`tel`) VALUES('$cpf', '$nome', '$adress', '$tel') ")

Note: The variable $names also must be spelled exactly the same as the name= attribute on the HTML element.

Note2: I am assuming that I have correctly guessed the field names for your MySQL database. Please correct them if necessary.

Mandatory disclaimer: You should also be using mysqli_ or PDO, not the deprecated mysql_ commands.

See, a knew that was a stupid error. I looked at this code for all the morning and nothig. Thank you very much. Ah, and yes, a was using `msqli` but, I change to `mysql` to see if that was the problem. — Lucas Leite, Jan 22 '16 at 19:34
*"You should also be using mysqli_ or PDO"* - "With" a prepared statement. Just using those on their own won't protect them from a possible SQL injection ;-) — Funk Forty Niner, Jan 22 '16 at 19:34
@LucasLeite Isn't SO great? I learn as much on here giving answers as I do asking questions. Please upvote all answers that were helpful -- Quentin has some good pointers my answer does not include. — cssyphus, Jan 22 '16 at 19:36

score 1 · Answer 2 · answered Jan 22 '16 at 19:24

The name attribute of a form control determines how its value will be labeled when you send it to the server.

Form controls without names aren't successful and won't be sent at all.

You've only give yours id attributes which are used for client side interaction (such as in combination with the for attribute of a <label> (which you should be using)).

Why I can't pass the data to database

2 Answers2