-1

Hey there im currently try to create a page where I can insert some information into my SQL database, this is the php

<?php


    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "film";


$conn = mysqli_connect($servername, $username, $password, $dbname);

if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}



$filmtitle = $_POST['filmtitle'];
$filmyear = $_POST['filmyear'];
$filmduration = $_POST['filmduration'];
$filmrating = $_POST['filmrating'];



$sql="INSERT INTO film (Title, FilmYear, Duration, FilmRating) VALUES
('$filmtitle', `$filmyear`, '$filmduration', '$filmrating',)";



if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else
{
echo "Error: " . $sql . "<br>" . $conn->error;
}



$conn->close();
?>

When I hit the submit button I get the following error, Object not found!

The requested URL was not found on this server. The link on the referring page seems to be wrong or outdated. Please inform the author of that page about the error.

If you think this is a server error, please contact the webmaster.

Here is the HTML as well

<html>
<body>
<h1> Insert a new film!</h1>

<form action ="insert-film.php method="post">

Film Title: <input type="text" name="filmtitle">
Year: <input type="text" name="filmyear">
Duration: <input type="text" name="filmduration">
Certificate: <input type="text" name="filmcertificate">

<input type="submit">

</form>

</body>
</html>
Cooperrr
  • 3
  • 2

2 Answers2

1

There's a few things wrong here.

First

<form action ="insert-film.php method="post">
                              ^ right there.

is missing a quote.

<form action ="insert-film.php" method="post">

Then this: you used ticks instead of quotes for $filmyear and a trailing comma

('$filmtitle', `$filmyear`, '$filmduration', '$filmrating',)";
                                                          ^ right there.

which should read as

('$filmtitle', '$filmyear', '$filmduration', '$filmrating')";

You also seem to be using the wrong array for filmcertificate which should be filmrating.

Certificate: <input type="text" name="filmcertificate"> there is no POST array for it.

$filmtitle = $_POST['filmtitle'];
$filmyear = $_POST['filmyear'];
$filmduration = $_POST['filmduration'];
$filmrating = $_POST['filmrating'];

and

Film Title: <input type="text" name="filmtitle">
Year: <input type="text" name="filmyear">
Duration: <input type="text" name="filmduration">
Certificate: <input type="text" name="filmcertificate">

The last one does not match the $_POST['filmrating'] array.

You probably meant to do:

Film Title: <input type="text" name="filmtitle">
Year: <input type="text" name="filmyear">
Duration: <input type="text" name="filmduration">
Film rating: <input type="text" name="filmrating">

  • Only you know what that should be. Ajust accordingly.

  • Once your PHP kicks in after fixing the quote in the action, you would have been thrown an undefined index filmrating in line... notice.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Thanks this has hugely helped me really appreciate it taking the time to help – Cooperrr Feb 04 '16 at 15:49
  • @Cooperrr you're welcome. I'll be making another edit about `Certificate: ` that isn't used in your POST array. Edit: edited the answer. – Funk Forty Niner Feb 04 '16 at 15:49
  • @Cooperrr I've made a few edits to my answer, so please go over it in its entirety and reload it. – Funk Forty Niner Feb 04 '16 at 15:58
  • ill do that now, its all working now, once again thank you – Cooperrr Feb 04 '16 at 16:09
  • @Cooperrr You're welcome, I was glad to have been of help, *cheers* – Funk Forty Niner Feb 04 '16 at 16:10
  • Hey can I contact you on skype or something I have a slight issue with a delete page and could use your help – Cooperrr Feb 05 '16 at 14:51
  • @Cooperrr I don't have skype etc. any way you can post a new question? I could have a look at it. If I won't be able to help, am sure others could. – Funk Forty Niner Feb 05 '16 at 14:53
  • I am not allowed to ask another question for 6 days or I would have, its fine though you have already helped me enough, I wish you the best buddy! – Cooperrr Feb 05 '16 at 15:32
  • @Cooperrr make up a pastebin file (then paste the link here) and I'll see what I can do. Include all the details in there regarding any errors you may be having. Don't leave out anything where I'll have to guess ;-) can't make any promises though. – Funk Forty Niner Feb 05 '16 at 15:33
0

You have an extra comma at the end of your sql:

$sql="INSERT INTO film (Title, FilmYear, Duration, FilmRating) VALUES
('$filmtitle', `$filmyear`, '$filmduration', '$filmrating',)";

should be:

$sql="INSERT INTO film (Title, FilmYear, Duration, FilmRating) VALUES
($filmtitle', '$filmyear', '$filmduration', '$filmrating')";

Also, make sure you are consistent with your backticks versus single quotes.

Finally, you are exposed to SQL injection attack.

Sablefoste
  • 4,032
  • 3
  • 37
  • 58
  • Thanks, been a really big help for me – Cooperrr Feb 04 '16 at 15:49
  • I know about the SQL injection its just a project for college at the moment we just have to create the database and they will teach us how to protect against it afterwards – Cooperrr Feb 04 '16 at 15:50