0

I am new to PHP and I am making a insert function which will insert the html input into my Sql database but at the moment when I submit nothing happens and no information is entered into the database. Any help on how I can get the in-putted information to submit to the database would be greatly appreciated.

<html>
<head>

</head>
<body>

  <div align = "center">


           <form method = "POST" class="basic-grey">
           <h1><i>Insert</i></h1>
              <label>Title  :<input type = "text" name="title"/></label>
              <label>Content  :<input type = "text" name="content"/></label>
              <label>User  :<input type = "text" name="user"/></label>

              <label><input type = "submit" value = "submit"/></label>
           </form> 

           <div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error ?></div>

           </div>
</html>
<?php

include_once 'db_config.php';

session_start();
if (!(isset($_SESSION['login_user']) && $_SESSION['login_user'] != '')) {

header ("Location: login2.php");

 }


if(isset($_POST["submit"])) {



$title = $_POST['title'];
$content = $_POST['content'];
$user = $_POST['user'];

$sql = "INSERT INTO 'diary' ('ID', 'TITLE', 'CONTENT', 'USER') 
VALUES (NULL, '$title','$content', '$user',)";

if ($conn->query($sql) === TRUE) {
header("location: results.php");
 } else {
 echo "Error: " . $sql . "<br>" . $conn->error;
}
}
$conn->close();


?>
Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
Daniel Creaser
  • 9
  • 4
  • Database connection is completed successfully? – Paresh Gami Mar 17 '16 at 18:55
  • Try print_r($conn->query($sql)); to see what the problem is – 25r43q Mar 17 '16 at 18:56
  • Won't work because you don't have anything named 'submit' for `if(isset($_POST["submit"])) {` to test. – Jay Blanchard Mar 17 '16 at 18:57
  • Also, I would suggest that you fix the sql injection you have there ;) .. (what happens if the user adds " ') " as a postvalue? – 25r43q Mar 17 '16 at 18:57
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 17 '16 at 18:58
  • Thank you for the help. I have changed the sql query so it is correct and named the submit button but still no result. Sorry for my lack of knowledge on the topic. – Daniel Creaser Mar 18 '16 at 17:39
  • Are you getting any errors now? – Jay Blanchard Mar 18 '16 at 17:40
  • EDIT i have fixed it now and now the results are showing. Thank you – Daniel Creaser Mar 18 '16 at 17:44

3 Answers3

0

Your script doesn't won't work because you don't have anything named 'submit' for if(isset($_POST["submit"])) { to test. Fix that by naming your submit button:

<label><input type="submit" name="submit" value="submit"/></label>

Once clicked now the button's name will appear in the $_POST array.

In addition: session_start() should be right after your opening PHP tag.

Your script is at risk for SQL Injection Attacks. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy.

Your error checking will reveal that you have quoted instead of back ticked table and column names and that you have an extra comma. Change your insert query as follows:

$sql = "INSERT INTO `diary` (`ID`, `TITLE`, `CONTENT`, `USER`) VALUES (NULL, '$title','$content', '$user')";
Community
  • 1
  • 1
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
0

You are using invalid mysql syntax. You are using wrong string literal ' for table name and columns name. You can use this ` , or no literal at all.

Option 1 :

$sql = "INSERT INTO `diary` (`ID`, `TITLE`, `CONTENT`, `USER`) VALUES (NULL, '$title','$content', '$user')";

Option 2 :

$sql = "INSERT INTO diary (ID, TITLE, CONTENT, USER) VALUES (NULL, '$title','$content', '$user')";
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Ilija
  • 11
  • 3
0

maybe you didn't use name of 'submit' for executed like :

<input type="submit" **name="simpan"** value="SIMPAN"/>
Herninda
  • 1
  • 1