Data from HTML not updating in SQL

Question

I am trying to set up a form for a user to enter information and then for that information to be inserted into a SQL table. I am not getting any error messages but the table is not updating in my database.

My form page is this:

<!DOCTYPE html>
<html>
<head>
    <title>Input 2</title>
</head>
<body>
<h1>Add a user</h1>

    <form action="input-followup2.php" method="post">
        First Name:
            <br/>
                <input type="text" name="firstName">
            <br/>
        <br>
        Last Name:
            <br/>
            <input type="text" name="lastName">
        <br/>
        <br>
        Email Address:
            <br/>
            <input type="text" name="emailAddress">
        <br/>
        <br>
        Monthy Food Budget:
            <br/>
            <input type="number" step="0.01" name="foodBudget">
            <br/>
        <br>
        Monthly Utility Budget:
        <br/>
            <input type="number" step="0.01" name="utilityBudget">
        <br/>
        <br>
        Monthly Entertainment Budget:
        <br/>
            <input type="number" step="0.01" name="entertainmentBudget">
        <br/>
        <br>

        <input name="Add User" type="submit" value="Submit">
    </form> 

</body>

The action for the form summit button links to this page:

Your input was received as:

<?php

$firstName = $_REQUEST["firstName"];
$lastName = $_REQUEST["lastName"];
$emailAddress = $_REQUEST["emailAddress"];
$foodBudget = $_REQUEST["foodBudget"];
$utilityBudget = $_REQUEST["utilityBudget"];
$entertainmentBudget = $_REQUEST["entertainmentBudget"];

echo '<br/>';
echo '<br/> Name: ';
echo $firstName;
echo '&nbsp';
echo $lastName;
echo '<br/> Email Address: ';
echo $emailAddress;
echo '<br/> Food Budget: $';
echo $foodBudget;
echo '<br/> Utility Budget: $';
echo $utilityBudget;
echo '<br/> Entertainment Budget: $';
echo $entertainmentBudget;
?>

<?php
require_once 'login.php';
$connection = mysqli_connect(
    $db_hostname, $db_username,
    $db_password, $db_database);
if(mysqli_connect_error()){
    die("Database Connection Failed: " .
            mysqli_connect_error() .
            " (" . mysqli_connect_errno() . ")"
); };



$addUser = "INSERT INTO CUSTOMER (CustomerID, CustomerFirstName, CustomerLastName, CustomerEmail,FoodBudget, UtilityBudget, EntertainmentBudget)
VALUES (001,{$connection ->real_escape_string($_POST[firstName])}, {$connection ->real_escape_string($_POST[lastName])},{$connection -  >real_escape_string($_POST[emailAddress])}, {$connection ->real_escape_string($_POST[foodBudget])}, {$connection ->real_escape_string($_POST[utilityBudget])}, {$connection ->real_escape_string($_POST[entertainmentBudget])} );";

$upload = mysqli_query($connection, $addUser);

mysqli_close($connection);




?>

When I run the action, and check SELECT * FROM CUSTOMERS; the fields continue to return null. Can someone point me in the right direction?

put a single quote like `$connection ->real_escape_string($_POST[firstName])},` to `$connection ->real_escape_string($_POST['firstName'])},` Or just give `$connection ->real_escape_string($firstName)},` — VipindasKS, Apr 27 '16 at 02:42
Are you sure your query is even executing properly? Add `if(mysqli_query($connection, $addUser)) { echo 'Query success';}` to make sure your query is completing — ethane, Apr 27 '16 at 15:52

score 0 · Answer 1 · answered Apr 27 '16 at 02:42

0

Try

$firstName = mysqli_real_escape_string($firstName);
$lastName = mysqli_real_escape_string($lastName);
$emailAddress = mysqli_real_escape_string($emailAddress);
$foodBudget = mysqli_real_escape_string($foodBudget);
$utilityBudget = mysqli_real_escape_string($utilityBudget);
$entertainmentBudget = mysqli_real_escape_string($entertainmentBudget);

$addUser = "INSERT INTO CUSTOMER(CustomerID, CustomerFirstName, CustomerLastName, CustomerEmail, FoodBudget, UtilityBudget, EntertainmentBudget) VALUES (001, '" . $firstName . "', '" . $lastName . "', '" . $emailAddress . "', '" . $foodBudget . "', '" . $utilityBudget . "', '" . $entertainmentBudget . "')";

answered Apr 27 '16 at 02:42

This is assuming your table **is** indeed `CUSTOMER`. Table names are case-sensitive. – Apr 27 '16 at 02:42
Is it all caps. Your code did not cause any errors but it also did not populate the table. – punygod Apr 27 '16 at 02:56
Can you explain why you added single and double quotes around each variable in the SQL statement? – punygod Apr 27 '16 at 04:20
@andrewxt Well, I personally like to concatenate PHP variables like that, elimination problems with single quotes not rendering variables or something like that. Also, would you try to change `$_REQUEST` to `$_POST`? There's no reason to use `$_REQUEST` since you are only handling `$_POST` – Apr 27 '16 at 05:27

score 0 · Answer 2 · edited May 23 '17 at 12:23

$addUser = "INSERT INTO CUSTOMER (CustomerID, CustomerFirstName, CustomerLastName, CustomerEmail,FoodBudget, UtilityBudget, EntertainmentBudget) VALUES (001,{$connection ->real_escape_string($_POST[firstName])}, {$connection ->real_escape_string($_POST[lastName])},{$connection - >real_escape_string($_POST[emailAddress])}, {$connection ->real_escape_string($_POST[foodBudget])}, {$connection ->real_escape_string($_POST[utilityBudget])}, {$connection ->real_escape_string($_POST[entertainmentBudget])} );";

You are trying to call function inside double quoted string. It is not possible. You are limited to substitute variables only.

Use string catenation instead.

$addUser = "INSERT INTO CUSTOMER (CustomerID, CustomerFirstName, CustomerLastName, CustomerEmail,FoodBudget, UtilityBudget, EntertainmentBudget)
VALUES (001,'".
$connection->real_escape_string($_POST[firstName]).
"', '".
$connection->real_escape_string($_POST[lastName]).
"','".
$connection->real_escape_string($_POST[emailAddress]).
"', '".
$connection->real_escape_string($_POST[foodBudget]).
"', '".
$connection->real_escape_string($_POST[utilityBudget])}.
"', '".
$connection->real_escape_string($_POST[entertainmentBudget]).
"' );";

Even better, use prepared statements and placeholders.

Also, you can check for errors and show them if any:

if (!$connection->query($addUser)) {
    printf("Error: %s\n", $connection->error);
}

You can find that table name is wrong. (because the table name is case sensitive)

It didn't work but thank you for the answer. Your error check actually gave me a new error that might be helpful. `Call to a member function query() on a non-object` — punygod, Apr 27 '16 at 02:57
So, connection is not established or errata in name? Set error reporting level to catch it. http://php.net/manual/en/function.error-reporting.php — artoodetoo, Apr 27 '16 at 03:03
I have triple checked everything and everything is exactly as it is in the database case sensitive. Do you know what else might cause that error? — punygod, Apr 27 '16 at 03:25
Check variable names, please. Previously I made a typo in example: 'conection' with one 'n'. — artoodetoo, Apr 27 '16 at 03:37

Data from HTML not updating in SQL

2 Answers2