Add new elements to mysql with html

Question

I am trying to add new elements to my database on mysql through my webpage.

This is what I've got so far

<form action="MyCurrentPage.php" method="post" >
   <label for="playername"> Player </label>
   <input type="text" name="addplayer" id="playername"/>
   <input type= "submit" value="submit" />
</form>

and this

<?php
     if (isset($_POST['submit'])) {
        $addplayerv=$_POST['addplayer'];
        $mysqli->select_db("player", $player);

        $sql="INSERT INTO player (nameofplayer) VALUES ('".$addplayerv."')";
        $mysqli->query($sql, $mysqli);
        $mysqli->close($mysqli);
     }

?>

The problem with this is that its not updating anything and I am not getting any errors.

**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Apr 29 '16 at 12:07

score 3 · Answer 1 · answered Apr 29 '16 at 12:07

3

 if (isset($_POST['submit'])) {

You only process the data if the form submits a control named submit.

You have no control with that name (the submit button has submit as the type and the value but it has no name).

Give the submit button a name.

answered Apr 29 '16 at 12:07

Quentin

914,110
126
1,211
1,335

I did that but now it gives me this errors: Undefined variable: player (on the select_db line) mysqli::select_db() expects exactly 1 parameter, 2 given in mysqli::query() expects parameter 2 to be integer, object given mysqli::close() expects exactly 0 parameters, 1 given – user12654809 Apr 29 '16 at 12:16
but "player" is the name of my database and the connection to mysql is fine, I dont know why I am getting that error. – user12654809 Apr 29 '16 at 12:26
@user12654809 — Yes, `"player"` in the name of the database. `$player` is an undefined variable used as a second argument to a function that only takes one argument in the first place. – Quentin Apr 29 '16 at 12:29

score 0 · Answer 2 · edited Apr 29 '16 at 12:44

Please add attribute name on Submit form. Because if you did not mentioned the name attribute, the data which you want to post for add is not entered into condition which you have written under the PHP tags.

Please change the HTML with this:

<form action="MyCurrentPage.php" method="post" >
<label for="playername"> Player </label>
<input type="text" name="addplayer" id="playername"/>
<input type= "submit" name="submit" value="submit" />
</form>

score 0 · Answer 3 · answered Apr 29 '16 at 12:25

missing submit input name your input should be something like this

<input type= "submit" value="submit" name="submit" />

and your db connection your passing two parameters in select_db() that's wrong you have to pass one parameter. should be like this

$player="player";

 $mysqli->select_db($player);

score 0 · Answer 4 · answered Apr 29 '16 at 12:34

<?php
    if (isset($_POST['submit'])) {
        $addplayerv=$_POST['addplayer'];
        $mysqli->select_db("player");

        $sql="INSERT INTO player (nameofplayer) VALUES ('".$addplayerv."')";
        $mysqli->query($sql);
        $mysqli->close();
    }
?>

select_db() needs one parameter: the name of the database you're using.
query() only needs the sql query.
close() doesn't expect any parameter.

Add new elements to mysql with html

4 Answers4