-1

I have a HTML5 document for requesting input from user for form(saved as employee.php).

Also I have created a php document (SQLConnectionProcess.php) for connecting the forms to a local database. I am using XAMPP and PHPmyAdmin.

employee.php:

<html>
<body>

<form name="EmployeeDatabase" action="SQLConnectionProcess.php" method="post">

<link rel="stylesheet" href="css.css">

<h1>EMPLOYEE DATABASE</h1>

Employe Card NO: <input type="text" name="cardNO" ><br><br>
Employee NO: <input type="text" name="employeeNO" ><br><br>
Employee Name: <input type="text" name="employeename"><br><br>
Nationality: <input type="text" name="nationality"><br><br>
Profession: <input type="text" name="profession"><br><br>
DOB: <input type="text" name="DOB"><br><br>
DOJ: <input type="text" name="DOJ"><br><br>
DOA(VisitVisa): <input type="text" name="DOA"><br><br>
Company Code: <input type="text" name="companycode"><br><br>
Sponsor Code: <input type="text" name="sponsorcode"><br><br>
Visa Type: <input type="text" name="visatype"><br><br>
Status: <input type="text" name="status"><br><br>

<input type="submit" name="formSubmit" value="Submit">

<?php

?>

</form>

</body>
</html>

SQLConnectionProcess.php:

<?php

$con = mysql_connect('localhost','root','mysql');
mysql_select_db('employee_info',$con);


if(isset($_POST['formSubmit'])){
  $cardNO= isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
  $employeeNO= isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
  $employeename= isset($_POST['employeename']) ? $_POST['employeename'] : "";
  $nationality= isset($_POST['nationality']) ? $_POST['nationality'] : "";
  $profession= isset($_POST['profession']) ? $_POST['profession'] : "";
  $DOB= isset($_POST['DOB']) ? $_POST['DOB'] : "";
  $DOJ= isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
  $DOA= isset($_POST['DOA']) ? $_POST['DOA'] : "";
  $companycode = isset($_POST['companycode']) ? $_POST['companycode'] : 0;
  $sponsorcode= isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
  $visatype= isset($_POST['visatype']) ? $_POST['visatype'] : "";
  $status= isset($_POST['status']) ? $_POST['status'] : "";


  $sql = "INSERT INTO employee_info info(EmployeeCardNO,EmployeeNO,EmployeeName,Nationality,Profession,DOB,DOJ,DOA,CompanyCode,SponsorCode,VisaType,Status) VALUES ($cardNO,$employeeNO,$employeename,$nationality,$profession,$DOB,$DOJ,$DOA,$companycode,$sponsorcode,$visatype,$status)";
  mysql_query($sql);
}
?>

PHPmyAdmin password is "mysql".

When I submit the forms I am getting the following error:

"Fatal error: Uncaught Error: Call to undefined function mysql_connect() in C:\xampp\htdocs\test1\SQLConnectionProcess.php:3 Stack trace: #0 {main} thrown in C:\xampp\htdocs\test1\SQLConnectionProcess.php on line 3"

Kindly help me. Thank you....

Gowthaman Prabhu
  • 64
  • 9
  • Which version of php you are using ? – Web Artisan May 09 '16 at 07:51
  • 2
    side note: Please don't use mysql_*. You can switch to mysqli or PDO with prepared statement as prepared statement is much secure. – DD77 May 09 '16 at 08:11
  • 1
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) that has been [removed](http://php.net/manual/en/mysql.php) from PHP. You should select a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 09 '16 at 08:37
  • Does the version and mysql_* matter if I am using it for local server only? – Gowthaman Prabhu May 09 '16 at 08:37
  • 1
    Please [learn to love labels](http://www.456bereastreet.com/archive/200711/use_the_label_element_to_make_your_html_forms_accessible/) – Quentin May 09 '16 at 08:37
  • 1
    @Gotham — Since the error message says that your version of PHP doesn't have `mysql_*` … **YES!** – Quentin May 09 '16 at 08:38
  • Copy thanks.... @Quentin – Gowthaman Prabhu May 09 '16 at 08:42

1 Answers1

2

Please use PDO or MySQLi. mysql is depreciated and should not be used on new code

http://php.net/manual/en/function.mysql-query.php

Try this link, it helped me a lot: phpdelusions.net/pdo by @Your-Common-Sense.

I would code it this way:

1: db connection file:

    <?php

    $db = new PDO('mysql:host=yourhost;dbname=dbname', 'username', 'password', array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'")); 

    $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    ?>

Your SQLConnectionProcess.php should look like this:

    <?php

require ('path/to/db/con.php');

if(isset($_POST['formSubmit'])){
        $cardNO         =   isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
        $employeeNO     =   isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
        $employeename   =   isset($_POST['employeename']) ? $_POST['employeename'] : "";
        $nationality    =   isset($_POST['nationality']) ? $_POST['nationality'] : "";
        $profession     =   isset($_POST['profession']) ? $_POST['profession'] : "";
        $DOB            =   isset($_POST['DOB']) ? $_POST['DOB'] : "";
        $DOJ            =   isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
        $DOA            =   isset($_POST['DOA']) ? $_POST['DOA'] : "";
        $companycode    =   isset($_POST['companycode']) ? $_POST['companycode'] : 0;
        $sponsorcode    =   isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
        $visatype       =   isset($_POST['visatype']) ? $_POST['visatype'] : "";
        $status         =   isset($_POST['status']) ? $_POST['status'] : "";


        $stmt       =   $db->prepare("INSERT INTO employee_info

                                        (EmployeeCardNO,
                                        EmployeeNO,
                                        EmployeeName,
                                        Nationality,
                                        Profession,
                                        DOB,
                                        DOJ,
                                        DOA,
                                        CompanyCode,
                                        SponsorCode,
                                        VisaType,
                                        Status)

                                        VALUES 

                                        ($cardNO,
                                        $employeeNO,
                                        $employeename,
                                        $nationality,
                                        $profession,
                                        $DOB,
                                        $DOJ,
                                        $DOA,
                                        $companycode,
                                        $sponsorcode,
                                        $visatype,
                                        $status)"

                                    );

        $stmt->execute();

        }
else{

    //something went wrong

}

?>

You have a lot of isset() conditions. If one fails the whole code fails. Try this as a starting point.

Thanks.

MDChaara
  • 318
  • 1
  • 2
  • 15
  • 1
    It seems some of those input fields could do with some parametrization. – Cas May 09 '16 at 08:36
  • @cascer1: Yes, it would seem so. But in the end the purpose is to show the OP how to get it done, not to get it done. – MDChaara May 09 '16 at 08:38