Empty SQL after form submission

Question

I've searched and searched I cannot find an answer to this I've made a form HERE It's very basic. Somehow it's not submitting the final data. the code is

<form class="form" action="submit.php" method="post">
   <table>
   <tr>             
<td>Team Name: </td>
<td><input type="text" name="team"></td>
</tr>
<tr>
<td>Captains xbox tag: </td>
<td><input type="text" name="cap"></td>
<tr>
<td>Captains E-mail:</td> 
<td><input type="text" name="email"></td>
</tr>
<tr>
<td>Team Mates: </td>
<td><TEXTAREA name="teammates" rows="6" cols="50">
Please place each team member on a new line
   </TEXTAREA><br></td>
</tr>
<tr>
<td>Sub team mates: </td>
<td><TEXTAREA name="subs" rows="2" cols="50"></TEXTAREA></td>
</tr>
</table>
<p><input type="submit"></p>
</form>

That's the form

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "dbname";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO tournament1 (team, teammates, cap, email, subs)
VALUES ('$_POST[team]','$_POST[cap]','$_POST[email]','$_POST[teammates]','$_POST[subs]')";

if ($conn->query($sql) === TRUE) {
    echo "Your team has been submitted Thankyou. You will be redirected back to the tournaments page Shortly";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

What am I doing wrong? It will connect and do something because the ID fills because of its autoincremented. everything else gets lost. Thanks in advance guys Kyle

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Sep 07 '16 at 12:05
DEBUGGING: if you are not getting this `Connection failed` it means, your connection is fine, now check the post values `print_r($_POST)` than echo your query and run manualy in php my admin. — devpro, Sep 07 '16 at 12:10

Option · Accepted Answer · 2016-09-07T12:53:47.563

1

So I switched it around a little for you but this should work fine..

firstly the form, I have added an isset in for you:

<form class="form" action="submit.php" method="post">
<table>
    <tr>
        <td>Team Name: </td>
        <td><input type="text" name="team"></td>
    </tr>
    <tr>
        <td>Captains xbox tag: </td>
        <td><input type="text" name="cap"></td>
    <tr>
        <td>Captains E-mail:</td>
        <td><input type="text" name="email"></td>
    </tr>
    <tr>
        <td>Team Mates: </td>
        <td><TEXTAREA name="teammates" rows="6" cols="50">
Please place each team member on a new line
   </TEXTAREA><br></td>
    </tr>
    <tr>
        <td>Sub team mates: </td>
        <td><TEXTAREA name="subs" rows="2" cols="50"></TEXTAREA></td>
    </tr>
</table>
<p><input type="submit" name="sendit"></p>
</form>

You'll notice I have changed action to action="" so it runs under its own page.

Followed next by the PHP of which I have added conditions into for you.

Add the PHP to submit.php

Please note: you can also add required at the end of each input field.

if (isset($_POST['sendit']))
{
    $team = $_POST['team'];
    $captain = $_POST['cap'];
    $email = $_POST['email'];
    $mates = $_POST['teammates'];
    $sub = $_POST['subs'];

    if (!empty($team))
    {
        if (!empty($captain))
        {
            if (!empty($email))
            {
                if (!empty($mates))
                {
                    if (!empty($sub))
                    {
                        $sql = "INSERT INTO `tournament1` (team, teammates, cap, email, subs) VALUES ('$team', '$mates', '$captain', '$email', '$sub')";

                        if ($conn->query($sql) === TRUE) {
                            echo "New record created successfully";
                        } else {
                            echo "Error: " . $sql . "<br>" . $conn->error;
                        }

                    } else {
                        echo "Please add subs..";
                    }
                } else {
                    echo "Please add mates..";
                }
            } else {
                echo "Please add captains email..";
            }
        } else {
            echo "Please add captains name..";
        }
    } else {
        echo "Please add team name..";
    }

}

edited Sep 07 '16 at 12:53

answered Sep 07 '16 at 12:15

Option

2,605
2
19
29

and what about SQL Injection? and i also suggest u to optimize your code, move validation in array. – devpro Sep 07 '16 at 12:16
If the Op was Familiar with PDO I would of written it out that way and added bindparam to each one for the Op. – Option Sep 07 '16 at 12:23
but mysql_* is deprecated – devpro Sep 07 '16 at 12:23
Good call! I'll adjust accordingly. It's a shame the Op hasn't moved over to PDO still.. – Option Sep 07 '16 at 12:25
Well I've added that exactly as you've put it and when it submits it resets the page and the sql data still doesnt get filled. Man I'm an idiot – Vixen Gaming Sep 07 '16 at 12:48
Did you add the PHP above all of the HTML in the same page? – Option Sep 07 '16 at 12:49
Which page the submit, or the index? I inserted it into the submitted page. – Vixen Gaming Sep 07 '16 at 12:50
if the PHP is in the submit.php page change the `
` to: `
` and it'll work. I never direct away to another page usually.
– Option Sep 07 '16 at 12:51
Then we're back to square one though? – Vixen Gaming Sep 07 '16 at 12:52
I've just edited the answer to make it more clear for you. the html should go into your html file example: form.php. The PHP goes into submit.php. – Option Sep 07 '16 at 12:54
That worked, thanyou so much. Would you recommend me leaving the PHP script in the header of index.php then? – Vixen Gaming Sep 07 '16 at 12:59
I would usually yes. In all honesty, PDO is the best way to go with queries and such. – Option Sep 07 '16 at 13:02
What does PDO stand for – Vixen Gaming Sep 07 '16 at 13:03
it stands for PHP Data Objects. – Option Sep 07 '16 at 13:04

Empty SQL after form submission

1 Answers1