-1

My form won't save in my db connect code saved as con_mysql.php:

<?php
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_USER', 'root');
DEFINE ('DB_PSWD', '*****');
DEFINE ('DB_NAME', 'lexusdb');

$dbcon = mysqli_connect(DB_HOST, DB_USER, DB_PSWD, DB_NAME);
?>

form code:

<form method="post" action="newep.php">
<input type="hidden" name="submitted" value="true" />
<fieldset>
<legend>New Content:</legend>
<label>Name: <input type="text" name="newcontent" /></label>
</fieldset>
<br />
<input type="submit" value="add new anime" />
</form>
<?php
echo $newrecord
?>

PHP:

<?php

if (isset($_POST['submit'])) {
    include('con_mysql.php');

    $nanime = $_POST['newcontent'];
    $sqlinsert = "INSERT INTO title (title_name) VALUES ('$newcontent')";

    if (!mysqli_query($dbcon, $sqlinsert)) {
        die('Error inserting new record');      
    }

    $newrecord = "1 anime added";
}

?>

at first it just won't save anything in DB using the form, and now it also have Undefined variable: newrecord

all files saved in the same folder and newep.php is also created. my db consist of table named title, inside title have title_id INT(4) not null auto_increment then title_name VARCHAR(255) not null. I hope you guys can help me with this one as you guys have help me by just searching for what i need THANKS

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Kumi Rin
  • 3
  • 4
  • tip: for any user submitted value use `mysqli_real_escape_string($conn, $userValue);` to stay away from db injection. – xYuri Sep 25 '16 at 12:09
  • Is the form is in the same file as the php file? If it's not that's the reason why you have an error Undefined variable. Not unless you are including the php file in your form file – vher2 Sep 25 '16 at 12:10
  • @xYuri **TIP:** Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Sep 25 '16 at 12:11
  • @Kumi you still need help in it ? – Laith Sep 25 '16 at 12:11
  • the problem is that there is not name for the submit ( input) change this in your code `` – Laith Sep 25 '16 at 12:14
  • Is this ALL ONE SCRIPT? Or 2 different script files? – RiggsFolly Sep 25 '16 at 12:14
  • @Laith submit button doesn't have to have name cuz it doesn't have a value even it only do submit from the page, – xYuri Sep 25 '16 at 12:17
  • This code is just full of careless errors! VTC as (Typo * 3) at least – RiggsFolly Sep 25 '16 at 12:18
  • You can use `$_SERVER['REQUEST_METHOD']` to know if a form is submitted or not, instead of using `isset($_POST['submit'])` – vher2 Sep 25 '16 at 12:19
  • 1
    mmm though the submit button wont work if it does not have name mmm . – Laith Sep 25 '16 at 12:20
  • 2
    Query is using `('$newcontent')` which does not exist, You do create a variable called `$nanime = $_POST['newcontent'];` Just above the query line. **Like I said all just careless TYPO errors** – RiggsFolly Sep 25 '16 at 12:21
  • If your FORM code is above you PHP code then `$newrecord` will not exist at that point in your script `` – RiggsFolly Sep 25 '16 at 12:22
  • 1
    Now its just all the other errors. 2 answers, basically scooped most of the comments into an answer for you – RiggsFolly Sep 25 '16 at 12:31
  • Error reporting would have been your friend http://php.net/manual/en/function.error-reporting.php as would http://php.net/manual/en/mysqli.error.php – Funk Forty Niner Sep 25 '16 at 12:37

2 Answers2

1

Edit :

There is few things that your code is missing , but its ok , you still learning and its great way to start , learning from the faults is good .

One of the things and its one of the most important things that you missed is that you have to prevent SQL Injection in your code , even if you code was perfect but you query has that issue then you are in troubles , How can you protect your Query ? by this way : SQL INJECTION

Second , i see you using MYSQLI , which is a good relational database driver, but i prefer you start to use PDO . Whats PDO ?

PDO is an acronym for PHP Data Objects. PDO is a lean, consistent way to access databases. This means developers can write portable code much easier. PDO is not an abstraction layer like PearDB. PDO is a more like a data access layer which uses a unified API (Application Programming Interface).

Its easy and simple . What's the differenet between PDO and MYSQLI ?

Different between MYSQLI and PDO

Third thing and i will take that from one of the comments by Fred , You need to start using Error reporting , read this :

Errors Reports

Now to the code .

In your code you tried to echo a variable from the form before you receive the data from the form ( before the submit happen ) , so you should first send the data and receive it then do whatever you want with it .

In your code : 

<?php
   echo $newrecord
?>

The right way as you can see it here :

if (isset($_POST['submit'])) 
        {
            include_once('con_mysql.php');

            $nanime = $_POST['newcontent'];
            $sqlinsert = "INSERT INTO title (title_name) VALUES ('$nanime')";

            if (!mysqli_query($dbcon, $sqlinsert)) 
            {
                die('Error inserting new record');      
            }

            else
            {
                $newrecord = "1 anime added";
                echo $newrecord;
            }

        }

I hope that my answer helped you , and remember the first part cause its so important .

Here is the full code . 

<html>
<head>
</head>
<body>
    <form method="post" action="">
        <input type="hidden" name="submitted" value="true" />
        <fieldset>
            <legend>New Content:</legend>
            <label>Name: 
            <input type="text" name="newcontent" /></label>
        </fieldset>
        <br />
        <input type="submit" name="submit" value="add new anime" />
    </form>
    <?php

    if (isset($_POST['submit'])) 
        {
            include_once('con_mysql.php');

            $nanime = $_POST['newcontent'];
            $sqlinsert = "INSERT INTO title (title_name) VALUES ('$nanime')";

            if (!mysqli_query($dbcon, $sqlinsert)) 
            {
                die('Error inserting new record');      
            }

            else
            {
                $newrecord = "1 anime added";
                echo $newrecord;
            }

        }

    ?>

</body>
</html>
Community
  • 1
  • 1
Laith
  • 428
  • 4
  • 10
0

It looks like you have a typo when including the file which opens connection. Instead of:

include('con_mysql.php.php');

I guess it should be:

include('con_mysql.php');

The next thing is checking your $_POST. Only fields with a name would be there, so you need to change your condition from:

if (isset($_POST['submit'])) {

to:

if (!empty($_POST)) {

and finally you are using an uninitialized variable in your query,

so change that line:

$sqlinsert = "INSERT INTO title (title_name) VALUES ('$newcontent')";

to

$sqlinsert = "INSERT INTO title (title_name) VALUES ('$nanime')";
jakub wrona
  • 2,212
  • 17
  • 17
  • Oh yess sorry about that, i typed it new i really don't know how it went like that, but it's good on my php file but still not saving anything in database – Kumi Rin Sep 25 '16 at 12:08
  • I think in this case require_once or require would be the right one to use, not the include one. – jakub wrona Sep 25 '16 at 12:11
  • It's still not sending, I'm sorry about this i really want to learn about php – Kumi Rin Sep 25 '16 at 12:15