-2

I have following codes and it runes successfully and says that data successfully entered but when i check the database table, every time i insert data (Despite of that successful operation) i get one blank row. Inshort no data is being inserted although the code says operation successful

CODE: dbconnect.php

<?php
$host= "host";
$user = "user";
$password = "pass";
$db = "db";

 $con = mysqli_connect($host,$user,$password,$db);
 if (!$con) 
 {  echo "Failed to Connect"; }
 else
 {  echo "Connection successful";}
 ?>

CODE:addInfo.php

<?php
require "dbconnect.php";
$username = $_POST["username"];
$email = $_POST["email"];
$mobile = $_POST["mobile"];
$flag = false;
$sql = "insert into userInfo values('$username','$email','$mobile');";
$flag=mysqli_query($con,$sql);
if($flag!==false)
{
    echo "Data inserted successfully!";
}
else
{
echo "Error in insertion" . mysqli_error($con);
}
?>

CODE:index.php

<!DOCTYPE html>
<html>
<head>
    <title>Add Information</title>
</head>
<body>
<form action="addinfo.php">
<table>
    <tr>
    <td>Name:</td>
    <td><input type="text" name="name"/></td>
    <td>Email:</td>
    <td><input type="text" name="email"/></td>
    <td>Mobile:</td>
    <td><input type="text" name="mobile"/></td>
    </tr>
</table>
<input type ="submit" value="Submit" />
</form>
</body>
</html>

Any type of help you guys can do,please proceed,

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Shikhar Shah
  • 19
  • 6
  • 1
    [sql injection](https://en.wikipedia.org/wiki/SQL_injection) disaster waiting to happen... Please use prepared statements, or at least sanitize your users's input – Pevara Oct 26 '16 at 17:16
  • Look at `name="name"` in your input, then again at `$username = $_POST["username"];`. And you're not specifying the method, so it defaults to GET. You need `
    `
     – Qirel Oct 26 '16 at 17:19
  • corrected and used the POST tag as u suggested, still the same error.Blank rows are getting inserted! – Shikhar Shah Oct 26 '16 at 17:25
  • What are the column name of `userInfo` table? – Nana Partykar Oct 26 '16 at 17:26
  • username,email,mobile are the columns – Shikhar Shah Oct 26 '16 at 17:26
  • @ShikharShah Update your question with the code you're currently running. And, add [`error_reporting(E_ALL);`](http://php.net/manual/en/function.error-reporting.php) [`ini_set('display_errors', 1);`](http://php.net/manual/en/function.ini-set.php) on top of your `addInfo.php`, directly after ` – Qirel Oct 26 '16 at 17:26
  • codes updated:) – Shikhar Shah Oct 26 '16 at 17:32
  • Well, does the error-reporting yield anything? If not, what does `print_r($_POST);` output? – Qirel Oct 26 '16 at 17:34
  • where to add this line print_r($_POST); ? – Shikhar Shah Oct 26 '16 at 17:34
  • In `addInfo.php`. But like I said before, does any error-messages appear after you added the error-reporting? That could tell us a lot what we're dealing with. – Qirel Oct 26 '16 at 17:36
  • You edited your question to use the right POST array/name attribute. Please don't "fix" your code since it will be contradictive to the (accepted) answer given. I had to perform a rollback to a previous revision. – Funk Forty Niner Oct 26 '16 at 18:24

1 Answers1

3

I) Changes

  • Change $username = $_POST["username"]; to $username = $_POST["name"];
  • Add method="POST" in <form>
  • Use mysqli prepared statement to avoid security vulnerability.

II) Updated Code

dbconnect.php

<?php
$host= "host";
$user = "user";
$password = "pass";
$db = "db";

$con = new mysqli($host, $user, $password, $db);
if ($con->connect_errno) {
  echo "Failed to connect to MySQL: (" . $con->connect_errno . ") " . $con->connect_error;
}
?>

addInfo.php

<?php
require "dbconnect.php";

$stmt = $mysqli->prepare("INSERT INTO userInfo (`username`,`email`,`mobile`) VALUES (?, ?, ?)");
$stmt->bind_param('sss', $_POST["name"], $_POST["email"], $_POST["mobile"]);

if($stmt->execute()) {
  echo "Data inserted successfully!";
} else {
  echo "Error in insertion" . $con->errno;
}
?>

index.php

<!DOCTYPE html>
<html>
  <head>
    <title>Add Information</title>
  </head>
  <body>
    <form action="addinfo.php" method="POST">
      <table>
        <tr>
          <td>Name:</td>
          <td><input type="text" name="name"/></td>
          <td>Email:</td>
          <td><input type="text" name="email"/></td>
          <td>Mobile:</td>
          <td><input type="text" name="mobile"/></td>
        </tr>
      </table>
      <input type ="submit" value="Submit" />
    </form>
  </body>
</html>

III) Quick Start

IV) Have A Look

Community
  • 1
  • 1
Nana Partykar
  • 10,556
  • 10
  • 48
  • 77