1

I'm a newbie so please be patient I'd like to create an HTML form that adding DATA to MariaDB. Just basic! But I'm not able to

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 
Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<meta charset="utf-8" />
<head>
<title>PAGINA CARICAMENTO DATI</title>
</head>

<body>
<table border="0">
  <tr>
    <td align="center">Inserisci i dati richiesti</td>
  </tr>
  <tr>
    <td>
      <table>
        <form method="post" action="input.php">
        <tr>
          <td>Nome</td>
          <td><input type="text" name="name" size="20">
          </td>
        </tr>
        <tr>
          <td>Cognome</td>
          <td><input type="text" name="surname" size="20">
          </td>
        </tr>
         <tr>
          <td>Città</td>
          <td><input type="text" name="city" size="20">
          </td>
        </tr>
        <tr>
          <td></td>
          <td align="right"><input type="submit" 
          name="submit" value="Sent"></td>
        </tr>
        </form>
        </table>
      </td>
    </tr>
</table>
</body>
</html>

AND the PHP part is:

<?php
$host='localhost';
$user='root';
$password='password';
$database='esempio';

$connection = mysqli_connect($host,$user,$password,$database);
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}


$name = $_POST['name'];
$surname = $_POST['surname'];
$city = $_POST['city'];

printf($name);
printf($surname);
printf($city);

$sql="INSERT INTO people (ID,Name,Surname,City)VALUES(default,$name,$surname,$city)";
printf($sql);
if(!mysqli_query($connection,$sql)){ 
printf("Errore: %s\n",mysqli_error($connection));
}
mysqli_close($connection);
?>

MAriaDB have 4 columns:

  1. ID Index int(11) No None AUTO_INCREMENT Change Change Drop Drop
  2. Name tinytext utf8_general_ci No None Change Change Drop Drop
  3. Surname tinytext utf8_general_ci No None Change Change Drop Drop
  4. City tinytext utf8_general_ci No None Change Change Drop Drop
Pietro Ottati
  • 37
  • 4
  • What error are you receiving and on what line? – Sam Orozco Nov 04 '16 at 23:20
  • Unknown column 'pippo' in 'field list' – Pietro Ottati Nov 04 '16 at 23:23
  • Can you post the line that is saying the error is occuring at – Sam Orozco Nov 04 '16 at 23:26
  • Strings need to be quoted (`default,$name,$surname,$city`). You also are open to SQL injections. You can fix both issues with parameterized queries. – chris85 Nov 04 '16 at 23:34
  • @PietroOttati answer posted over 1/2 hour ago; no response. You need to comment if something is still not working and I've made a few edits to my answer below. – Funk Forty Niner Nov 05 '16 at 00:07
  • Please avoid posting large blocks of code. As large parts are likely not relevant, it only makes the question harder to read. Current/Expected output and data samples are also appreciated. I'd advise reading this: [How do I ask a good question](http://stackoverflow.com/help/how-to-ask) – CmdrSharp Nov 05 '16 at 05:30
  • @Fred I'm sorry but here probably a different time zone. I was sleeping. ;) – Pietro Ottati Nov 05 '16 at 08:46
  • @CmdrSharp I'm sorry but as I told at the very beginning of my post I'm a newbie in this phase everything seems important so I posted the all code. I know that is not a good thing and I'm really sorry but yesterday after 2h of test I didn't quite catch the problem so I decided to post the all code... XD I'll do better ASAP – Pietro Ottati Nov 05 '16 at 08:50
  • @PietroOttati *ah si, dimenticato (scusi) sei in Italia.* Did you consult my answer below? That should have fixed it for you. If not, let me know if you are getting any errors. – Funk Forty Niner Nov 05 '16 at 13:36
  • @Fred -ii- Your Italian is quite good XD. Thank you so much your answer was really helpful. – Pietro Ottati Nov 05 '16 at 13:53
  • @PietroOttati grazie mille! Studiare la vostra lingua per un anno adesso, e prego :-) – Funk Forty Niner Nov 05 '16 at 13:58
  • Studiare la vostra lingua per un anno adesso, e prego :-) --> It's better in this way. Ho studiato la vostra lingua per un anno, comunque prego. Because I think you want to say somethig like "you're welcome" just to answer my previous "thank you" don't you? – Pietro Ottati Nov 05 '16 at 14:06

1 Answers1

1

Strings values require them to be quoted.

VALUES('','$name','$surname','$city')

Note: Since your ID column is an AI, remove the default.

However, this would require you to escape your data for 2 reasons.

  • If any of those values contains characters that MySQL would complain about; i.e.: apostrophes.
  • Open to an SQL injection.

Use a prepared statement instead.

Check for errors on the query also:

And error reporting:

You should also check for empty inputs.

Another thing is to make sure you've made the right choice of column types. tinytext may not be what you want to use here, but will still work; varchar is usually the preferred choice when using string literals.

Consult:

HTML stickler:

  • <form> cannot be child of <table>.
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Hi @Fred -ii- your code work perfectly, but now of course I'm going to study your link so I can Improve my code. Could you suggest any book or other sources for me? Just please considering that I really need a low level approach. – Pietro Ottati Nov 05 '16 at 13:52
  • @PietroOttati This site has a lot of good things in there http://www.mysqltutorial.org/mysql-prepared-statement.aspx and follow the other links in there. – Funk Forty Niner Nov 05 '16 at 13:57
  • Did it work? I'm sorry I know I have to learn so much. But Anyway I didn't mean to use an incorrect netiquette. – Pietro Ottati Nov 05 '16 at 14:03
  • @PietroOttati Yes it did Pietro, grazie, tutto è molto bene ;-) benvenuto a Stack :-) – Funk Forty Niner Nov 05 '16 at 14:06