-2

I have to inject data into my SQL table but I have a problem, when I fill the forms and press submit button the page redirects me to my php file, also the tables are empty so no data is injecting, this is my code:

Shivkumar kondi
  • 6,458
  • 9
  • 31
  • 58
kevin
  • 1
  • 1
  • Thanks and sorry for the formatting. – kevin Jan 17 '17 at 15:10
  • 4
    1) Don't use pictures of your code, post the *actual* code as text. 2) Don't put it elsewhere with a link to it, put it in your question. – Qirel Jan 17 '17 at 15:11
  • General PHP error-reporting can be helpful, put `error_reporting(E_ALL);` `ini_set('display_errors', 1);` at the top of your file, directly after ` – Qirel Jan 17 '17 at 15:14
  • @kevin please edit your post and add your code as text using the format button which looks like this `{}` – goto Jan 17 '17 at 15:15
  • [**Please, don't use `mysql_*` functions in new code**](http://stackoverflow.com/q/12859942). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://php.net/mysql-connect)? Learn about [*prepared statements*](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) can help you decide which. – Qirel Jan 17 '17 at 15:16

2 Answers2

0

This is my answer which is working, similar to yours using different methods for a project getting form data from one page and storing data through a php page, as shown below. It may not be clean coding but hopefully it serves as help to you. Hope it helps!

<?php
// Credentials
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "databasename";

// Connect to Server
$conn = new mysqli($servername, $username, $password, $dbname);
// Check Connection
if($conn->connect_error)
{
    die('Could not Connect to Server: ' . $conn->connect_error);
}

// insert your forms submit name in replacement of form_submitname
if(isset($_POST['form_submitname'])) 
{
    $Topic = ($_POST['Topic']);
    $Name = ($_POST['Name']);
    $Attendance = ($_POST['Attendance']);

// Insert your database Table name in replacement of Table_Name
$sql= "INSERT INTO Table_Name(Topic, Name, Attendance)
VALUES ('$Topic', '$Name', '$Attendance')";

// echos back your records and values to display on PHP screen
if ($conn->query($sql) === TRUE)
{
    echo "<h1> New Record Created</h1>";
    echo "<br><br> Topic= " . $Topic;
    echo "<br> Name= " . $Name;
    echo "<br> Attendance= " . $Attendance;

}else{
    echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>

This is something that I have tried and works on my Database Insertion project but is in no way complete, or the best way to do it, but is a start if you wish to try it, and perhaps others to improve as needed.

Brett Roberts
  • 33
  • 8
0

First things First mysql_* functions are depreciated and are no longer support in the latest php versions, You should make the php Manuel your best friend, please use mysqli or PDO with prepared statements.

If you are still learning php better start using prepared statements... You can either use mysqli prepared or PDO.

Option 1 Mysqli

Your html:

<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>


    <form method="POST" action="insertform.php">

        Topic : <input type="text" name="topic"><br>
        Name   : <input type="text" name="name"><br>
        Attendance : <input type="text" name="attendance"><br>

        <button type="submit" name="submit">Submit</button>


    </form>

</body>
</html>

Then your insertform.php

<?php
$servername = "localhost";
$username   = "root";
$password   = "";
$dbname     = "kevintesting";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}


if (isset($_POST['submit'])) {


    $topic      = $_POST['topic'];
    $name       = $_POST['name'];
    $attendance = $_POST['attendance'];

    // prepare and bind
    $stmt->$conn->prepare("INSERT INTO testformulario (Topic,Name,Attendance) VALUES (?,?,?)");
    $stmt->bind_param("sss", $topic, $name, $attendance);

    if ($stmt->execute()) {

        echo "New records created successfully";
    } else {

        echo "No insert";
    }

    $stmt->close();
    $conn->close();
}
?>

There you go very easy with prepared statements.

Hope this helps.

Edits :

The question marks (?) in the query above are placeholders, that we use to prevent sql injections.

bind_param() function this the parameters to the SQL query and tells the database what the parameters are. The "sss" argument lists the types of data that the parameters are. The s character tells mysql that the parameter is a string. telling mysql what type of data to expect, we minimize the risk of SQL injections.

NB : When you insert any data from external sources (like user input from the form in your case), it is very important that the data is sanitized and validated. Always treat User input as if its from a very dangerous hacker

Option 2 with PDO

<?php
$servername = "localhost";
$username   = "root";
$password   = "";
$dbname     = "kevintesting";


try {

    $dbh = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


}
catch (PDOException $e) {

    error_log("Could not connect" . $e->getMessage());

}



if (isset($_POST['submit'])) {


    $topic      = $_POST['topic'];
    $name       = $_POST['name'];
    $attendance = $_POST['attendance'];

    // prepare and bind

    try {

        $stmt = $dbh->prepare("INSERT INTO testformulario (Topic,Name,Attendance) VALUES(?,?,?)");

        if ($stmt->execute(array(
            $topic,
            $name,
            $attendance
        ))) {

            echo "Success";
        } else {

            echo "Fail "; // then check your error log
        }

    }
    catch (PDOException $e) {

        error_log($e->getMessage());

    }

}

?>
Masivuye Cokile
  • 4,754
  • 3
  • 19
  • 34