First things First mysql_* functions are depreciated and are no longer support in the latest php versions, You should make the php Manuel your best friend, please use mysqli or PDO with prepared statements.
If you are still learning php better start using prepared statements... You can either use mysqli prepared or PDO.
Option 1 Mysqli
Your html:
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form method="POST" action="insertform.php">
Topic : <input type="text" name="topic"><br>
Name : <input type="text" name="name"><br>
Attendance : <input type="text" name="attendance"><br>
<button type="submit" name="submit">Submit</button>
</form>
</body>
</html>
Then your insertform.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "kevintesting";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['submit'])) {
$topic = $_POST['topic'];
$name = $_POST['name'];
$attendance = $_POST['attendance'];
// prepare and bind
$stmt->$conn->prepare("INSERT INTO testformulario (Topic,Name,Attendance) VALUES (?,?,?)");
$stmt->bind_param("sss", $topic, $name, $attendance);
if ($stmt->execute()) {
echo "New records created successfully";
} else {
echo "No insert";
}
$stmt->close();
$conn->close();
}
?>
There you go very easy with prepared statements.
Hope this helps.
Edits :
The question marks (?) in the query above are placeholders, that we use to prevent sql injections.
bind_param() function
this the parameters to the SQL query and tells the database what the parameters are. The "sss" argument lists the types of data that the parameters are. The s character tells mysql that the parameter is a string. telling mysql what type of data to expect, we minimize the risk of SQL injections.
NB : When you insert any data from external sources (like user input
from the form in your case), it is very important that the data is
sanitized and validated. Always treat User input as if its from a very
dangerous hacker
Option 2 with PDO
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "kevintesting";
try {
$dbh = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
error_log("Could not connect" . $e->getMessage());
}
if (isset($_POST['submit'])) {
$topic = $_POST['topic'];
$name = $_POST['name'];
$attendance = $_POST['attendance'];
// prepare and bind
try {
$stmt = $dbh->prepare("INSERT INTO testformulario (Topic,Name,Attendance) VALUES(?,?,?)");
if ($stmt->execute(array(
$topic,
$name,
$attendance
))) {
echo "Success";
} else {
echo "Fail "; // then check your error log
}
}
catch (PDOException $e) {
error_log($e->getMessage());
}
}
?>