form didnt working with mysql

Question

this is the html

<form action="addadd.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
    <p>
        First Name<br>
        <label for="firstname"></label>
        <input type="text" name="firstname" id="firstname" />
    </p>
    <p>
        Last Name<br>
        <label for="lastname"></label>
        <input type="text" name="lastname" id="lastname" />
    </p>
    <p>
        Mobile<br>
        <label for="mobile"></label>
        <input type="text" name="mobile" id="mobile" />
    </p>
    <p>
        Email<br>
        <label for="email"></label>
        <input type="text" name="email" id="email" />
    </p>
    <p>
        <input type="submit" name="button" id="button" value="Submit" /> 
        <input type="reset" name="button3" id="button3" value="Reset" />
    </p>
</form>

This is the php

database connection

<?php
$con = mysql_connect("localhost","root","");
if(!$con)
{
die("connection to database failed".mysql_error());
}
$dataselect = mysql_select_db("qoot",$con);
if(!$dataselect)
{
die("Database namelist not selected".mysql_error());
}
?>


<?php 
    $unm = $_SESSION['name']; 
    $fname=$_POST['firstname']; 
    $lname=$_POST['lastname']; 
    $ema=$_POST['email'];
    $mob=$_POST['mobile'];
?>



<?php 
    $qry=mysql_query("INSERT INTO address( firstname, lastname, mobile, email)VALUES('$fname',$lname','$ema','$mob')", $con);
?>

Now the problem is that this is inserting nothing in to my database.
What else can i try in order to check where things go wrong? updated database connection details

first off: stop using the mysql api and use the mysqli (mysql improved) or PDO instead. Second: Never put unescaped user input (get, post etc) into a query like that, use prepared statements or escape the values! Third: Show errors or explain what is not working, also show the html code for the form. — Jite, Feb 14 '17 at 07:03
Unescaped data into a query opens up for sql-injection attacks, which is a bad thing. the `mysql` api is deprecated and is not even present in newer versions of php. — Jite, Feb 14 '17 at 07:04
Please edit question and add code there rather than new comments. — Jite, Feb 14 '17 at 07:17
@RiyAsMuhaMmed is the db connection code above in a different page? — affaz, Feb 14 '17 at 07:17
@RiyAsMuhaMmed your php code doesnt show the connection code..pls update that too — affaz, Feb 14 '17 at 07:32
Add error checking to the end of the `mysql_query()` line: `$qry = mysql_query(...) or die(mysql_error());` — Barmar, Feb 14 '17 at 17:08

score 0 · Accepted Answer · edited May 23 '17 at 12:17

0

Place your tablename address in backticks

Using mysqli_

  <?php
/start session
session_start();
//establish connection
$con = mysqli_connect("localhost","root","","qoot");
if(!$con)
{
die("connection to database failed".mysqli_error($con));
}
     //read the values from form
    $unm = $_SESSION['name']; 
    $fname=$_POST['firstname']; 
    $lname=$_POST['lastname']; 
    $ema=$_POST['email'];
    $mob=$_POST['mobile'];
?>



<?php 
   //insert to database
    $qry=mysqli_query($con,"INSERT INTO `address` ( firstname, lastname, mobile, email)VALUES('$fname',$lname','$ema','$mob')") or die(mysqli_error($con));
?>

P.S I'd say you are at risk of mysql injection, check here How can I prevent SQL injection in PHP?. You should really use prepared statements to avoid any risk.

edited May 23 '17 at 12:17

Community

1
1

answered Feb 14 '17 at 07:52

affaz

1,191
9
23

there is no errors, but nothing is updated in database. – RiyAs MuhaMmed Feb 14 '17 at 08:08
echo the values of firstname,lastname,email and mobile before insert query – affaz Feb 14 '17 at 08:10
now iam using my sqli, but now warning mysqli_query() expects at least 2 parameters, 1 given in C:\wamp\www\qoot\addadd.php on line 64 – RiyAs MuhaMmed Feb 14 '17 at 08:21
it needs a database connection string and your query. e.g mysqli_query ($db_connect, $sql); – sbowde4 Feb 14 '17 at 08:24
sorry, its not working. i think there is problem with inserting data – RiyAs MuhaMmed Feb 14 '17 at 13:18
If you're going to show how to switch to mysqli, you should also show how to write it using a prepared statement to prevent SQL injection. – Barmar Feb 14 '17 at 17:03
The first line of the answer says to put the table name in backticks. Where are the backticks? But `address` isn't a reserved word, so it doesn't need to be escaped like that. – Barmar Feb 14 '17 at 17:06
@Barmar Oh..i forgot to correct it in the answer..I know its not a reserved word but the error is probably in the query..so just mentioned to clear it out. – affaz Feb 15 '17 at 03:58
@Barmar I converted OP's current code to mysqli_ so it would be easy for him to understand at the beginning. You are right..Il edit it that way too – affaz Feb 15 '17 at 04:00
@Barmar Thanks :) – affaz Feb 15 '17 at 04:00
@RiyAsMuhaMmed Didnt it show any error in the query after adding mysqli_error after insert query – affaz Feb 15 '17 at 04:01
@RiyAsMuhaMmed Update your post with the latest code – affaz Feb 15 '17 at 04:02
the code is working.thanks every one. but when i put the table name as address it didnt works,so i changed the table name.now its working fine. thanks all.thank you barmar , affaz. – RiyAs MuhaMmed Feb 15 '17 at 11:18
@RiyAsMuhaMmed Yes..it wouldnt be a problem if you put backticks in your query for `address` – affaz Feb 15 '17 at 11:28
@RiyAsMuhaMmed Not sure why you got an error from using `address` as the table name. It doesn't have any special meaning. What was the error message? – Barmar Feb 15 '17 at 20:31
@Barmar there is no error message, the values are passing to tables, but it didnt showing in db. – RiyAs MuhaMmed Feb 16 '17 at 09:58
@Barmar please look this. http://stackoverflow.com/questions/42888702/variables-passing-nothing-shows-undefined-variable-error-so-want-to-put-default – RiyAs MuhaMmed Mar 19 '17 at 18:17

form didnt working with mysql

1 Answers1

Linked