updating SQL from PHP/HTML form

Question

Im trying to update a table with info from a form. I have one that works in a different file for table in the same database. My version just will not enter data into the table. I feel like I've edited/copied it correctly, I'm very much a noob and feel like there may be an obvious answer but i just cant see it. I've check similar questions but no luck.

<?php include "connect.php";?>

<!DOCTYPE html>
<html lang="en">


<head>
    <meta http-equiv="Content-Type" content= "text/html; charset=UTF-8"/> 
    <title>Blooming Flowers - Registration</title>
    <link rel="stylesheet" href="css/style.css" type="text/css">

</head>


<?php include "header.php"; ?>
<?php include "form.php"; ?>
<body>



        <?php include "processform.php" ; ?>

        </td>

        </tr></table>


    <?php include "footer.php"; ?>





</body>

I can narrow the problem down to either my form.php file or processform.php file but not sure why they dont work

form.php

        <td>

        <div class="form">
        <form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
            <fieldset>

                <h3>Personal Details</h3><br>

                <label>Title:

                    <select name="titles">
                        <option value="mr">Mr.</option>
                        <option value="mrs">Mrs.</option>
                        <option value="ms">Ms.</option>
                        <option value="Dr">Dr.</option>
                    </select></label>

                    <p>
                        <label for="firstName"> First Name:</label>
                        <input type="text" name="user_first" id="user_first" size="40" maxlength="60" required/>
                    </p>

                    <p>
                        <label for="lastName">Last Name:</label>
                        <input type="text" name="user_last" id="user_last" size="40" maxlength="60" required/>
                    </p>



                    <p>
                        <label for="password"> Password:</label>
                        <input type="password" name="user_pass" id="user_pass" size="40" maxlength="60" required/>
                    </p>

                    <p>
                        <label for="confirmPass"> Confirm Password:</label>
                        <input type="password" name="" id="" size="40" maxlength="60" required/>
                    </p>

            </fieldset><!--name fieldset closed-->

            <fieldset>

                <h3> Delivery Details</h3><br>

                    <p>
                        <label for="streetAddress"> Street:</label>
                        <input type="text" name="user_street" id="user_street" size="40" maxlength="60" required/>
                    </p>

                    <p>
                        <label for="city"> City:</label>
                        <input type="text" name="user_city" id="user_city" size="40" maxlength="60" required/>
                    </p>

                    <p>
                        <label for="postcode"> Postcode:</label>
                        <input type="text" name="user_post" id="user_post" size="40" maxlength="60" required/>
                    </p>

                    <p>
                        <label for="email"> E-Mail:</label>
                        <input type="email" name="user_email" id="user_email" size="40" maxlength="60" required/>
                    </p>

                    <p>
                        <label for="confirmEmail"> Confirm E-Mail:</label>
                        <input type="email" name="" id="" size="40" maxlength="60" required/>
                    </p>


            </fieldset><!-- fieldset closed-->



            <br><input class="link-button-pagemenu" name="submit" type="submit" value="Register">

        </form><!--form closed-->

    </div><!-- form div closed-->

processform.php

<?php


if (isset($_POST['submit'])){

  $user_first=      '';  
  $user_last =      '';
  $user_pass =      '';
  $user_street =    '';
  $user_city =      '';
  $user_post =      '';
  $user_email =     '';

  if (!empty($_POST['user_first'])){
  $user_first = $_POST['user_first'];
  }
  if (!empty($_POST['user_last'])){
    $user_last = $_POST['user_last'];
  }

  if (!empty($_POST['user_pass'])){
$user_pass = $_POST['user_pass'];
  }

  if (!empty($_POST['user_street'])){
   $user_street = $_POST['user_street'];
  }

   if (!empty($_POST['user_city'])){
$user_city = $_POST['user_city'];
  }

   if (!empty($_POST['post'])){
$user_post = $_POST['user_post'];
  }

   if (!empty($_POST['user_email'])){
$user_email = $_POST['user_email'];
  }

  $query = "insert into flower (user_first, user_last, user_pass, user_street, user_city, user_post, user_email) 
values('$user_first', '$user_last',     '$user_pass', '$user_street', '$user_city', '$user_post', '$user_email')";

  mysqli_query($connect, $query);
}


?>

my database table is called flower and has userID (PK), user_first, user_last, user_pass, user_street, user_city, user_post, user_email,

*"updating SQL from PHP/HTML form"* - to update a table, you need to use `UPDATE`. Yet you talk about INSERTing; something doesn't match here. — Funk Forty Niner, Mar 16 '17 at 16:54
*"My version just will not enter data into the table."* - MySQL's complaining about something but you're not checking for errors as to why that is. `mysqli_error($connect)` on the query and php's error reporting. Viewing HTML source and `var_dump()` are additional debugging tools. — Funk Forty Niner, Mar 16 '17 at 16:58
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Mar 16 '17 at 17:01
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Mar 16 '17 at 17:02
Just review anything you have learned from the very beginning. You have fundamendal errors and flaws in your code that could be resolved with carefully reading some docs. It's not about an answer to your current issue (the other guys I think already answered), but about developing a solid foundation in PHP, where you will know exactly what you're doing. Otherwise you'll fall sooner or later to new (trivial perhaps) issues. Also please, if you downvote a question, especially from a newbie, left him a comment in order to improve it. — Arkoudinos, Mar 16 '17 at 17:12
Thanks everyone, I knows theres more than a few problems with the code, its a work in progress just had trouble at the first hurdle with the table, I should have said INSERT not UPDATE too sorry. All fixed now. — Bren, Mar 16 '17 at 17:43

score 2 · Accepted Answer · edited Mar 16 '17 at 17:03

2

You are basically not posting your data to your processform.php file. Using <?php echo $_SERVER['PHP_SELF']; ?> in your action, will make the page post to itself, which mean, it's gonna be posted to your form.php file, not processform.php.

Change your form action to use the processform.php and then you should hit your query and get data into your database.

Maybe you can go here and also read a bit on global php variables:

http://php.net/manual/en/language.variables.superglobals.php

Hope this help you :)

edited Mar 16 '17 at 17:03

Funk Forty Niner

74,450
15
68
141

answered Mar 16 '17 at 16:57

Marc-Andre R.

658
7
23

Cheers for the help. – Bren Mar 16 '17 at 17:41
No problem. And I would definitely follow the advices of @jay-blanchard about fixing you SQL Injection flaw in your code. You'll thank us later for that :) – Marc-Andre R. Mar 16 '17 at 17:44

updating SQL from PHP/HTML form

1 Answers1