1

This is my code, i have used almost the exact the same before and it worked. I have looked at the other answered questions without getting it to work.

The 'template.php' holds access to the sql database that has worked on all other pages. At the end is a image of the table

<?php
include_once('template.php');
if (isset($_POST['username']) and isset($_POST['password'])) {
    $name = $mysqli->real_escape_string($_POST['username']);
    $pwd = $mysqli->real_escape_string($_POST['password']);
    $query = <<<END
INSERT INTO outlets(device_name,description,id_r)
VALUES('{$_POST['device_name']}','{$_POST['description']}','{$_POST['id_r']}')
END;
    if ($mysqli->query($query) !== TRUE) {
        die("Could not query database" . $mysqli->errno . " : " . $mysqli->error);
        header('Location:index.php');
    }
}
$content = <<<END
<form method="post" action="add_device.php">
<input type = "text" name="device_name" placeholder="Device Name"><br>
<input type="text" name="description" placeholder="Description"><br>
<select name="id_r">
  <option value="1">Living Room</option>
  <option value="2">Bedroom</option>
  <option value="3">Kitchen</option>
  <option value="4">Bathroom</option>
</select>
<input type="submit" value="Register">
<input type="Reset" value="reset">
</form>
END;
echo $content;
?>

enter image description here

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
ksilfver
  • 11
  • 1
  • Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly May 13 '17 at 12:21
  • Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. – RiggsFolly May 13 '17 at 12:21
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly May 13 '17 at 12:22

0 Answers0