0

I'm having trouble with getting my form to send data to my database. I'm currently following a beginner course but the person running it left out some bits and doesn't seem to respond to questions. My site is connected to the database fine and I can call the contents to the site. I also tried echoing the form input to the page after the submit button was set and that works so I think its something with my SQL? All the headings are exactly the same for the inserts and database headers. Any help would be appreciated! Code is below:

<!DOCTYPE html>
<html>
<head>

    <title>New Form</title>
    <script src="js/jquery.js"></script>
    <script src="bootstrap/js/bootstrap.js"></script>
    <link rel="stylesheet" href="bootstrap/css/bootstrap.css">
    <style>
    .my-fixed   { resize: none;
        }
    </style>
</head>
<body>
    <div class="container">
    <h1>Submit Form</h1>
        <form class="form-horizontal" action="form_process.php" method="POST" role="form">
            <div class="form-group">
                <label for="name" class="control-label col-sm-2">Name *</label>
                <div class="col-sm-5">
                    <input type="text" id="name" name="name" class="form-control" placeholder="Full Name" required />
                </div>
            </div>
            <div class="form-group">
                <label for="email" class="control-label col-sm-2">Email *</label>
                <div class="col-sm-5">
                    <input type="email" id="email" name="email" class="form-control" placeholder="Email Address" required />
                </div>
            </div>
            <div class="form-group">
                <label for="subject" class="control-label col-sm-2">Subject *</label>
                <div class="col-sm-5">
                    <input type="text" id="subject" name="subject" class="form-control" placeholder="Add a Subject" required />
                </div>
            </div>
            <div class="form-group">
                <label for="gender" class="control-label col-sm-2">Gender</label>
                <div class="col-sm-2">
                    <select class="form-control" name="gender">
                        <option  value="">Select gender</option>
                        <option value="male">Male</option>
                        <option value="female">Female</option>
                    </select>
                </div>
            </div>
            <div class="form-group">
            <label class="control-label col-sm-2">Skills</label>
            <div class="col-sm-5">
            <label class="checkbox-inline" for="skill1"><input type="checkbox" name="skill1">HTML</label>
            <label class="checkbox-inline" for="skill2"><input type="checkbox" name="skill2">PHP</label>
            <label class="checkbox-inline" for="skill3"><input type="checkbox" name="skill3">CSS</label>
            <label class="checkbox-inline" for="skill4"><input type="checkbox" name="skill4">JavaScript</label>
                </div>
            </div>
            <div class="form-group">
                <label for="country" class="control-label col-sm-2">Country</label>
                <div class="col-sm-2">
                    <select class="form-control" name="country">
                        <option  value="">Select country</option>
                        <option value="ireland">Ireland</option>
                        <option value="uk">UK</option>
                        <option value="france">France</option>
                        <option value="usa">USA</option>
                    </select>
                </div>
            </div>
            <div class="form-group">
                <label for="comments" class="control-label col-sm-2">Comments *</label>
                <div class="col-sm-5">
                    <textarea class="form-control my-fixed" name="comments" id="comments" rows="8" required></textarea>
                </div>
            </div>
            <div class="form-group">
                <label class="control-label col-sm-2"></label>
                <div class="col-sm-5">
                <input type="submit" class="btn btn-default btn-block" name="submit_form" value="Submit form">
                </div>
            </div>
        </form>
    </div>
</body>
</html>

And here is where it goes:

<?php
session_start();
include 'includes/db.php';

if (isset($_POST['submit_form']))   {

    $name = strip_tags($_POST['name']);
    $email = strip_tags($_POST['email']);
    $subject = htmlspecialchars($_POST['subject']);
    $gender = $_POST['gender'];
    $country = $_POST['country'];
    $comments = trim(htmlspecialchars($_POST['comments']));

    if(empty($_POST['skill1'])){
        $_POST['skill1'] = '';

    }
    if(empty($_POST['skill2'])){
        $_POST['skill2'] = '';

    }
    if(empty($_POST['skill3'])){
        $_POST['skill3'] = '';

    }
    if(empty($_POST['skill4'])){
        $_POST['skill4'] = '';

    }

    $ins_sql = "INSERT INTO comments (name, email_address, subject, gender, skill1, skill2, skill3, skill4, country, comments) VALUES ('$name', '$email', '$subject', '$gender', '$_POST[skill1]', '$_POST[skill2]', '$_POST[skill3]', '$_POST[skill4]', $country, $comments )";
    $run_sql = mysqli_query($conn, $ins_sql);

    echo 'Thank You!';
    echo $name, $email, $subject, $gender, $_POST['skill1'], $_POST['skill2'], $_POST['skill3'], $_POST['skill4'], $country, $comments;
} else  {

}

?>
Credmond
  • 1
  • 1
  • 3
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde May 16 '17 at 11:26
  • 4
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde May 16 '17 at 11:26
  • cannot see your `update` query – Rotimi May 16 '17 at 11:27
  • 1
    Find a new tutorial, that one is ancient and insecure. – Rick Calder May 16 '17 at 11:29
  • for checkbox use `isset()` `!isset()` – Masivuye Cokile May 16 '17 at 11:29
  • `, '$_POST[skill4]', $country, $comments )` $country and $comments should have qoutes.. – Raymond Nijland May 16 '17 at 11:29
  • use http://php.net/manual/en/book.pdo.php – Zedex7 May 16 '17 at 11:30
  • Thanks for the help! Completely missed those quotes and didn't know about that error function. – Credmond May 16 '17 at 11:36

0 Answers0