How can I pass my user entered information to my database using php?

Question

The users enter their name and number in the textfields. The this information is passed then sent to the data.php file where I am trying to get it to write to my database. The data base name is called hello.

<!-- connect to database -->
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "hello";

// Create connection
 $conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
echo "wooo connected";
}

//<!-- post added information to database -->
if ($_POST['name']) {
 if ($_POST['number']) {

 $sql = "INSERT INTO hello (id, name, number)
VALUES ('', '$_POST['name']', '$_POST['number'')";
if(mysqli_query($conn, $sql)){
echo "Records inserted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
  }
 } 
} ?>

From looking at my code I believe the issue is with this line.

   $sql = "INSERT INTO hello (id, name, number)
VALUES ('', '$_POST['name']', '$_POST['number']')";

There is a blank left at the star for the auto incremented id that I have set in phpmyadmin. I can hard code an entry such as:

$sql = "INSERT INTO hello (id, name, number)
VALUES ('', 'john', '12345)";

These hard coded entries are put into the database but i can't get the user entered data to go in.

Answer 1

Create variables for the $_POST values and add the vars for ease of code understanding:

$name = $_POST['name'];
$number = $_POST['number'];
$sql = "INSERT INTO hello (id, name, number) VALUES ('', $name, $number)";

---

One reason your code may not be working because you have the single quotes around the $_POST values, then you can also do what Jasbeer Rawal recommended.

UPDATE

Based on the kind comments... I would personally take a different approach to adding the data to your database, instead use prepared statements. I use MySQLi, but you can also use PDO.

Start by creating your connection:

<?php
define("HOST", "localhost");
define("USER", "");
define("PASSWORD", "");
define("DATABASE", "");

$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
if ($mysqli->connect_error) {
    echo "There was a slight problem, please contact your webmaster before continuing.";
    exit();
}

Then when the user submits the form handle it:

if(isset($_POST['submit']
{
    $name = $_POST['name'];
    $number = $_POST['number'];

    if ($stmt = $mysqli->prepare("INSERT hello (name, number) VALUES (?, ?)"))
    {
            $stmt->bind_param("ss", $name, $number);
            $stmt->execute();
            $stmt->close();
    }
    else
    {
        echo "ERROR: Could not prepare SQL statement.";
    }
}

This will add $name and $number and your ID role has to be a primary role and set to auto_increment. IDs will be automatically generated.

Answer 2

Remove single quotes from $_POST['name'] and $_POST['number'] as below

$sql = "INSERT INTO hello (id, name, number) 
VALUES ('', $_POST['name'], $_POST['number'])";

Answer 3

You're about to go down a slippery slope using mysqli. I'd recommend trying to learn to use PDO for making queries. Right now, someone could easily put SQL into the name POST data and actually do damage to your database.

Anyways, your problem at hand, you have a missing bracket and one issue:

VALUES ('', '$_POST['name']', '$_POST['number'')";

It won't work as intended with nested single quotes.

VALUES ('', '$_POST[name]', '$_POST[number]')";

Answer 4

Your insert code be like this

$sql = "INSERT INTO hello (id, name, number) 
VALUES ('','{$_POST['name']}', '{$_POST['number']}')";

Then your value will be in database If field id is primary key and auto increment then your insert statement should be like

Try this:

$sql = "INSERT INTO hello ( name, number) 
VALUES ('{$_POST['name']}', '{$_POST['number']}')";