0

This is how the code looks for the insert.php file. Every time I run this code I get the same error that my variables are not defined. Below also you have my index page

        $dbhost = 'localhost';
        $dbuser = 'root';
        $dbpass = 'admin';
        $dbname = 'test_emilian';
        $con = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
        // check the connection
        if ($con->connect_errno){
        die("Failed to connect to MySQL: (" . $con->connect_errno . ") " . $con->connect_error);
        }
        $id = mysqli_real_escape_string($con,$_POST['id']);
        $first = mysqli_real_escape_string($con,$_POST['first']);
        $last = mysqli_real_escape_string($con,$_POST['last']);
        $email = mysqli_real_escape_string($con,$_POST['email']);
        $mobile = mysqli_real_escape_string($con,$_POST['mobile']);
        $date = mysqli_real_escape_string($con,$_POST['date']);
        $gender = mysqli_real_escape_string($con,$_POST['gender']);
        $cnp = mysqli_real_escape_string($con,$_POST['cnp']);
     //made the INSERT duction   


$AddQuery = "INSERT INTO useri (first,last,email,mobile,date,gender,cnp) values ('".$id."','".$first."','".$last."','".$email."','".$mobile."','".$date."','".$gender."','".$cnp."')";

        if (!mysqli_query($con,$AddQuery))
        {echo 'Not Inserted';
        }else{
        echo 'Inserted Successfully';
        }

This is where I have defined the variables

        echo "<tr><form action=insert.php method = post>";
        echo "<tr>";
        echo "<td><input type=text name =first></input></td>";
        echo "<td><input type=text name =last></input></td>";
        echo "<td><input type=text name =email></input></td>";
        echo "<td><input type=text name =mobile></input></td>";
        echo "<td><input type=text name =date></input></td>";
        echo "<td><input type=text name =gender></input></td>";
        echo "<td><input type=text name =cnp></input></td>";
        echo "<td><input type=submit name =add value = add>" ."</td</tr>";
        echo "</form>";
        echo "</table>";
        ?>

at the end is not inserting anything.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Emil
  • 1
  • 2
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 12 '17 at 21:11
  • Name attributes must be quoted `name="email"` – Jay Blanchard Jul 12 '17 at 21:13
  • `input` tags are self-closing, no `` needed. – Jay Blanchard Jul 12 '17 at 21:13
  • thanks for our advice, made the changes but still nothing! – Emil Jul 12 '17 at 21:19
  • So I ve done all the modifications and still not connecting?PLEASE heeelp!! – Emil Jul 12 '17 at 21:28
  • Run print_r($_POST); in insert.php and see what the output is. – Kevin P Jul 12 '17 at 21:29
  • Have you taken the form out of the table? Did you read and follow the links I closed your question with? – Jay Blanchard Jul 12 '17 at 21:29
  • I don't see any field named id .. try removing `$id = mysqli_real_escape_string($con,$_POST['id']);` – Kevin P Jul 12 '17 at 21:30
  • @KevinP //when I run that it gave me this: Array ( [first] => sa [last] => [email] => [mobile] => [date] => [gender] => [cnp] => [add] => add ) Not Inserted – Emil Jul 12 '17 at 21:32
  • Let's see what the error is Add this to the first condition if it fails `echo mysqli_error($con);` – Kevin P Jul 12 '17 at 21:33
  • I have removed the field: $id = mysqli_real_escape_string($con,$_POST['id']); and still the same – Emil Jul 12 '17 at 21:33
  • it gives me this: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') values ('sas','','','','','','')' at line 1 – Emil Jul 12 '17 at 21:36
  • Remove '".$id."', from VALUES, your column count doesn't match your value count. – Kevin P Jul 12 '17 at 21:37
  • removed id from values, run again the echo mysqli_error($con); and now it says: Incorrect date value: '4' for column 'date' at row 1. How to bypass that? – Emil Jul 12 '17 at 21:40
  • You can't insert 4 into a date column, either skip inserting data into that column or make sure it's a valid date in Y-m-d format. – Kevin P Jul 12 '17 at 21:42
  • Sorry for that is my mistake, tried to run again the and still says undefined index :( – Emil Jul 12 '17 at 21:48
  • it appears an error for all indexes such as: first,last,email, mobile... – Emil Jul 12 '17 at 21:51
  • do you have a skype acc?we can chat there – Emil Jul 12 '17 at 21:53

0 Answers0