-1

I have a problem, while am connecting phpmyadmin database from my php. The below code is for form, 

<div id="wb_element_instance53" class="wb_element">
  <form class="wb_form wb_mob_form" method="post"><input type="hidden" name="wb_form_id" value="18498be5"><textarea name="message" rows="3" cols="20" class="hpc"></textarea>
    <table>
      <tr>
        <th class="wb-stl-normal">Name&nbsp;&nbsp;</th>
        <td><input type="hidden" name="wb_input_0" value="Name"><input class="form-control form-field" type="text" value="" name="wb_input_0" required="required"></td>
      </tr>
      <tr>
        <th class="wb-stl-normal">Email&nbsp;&nbsp;</th>
        <td><input type="hidden" name="wb_input_1" value="E-mail"><input class="form-control form-field" type="text" value="" name="wb_input_1" required="required"></td>
      </tr>
      <tr class="area-row">
        <th class="wb-stl-normal">Message&nbsp;&nbsp;</th>
        <td><input type="hidden" name="wb_input_2" value="Message"><textarea class="form-control form-field form-area-field" rows="3" cols="20" name="wb_input_2" required="required"></textarea></td>
      </tr>
      <tr class="form-footer">
        <td colspan="2"><button type="submit" class="btn btn-default">Submit</button></td>
      </tr>
    </table>
  </form>
  <script type="text/javascript">

Then, i tried to connect phpmyadmin database using php code below,

<?php
/*
$connect=mysqli_connect('localhost','root','','Contact_db') ;

if(mysqli_connect_errno($connect))
{
        echo 'Failed to connect';
}

// create a variable

if (isset($_POST['name'])) {
    $name = $_POST['name'];
}

if (isset($_POST['email'])) {
    $email = $_POST['email'];
}
if (isset($_POST['message'])) {
    $message = $_POST['message'];
}



$sql ="INSERT INTO contac_ds ('Name','email','message') VALUES ('$name','$email,'$message')";

//Execute the query

mysqli_query($connect,$sql);

?>

But, the above showing the error:

Notice: Undefined variable: name in this line "$sql ="INSERT INTO contac_ds ('Name','email','message') VALUES ('$name','$email,'$message')";"
Notice: Undefined variable: email in in this line "$sql ="INSERT INTO contac_ds ('Name','email','message') VALUES ('$name','$email,'$message')";"
Notice: Undefined variable: message in in this line "$sql ="INSERT INTO contac_ds ('Name','email','message') VALUES ('$name','$email,'$message')";"
Barmar
  • 741,623
  • 53
  • 500
  • 612
deepanraj pounraj
  • 11

5 Answers5

3

What if the isset() fails?? Repair: have a $sql only if the params are set..

if (isset($_POST['name']) && isset($_POST['email']) &&   isset($_POST['message']) ){

    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $sql ="INSERT INTO contac_ds ('Name','email','message') VALUES ('$name','$email,'$message')";

    //Execute the query

    mysqli_query($connect,$sql);
}
Refugnic Eternium
  • 4,089
  • 1
  • 15
  • 24
Smit Thakkar
  • 64
  • 2
  • As I've already stated in my answer, he should also take care to escape the parameters properly to avoid SQL injections. – Refugnic Eternium Jul 13 '17 at 10:43
  • 1
    @deepanraj pounraj : Replace name with wb_input_0 , email with wb_input_1 and message with wb_input_2. This is the name that you have used in your form and hence will be for $_POST. – Gyan Jul 13 '17 at 10:52
3

The problem is that $_POST search for name of the input. You name is wb_input_0, try this:

if (isset($_POST['wb_input_0'])) {
      $name = $_POST['wb_input_0'];
  }

And the same for email and message. However i would not advice to name inputs like that

caryarit ferrer
  • 326
  • 3
  • 12
0

try this:

$email ='';
$name ='' ;
$message ='';
print_r($_POST);//to review is all vars in form.
if (isset($_POST['name'])) {
    $name = $_POST['name'];
}

if (isset($_POST['email'])) {
    $email = $_POST['email'];
}
if (isset($_POST['message'])) {
    $message = $_POST['message'];
}
Álvaro Touzón
  • 1,247
  • 1
  • 8
  • 21
  • This seems wrong. If the parameters are not set, he should just skip the whole `INSERT`, not insert an empty row. – Barmar Jul 13 '17 at 10:39
  • @Barmar Yes, you are of course correct, but if you check the code again, you'll also notice that he isn't escaping the input either, so he's clearly a rookie. Let's just help him take flight one step at a time, ok? ;) – Refugnic Eternium Jul 13 '17 at 10:40
  • @Barmar, yes the code is basic, it must be the void in mysl definition as value default., And use a query generation, in base of paramseters recived. – Álvaro Touzón Jul 13 '17 at 10:41
0
if (isset($_POST['name'])) {
    $name = $_POST['name'];
}else{
    $name = '';
}

if (isset($_POST['email'])) {
    $email = $_POST['email'];
}else{
    $email = '';
}

if (isset($_POST['message'])) {
    $message = $_POST['message'];
}else{
    $message = '';
}
Vivek
  • 1
  • 1
0

Do yourself a favour and prepare your statement:

$sql ="INSERT INTO contac_ds ('Name','email','message') VALUES (?,?,?)";
$stmt = mysqli_prepare($connect, $sql);
$name="";
if (isset($_POST['name'])) {
    $name = $_POST['name'];
}
$email="";
if (isset($_POST['email'])) {
    $email = $_POST['email'];
}
$message="";
if (isset($_POST['message'])) {
    $message = $_POST['message'];
 } 

mysqli_stmt_bind_param($stmt,"sss",$name,$email,$message);
mysqli_stmt_execute($stmt);

Note that your current $_POST won't have those fields because your named them differently (and twice) so you also need to fix that.

apokryfos
  • 38,771
  • 9
  • 70
  • 114