-1

im trying to send Value from one page to another using the method POST, where the name of the database is "firstdb" , and the table named as "TAB1". and here is my code:

the first page named as "addStud.php". the code is :

<html>
<body>

<form action= "addStud_D.php" method="POST">

<center>
<fieldset>
Last Name : <input type = 'text' name ='LName'>
</br> </br>

First Name : <input type = 'text' name = 'FName'>
</br></br>

 Date of birth : <input type = 'text' name = 'dat'>
</br></br>
<input type='submit' value='OK'>

</fieldset>
</center>
</form>

</body >
</html>

The second page that receive data named as "addStud_D.php". the code is: 

<html>
<body>

<?php

$V1 = $_POST['LName'];
$V2 = $_POST['FName'];
$V3 = $_POST['dat'];

$db=mysql_connect('127.0.0.1','root','','firstdb')
  or die('error connecting to MySQL server.');

 mysql_select_db('firstdb');
mysql_query("INSERT INTO `firstdb`.`TAB1` (`ID`, `Last_Name`, `First_Name`,`date`)
  VALUES (NULL,'$V1','$V2', '$V3')");

?>

</body>
</html>

still. this method is not working and here is the error:

Notice: Undefined index: LName in D:\Computer Scince\Web\EasyPHP-5.3.3.1\www\APP04\addStud_D.php on line 6

Notice: Undefined index: FName in D:\Computer Scince\Web\EasyPHP-5.3.3.1\www\APP04\addStud_D.php on line 7

Notice: Undefined index: dat in D:\Computer Scince\Web\EasyPHP-5.3.3.1\www\APP04\addStud_D.php on line 8
Simo Os
  • 149
  • 10
  • first question are both the files in the same directory?? – Exprator Jul 17 '17 at 08:15
  • 1
    Correct the spelling of Method. – Saquib Lari Jul 17 '17 at 08:16
  • and change the methode to method in the html – Exprator Jul 17 '17 at 08:16
  • Another problem is you are making a connection with MYSQLi extension and then selecting DB with MYSQL extension which is now deprecated. Kindly read the tutorials and article to learn – Saquib Lari Jul 17 '17 at 08:17
  • Consider using an IDE that recognizes the mistakes in the HTML it will save you lots of time – Accountant م Jul 17 '17 at 08:19
  • u don't need to use select_db() function . as u are already given it in connect function. and replace the spelling of methode to method. and use mysqli instead of mysql – Pavan Kumar Jul 17 '17 at 08:20
  • Give the name to the button and check it in your php page using if isset() function but the post variables with in this if statement and try to echo somthing to see if it submit the form in a right way. And also change the methode to method in the form tag – Osama Jul 17 '17 at 08:23
  • Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. – RiggsFolly Jul 17 '17 at 08:37

2 Answers2

0

change spelling of methode="POST" to method="POST", rest of your code has some problem as well, for that you should read about prepared statements, those are efficient when handling user input.

ref: tutorial

Talha Abrar
  • 880
  • 8
  • 22
  • No...!! It's not correct. He first make the connection with MYSQLi extension and then selecting DB again, and executing the query with MYSQL extension ??? How the rest of code is correct ???? – Saquib Lari Jul 17 '17 at 08:21
  • For that purpose, i referred him that PDO tutorial. :) – Talha Abrar Jul 17 '17 at 08:27
  • 1
    Thats better. But for future try to avoid w3school work, Its a spoiler. Trust me I used to follow that all the time and now when I have to get along with the PHP community, I face many problems. Regarding to standards, security and the right way to code. – Saquib Lari Jul 17 '17 at 08:31
  • _rest of your code is correct_ No it is not – RiggsFolly Jul 17 '17 at 08:34
0

In the first page, you should change 'methode' to 'method'.

Second page:

<html>
<body>

<?php

$servername    = "localhost";
$username = "root";
$password = "";
$dbname   = "firstdb";
$conn     = new mysqli($servername, $username, $password, $dbname);

$V1 = isset($_POST['LName']) ? mysqli_real_escape_string($conn, $_POST['LName']) : '';
$V2 = isset($_POST['FName']) ? mysqli_real_escape_string($conn, $_POST['FName']) : '';
$V3 = isset($_POST['dat']) ? mysqli_real_escape_string($conn, $_POST['dat']) : '';


if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql
    = "INSERT INTO firstdb (id, last_name, first_name, date)
VALUES ('', '" . $V1 . "', '" . $V2 . "', '" . $V3 . "')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
Kiddo
  • 913
  • 2
  • 9
  • 13
  • Better than the rest, but you have still left this script wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jul 17 '17 at 08:35
  • Changed :) Thanks. – Kiddo Jul 17 '17 at 08:42
  • 1
    Sorry, but i still think my code is ok how it is right now. – Kiddo Jul 17 '17 at 08:47
  • `"INSERT INTO firstdb (last_name, first_name, date) VALUES (?,?,?)";` + bind_param – RiggsFolly Jul 17 '17 at 09:06