-3

Phpmyadmin (xampp for Windows) will not save data from perfectly good PHP and HTML code:

<html>
    <?php
        $news = $_POST['news'];
        $con = mysql_connect['127.0.0.1','root',''];
        mysql_select_db($con, 'chidon')
        $select="INSERT INTO `news`(`news`) VALUES ([$news]";
        mysql_query($con, $select);
    ?>
    <head>
    <meta charset="utf-8">
    </head>
    <body>
        <form action='webpage.html' method="POST">
        <div>
        <h4>News:</h4><input type="text" name="news">
        <input type="submit" name="submit" value="SUBMIT">
    </body>
</html>

So please help me because it's very frustrating... Thanks.

Abe
  • 1,357
  • 13
  • 31
Moishy Goldstein
  • 1
  • 2
  • 3
    "perfectly good" except for the glaring syntax errors, SQL injection vulnerability, complete lack of error handling, use of deprecated functions, and *incorrect* use of those functions... – David Sep 19 '17 at 01:15
  • `action='webpage.html'` that's where the problem starts, then you have more errors, too many actually. – Funk Forty Niner Sep 19 '17 at 01:15
  • 3
    I'm voting to close this question as off-topic because there are far too many syntax errors made. – Funk Forty Niner Sep 19 '17 at 01:17
  • Ok, I'll stop editing that first comment. Every time I look back at this "perfectly good code" more errors become evident. Start with *any* introductory tutorial on PHP and MySQL. And drop the assumption that everything you do is perfect. – David Sep 19 '17 at 01:18
  • 1
    I'm tempted to rewrite the title to "Code abundant in syntax errors does not store to database for some reason. No error_reporting enabled." to make it at least searchable for future users. – mario Sep 19 '17 at 01:37
  • **WARNING**: If you're just learning PHP, please, do not use the [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. Your user data is **not** [properly escaped](http://bobby-tables.com/php.html) and there are [SQL injection bugs](http://bobby-tables.com/) and can be exploited. – tadman Sep 19 '17 at 04:25

1 Answers1

1

Absolutely nothing about this is "perfectly good".

mysql_* functions are deprecated, you need to use PDO or MySQLi.

$con = mysql_connect['127.0.0.1','root',''];

Should be (albeit not a mysql_* function): 

$con = mysql_connect('127.0.0.1','root','');

This line:

mysql_select_db($con, 'chidon')

Should have a semicolon at the end:

mysql_select_db($con, 'chidon');

This line:

$select="INSERT INTO `news`(`news`) VALUES ([$news]";

Should be:

$select="INSERT INTO `news`(`news`) VALUES ('$news')";

...and should use prepared statements (available in MySQLi and PDO libraries).

Finally:

<form action='webpage.html' method="POST">

Doesn't make any sense, how are you expecting to use the data if you're posting to a HTML file? You probably mean webpage.php, and might need to change your file extension to match this too.

Also, this has nothing to do with PHPMyAdmin, PHPMyAdmin is just a tool used to access and manipulate a MySQL database, it's not the actual database itself.

Enstage
  • 2,106
  • 13
  • 20
  • That should also have `mysql_real_escape_string` if this code is stuck in the 1990s. – tadman Sep 19 '17 at 04:25
  • Check `mysql_select_db()` again. – Jay Blanchard Sep 19 '17 at 12:53
  • My answer will certainly not solve all your problems; only the ones presented in this post. I'm willing to bet any money you've got many more if I managed to find all these ones in only 5 lines of code. – Enstage Sep 20 '17 at 08:09