0

I really need some help with this. I've been struggling for days with this code. I can't get my formdata in the mysqltable with this script and I don't know why. I've included a script which catches the form data called input.php

<?php 
$email = cubrid_real_escape_string($_POST['email']);

?>

and I have the following file which makes a connection to the database and inserts the data into the MySQL database. I just don't get what I'm doing wrong. It's so frustrating.

<?php
include ('input.php');

$hostnaam = "10.184.19.114";
$gebruikersnaam = "u272085_user";
$wachtwoord = "123";
$dbnaam = "db272085_contactinfo";

$con=mysqli_connect($hostnaam, $gebruikersnaam, $wachtwoord, $dbnaam);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// Perform queries 
//mysqli_query($con,"SELECT * FROM Persons");
 mysqli_query($con,"INSERT INTO `db272085_contactinfo.contact` (`id`,     `email`) VALUES (id, "'.$email.'")");

mysqli_close($con);
?>
Milton
  • 11
  • 1
  • 2
    I hope those aren't your live MySQL credentials... – Machavity Sep 19 '17 at 12:21
  • mysqli_query($con,"INSERT INTO `db272085_contactinfo.contact` (`id`, `email`) VALUES (id, "'.$email.'")");`; what is id – Salim Ibrohimi Sep 19 '17 at 12:23
  • 1
    You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). **This will take care of any pesky quoting issues that is occurring with your email variable.** – aynber Sep 19 '17 at 12:23

0 Answers0