-1

I am trying to take the input from drop down menus that users enter and submit them to a table in my database. I am trying to submit the values into this table: enter image description here I use the POST to check that the values are being pulled from the HTML form and they are, but they won't submit into my table. I've made sure that all of the names with the columns and HTML forms are correct, why won't the values post to the table?

<?php

$databaseName = 'pizza_db';
$databaseUser = 'root';
$databasePassword = 'root';
$databaseHost = '127.0.0.1';
$conn = new mysqli($databaseHost, $databaseUser, $databasePassword, $databaseName);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
echo "Connected sucessfully\n";

if(isset($_POST['submit'])){
$value = mysqli_real_escape_string($conn,$_POST['drink']);
$value2 = mysqli_real_escape_string($conn,$_POST['cheese']);
$value3 = mysqli_real_escape_string($conn,$_POST['veggies']);
$value4 = mysqli_real_escape_string($conn,$_POST['meat']);
$value5 = mysqli_real_escape_string($conn,$_POST['sauce']);
$value6 = mysqli_real_escape_string($conn,$_POST['crust']);
$value7 = mysqli_real_escape_string($conn,$_POST['size']);

$sql = "INSERT INTO order_info(drink,cheese,veggies,meat,sauce,crust,size) 
    VALUES('$value','$value2','$value3','$value4','$value5','$value6','$value7')";

//Here I am posting the values to check that they are being submitted 
echo $_POST["size"];
echo "\n";
echo $_POST["sauce"];
echo "\n";
echo $_POST["crust"];
echo "\n";
echo $_POST["cheese"];
echo "\n";
echo $_POST["meat"];
echo "\n";
echo $_POST["veggies"];
echo "\n";
echo $_POST["drink"];
$conn->close();
}
?>

<!DOCTYPE html>
<html>
<body>
<form action='' method='post'>

<p>Choose a size<p>
<select id="size" name="size">
  <option value="small">Small</option>
  <option value="medium">Medium</option>
  <option value="large">Large</option>
  <option value="x-large">X-large</option>
</select>

<p> Choose a sauce <p>
<select id="sauce" name="sauce">
  <option value="none">None</option>
  <option value="marinara">Marinara</option>
  <option value="alfredo">Alfredo</option>
  <option value="ranch">Ranch</option>
  <option value="bbq">BBQ</option>
</select>

<p> Choose a cheese<p>
<select id="cheese" name="cheese">
  <option value="none">None</option>
  <option value="mozzarelaa">Mozarella</option>
  <option value="cheddar">Cheddar</option>
  <option value="parmesan">Parmesan</option>
  <option value="three cheese">Three-Cheese</option>
</select>

<p> Choose a meat <p>
<select id="meat" name="meat">
  <option value="none">None</option>
  <option value="Pepperroni">Pepperroni</option>
  <option value="sausage">Sausage</option>
  <option value="bacon">Bacon</option>
  <option value="canadian bacon">Canadian Bacon</option>
  <option value="chicken">Chicken</option>
  <option value="salami">Beef</option>
  <option value="anchovies">Anchovies</option>
</select>

<p> Choose a veggies <p>
<select id="veggies" name="veggies">
  <option value="none">None</option>
  <option value="onions">Onions</option>
  <option value="green peppers">Green Peppers</option>
  <option value="Red peppers">Red peppers</option>
  <option value="Black olives">Mushrooms</option>
   <option value="jalapenos">Jalapenos</option>
    <option value="tomatoes">Tomatoes</option>
    <option value="pineapple">Pineapple</option>
</select>

<p> Choose a crust <p>
<select id="crust" name="crust">
  <option value="regular">Regular</option>
  <option value="deep-dish">Deep-dish</option>
  <option value="thin-crust">Thin Crust</option>
  <option value="stuffed crust">Stuffed Crust</option>
  <option value="gluten free">Gluten Free</option>
</select>

<p> Choose a drink <p>
<select id="drink" name="drink">
  <option value="none">None</option>
  <option value="rootbeer">Root Beer</option>
  <option value="coke">Coke</option>
  <option value="diet coke">Diet Coke</option>
  <option value="dr pepper">Dr Pepper</option>
</select>
<input type="submit" name="submit" value="Submit"/>
</form>
</body>
</html>
petey
  • 16,914
  • 6
  • 65
  • 97
the_crouton
  • 53
  • 1
  • 8
  • 1
    You never executed your SQL query. – David Dec 06 '17 at 17:28
  • That fixed it, forgot to add the statement. Thanks! – the_crouton Dec 06 '17 at 17:30
  • It's also worth noting, as you continue to learn and practice, that your attempts to protect against SQL injection have been known to be insufficient. I recommend you take a look at this: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – David Dec 06 '17 at 17:30
  • Additionally, you shouldn't really check for `$_POST['submit']` here - I'd advise you to instead put a hidden input in to watch for. There are multiple ways to submit forms and you are only allowing one of them by watching for a button press. – Scoots Dec 06 '17 at 17:31
  • Will take a look into it, thank you – the_crouton Dec 06 '17 at 17:31
  • Some other reading about which edge cases cause concern, and what is still safe: https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string/12118602#12118602 – IncredibleHat Dec 06 '17 at 17:35

2 Answers2

2

Seems like you are not running the query.

// sql
$sql = "INSERT INTO order_info(drink,cheese,veggies,meat,sauce,crust,size) 
VALUES('$value','$value2','$value3','$value4','$value5','$value6','$value7')";

// run query
mysqli_query($conn, $sql);

// or
$conn->query($sql);
Abid Raza
  • 745
  • 8
  • 15
0

You prepared string query but you are not executing it.

$sql = "INSERT INTO order_info(drink,cheese,veggies,meat,sauce,crust,size) 
VALUES('$value','$value2','$value3','$value4','$value5','$value6','$value7')";

// run query with below mentioned function
mysqli_query($conn, $sql);

Then check your table. You will see the data saved.

Himanshu Upadhyay
  • 6,558
  • 1
  • 20
  • 33