-1

I'm trying to create a website page with different inputs. A name and an email (and a submit button, if you count that). My problem is that instead of returning the data that I input in my html form to phpmyadmin, it sends an "empty result set". I'm not new to html, but I am new to php, so I think that is where my problem resides. Here is my code...

    <html>
    <body>

    <form action="#" method="POST"> 
     <table width="20%" border="0" cellspacing="2" cellpadding="1"> 
      <tr> 
       <td>Name:</td> 
       <td colspan="2"><input type="text" name="name"></td> 
      </tr> 
      <tr> 
       <td>Email:</td> 
       <td colspan="2"><input type="text" name="email"></td> 
      </tr>  
      <tr> 
       <td>&nbsp;</td> 
       <td colspan="2"><input type="submit" name="submit" value="Submit></td> 
      </tr> 
     </table> 
    </form> 

    </body> 
    </html>

    <?php
       $con=mysqli_connect("localhost","root","");
       mysqli_select_db($con,"mpet");
       if(isset($_POST['submit']))
       {    
         $name=$_POST['name'];
         mysqli_query($con,"insert into user(name) values('$name')");
         $email=$_POST['email'];
         mysqli_query($con,"insert into user(email) values('$email')");
       }


    ?>

Thanks for any help you can give me.

Ivar
  • 6,138
  • 12
  • 49
  • 61
FailStorm Fail 9000
  • 41
  • 7
  • 3
    what do you mean by *empty result set* ? can you be clear ? – Ravi Feb 13 '18 at 19:41
  • 1
    Did you chech error log to see if SQL are getting any error? – Sakura Kinomoto Feb 13 '18 at 19:42
  • 4
    You have to use only **one query** : `insert into user(name,email) values('the_name','the_email')`. And you may have a look to [parametrized queries](https://stackoverflow.com/questions/60174). – Syscall Feb 13 '18 at 19:46
  • 2
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Feb 13 '18 at 19:48
  • 4
    phpMyAdmin is a database administration tool. MySQL is the database. Please don't confuse the two, as it really confuses your question. You're also inserting two values into two different rows which makes no sense at all. I understand you're learning here, but it looks like you're missing a good introduction book to set you on the right course. – tadman Feb 13 '18 at 19:48
  • Consider using a [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) to solve problems like this. With those you have patterns you could follow for organizing your code into proper model, view and controller contexts. Frameworks come in many forms from really lean like [Fat-Free Framework](https://fatfreeframework.com/) to exceptionally full-featured like [Laravel](http://laravel.com/) and many spots in between. – tadman Feb 13 '18 at 19:50

1 Answers1

1

After researching parameterized queries like most of you suggested to, I was able to get my page working. Here is the code in case any want wants to see it...

<html>
<body>
<form action="connect.php" method="post"> 
<table width="20%" border="0" cellspacing="2" cellpadding="1"> 
<tr> 
  <td>Name:</td> 
  <td colspan="2"><input type="text" name="name"></td> 
</tr> 
<tr> 
  <td>Email:</td> 
  <td colspan="2"><input type="text" name="email"></td> 
</tr>  
<tr> 
  <td>&nbsp;</td> 
  <td colspan="2"><input type="submit" name="submit" value="Submit"></td> 
</tr> 
</table> 
</form> 

</body> 
</html>

And here is my php file...

<?php
$link = mysqli_connect("localhost", "root", "", "mypet");

if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

$sql = "INSERT INTO user (name,email) VALUES (?,?)";

if($stmt = mysqli_prepare($link, $sql)){
mysqli_stmt_bind_param($stmt, "ss", $name,$email);

$name = $_REQUEST['name'];
$email = $_REQUEST['email'];

if(mysqli_stmt_execute($stmt)){
    echo "<p>Thank you</p>";
} else{
   echo "ERROR: Could not execute query: $sql. " . mysqli_error($link);
}
} else{
    echo "ERROR: Could not prepare query: $sql. " . mysqli_error($link);
}

mysqli_stmt_close($stmt);

mysqli_close($link);
?>

This has been working so far and I've tested it many times.

FailStorm Fail 9000
  • 41
  • 7