Form Not Posting To SQL Database

Question

I have this form and I can’t get it to post to my sql database?

https://xcanberracars.com/assets/booking/bookride_bu240118.php

This is the code I believe I have everything right but obviously not.

error_reporting(E_ALL & ~(E_STRICT|E_NOTICE|E_WARNING));

$host="localhost";
$dbuser="xcanberr_accountmanager";
$dbpass="*********”;
$dbname="xcanberr_PromoCodes";

$link = mysqli_connect($host, $dbuser, $dbpass,$dbname);
if(!$link)
{
    echo "ERROR| Unable to connect to MySQL." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;

    $booking_id = "XBR".date("dmYHis");

    $sql = "INSERT INTO booking_table (bookingID, first_name, last_name, email, phone, pickup_location, drop_location)
    VALUES ('$bookingId', '$firstName', '$lastName', '$email', '$phone,'$pickupAddressLine1', '$dropAddressLine1')";

    mysqli_query($conn, $sql);

I can get it to work on my local host pc but won’t work on the server

It's probably not wise to publish the username and password for the database. — KIKO Software, Feb 17 '18 at 08:49
You should get the same SQL syntax error (if you were checking) on both servers, if the script was identical. Also a problem you wouldn't have with parameter binding, of course. — mario, Feb 17 '18 at 08:50
`$booking_id` is not the same as `'$bookingId',` check it out — , Feb 17 '18 at 09:03
Even if you don't care about security, your vulnerability to SQL injection is going to cause problems if someone called "O'Connor" wants to book something with you, as the apostrophe in their name will crash your code. — Matt Gibson, Feb 17 '18 at 11:07

Ajay · Answer 1 · 2018-02-17T11:44:58.377

In your code their is 2 mistakes.

1- line no. 19 '$phone should be '$phone'

2- line no. 21 mysqli_query($conn, $sql); should be mysqli_query($link, $sql);

3- booking_id AND bookingId

use this code

error_reporting(E_ALL & ~(E_STRICT|E_NOTICE|E_WARNING));

$host="localhost";
$dbuser="xcanberr_accountmanager";
$dbpass="*********”;
$dbname="xcanberr_PromoCodes";

$link = mysqli_connect($host, $dbuser, $dbpass,$dbname);
if(!$link){


    $bookingId = "XBR".date("dmYHis");

    $firstName          = mysqli_real_escape_string($link, $firstName);
    $email              = mysqli_real_escape_string($link, $email);
    $phone              = mysqli_real_escape_string($link, $phone);
    $pickupAddressLine1 = mysqli_real_escape_string($link, $pickupAddressLine1);
    $dropAddressLine1   = mysqli_real_escape_string($link, $dropAddressLine1);

    $sql = "INSERT INTO booking_table (bookingID, first_name, last_name, email, phone, pickup_location, drop_location)
    VALUES ('$bookingId', '$firstName', '$lastName', '$email', '$phone','$pickupAddressLine1', '$dropAddressLine1')";

    mysqli_query($link, $sql);

`$dbpass="*********”` < you missed that. Look at syntax highlighting here and in the OP's post. — Funk Forty Niner, Feb 17 '18 at 13:46

Form Not Posting To SQL Database

1 Answers1