1

I have a little specific case here and I'm struggling with it.

I'm trying to insert in information into database, but the situation is slightly different from the other cases I've watched.

The things I have to do is:

  1. Create a HTML form, and the values should come with $_POST request from it.
  2. Create a credentials plus connection and database.
  3. Need to assign the variables which will save the values of $_POST, they need to be = NULL.
  4. I need to put these $_POST values into "if"'s body.
  5. All of this should be done only if $_SERVER['REQUEST_METHOD'] == POST.

This is my HTML Form:

<form action="" method="post">
<p>
    <label for="userNameOne">User Name:</label>
    <input type="text" name="user_name_one" id="userNameOne">
</p>
<p>
    <label for="userNameTwo">User Phone:</label>
    <input type="text" name="user_name_two" id="userNameTwo">
</p>
<p>
    <label for="userEmail">Email Address:</label>
    <input type="email" name="user_email" id="userEmail">
</p>
<input type="submit" value="submit" name="submit">

These are my credentials and database connection:

<?php 
session_start();
$host = "localhost";
$user_name = "root";
$user_password = "";
$database = "our_new_database";

function db_connect($host, $user_name, $user_password, $database) {
    $connection = mysqli_connect($host, $user_name, $user_password, $database);
    if(mysqli_connect_errno()){
        die("Connection failed: ".mysqli_connect_error());
    }
    mysqli_set_charset($connection, "utf8");

    return $connection;

This is my database creation:

$foo_connection = db_connect($host, $user_name, $user_password, $database);

$sql = "CREATE TABLE user_info(
    user_name_one VARCHAR(30) NOT NULL,
    user_name_two VARCHAR(30) NOT NULL,
    user_email VARCHAR(70) NOT NULL UNIQUE
)";

if(mysqli_query($foo_connection, $sql)){
    echo "Table created successfully";
}
else {
    echo "Error creating table".mysqli_connect_error($foo_connection);
}

And this is where I hardly stuck. When I try to assign the $_POST form values, I'm getting error:

Notice: Undefined index: userNameOne Notice: Undefined index: userNameTwo Notice: Undefined index: userEmail

Also I don't know where to use this $_SERVER['REQUEST_METHOD'] == POST.

Can you help me a little bit to finish this "mission" :).

syam
  • 799
  • 1
  • 12
  • 30
inSee
  • 27
  • 5

2 Answers2

0

This is your HTML :

<form action="" method="post">
<p>
    <label for="userNameOne">User Name:</label>
    <input type="text" name="user_name_one" id="userNameOne">
</p>
<p>
    <label for="userNameTwo">User Phone:</label>
    <input type="text" name="user_name_two" id="userNameTwo">
</p>
<p>
    <label for="userEmail">Email Address:</label>
    <input type="email" name="user_email" id="userEmail">
</p>
<input type="submit" value="submit" name="submit">

This is what you are doing :

$user_name_one = $_POST["userNameOne"]; 
$user_name_two = $_POST["userNameTwo"]; 
$user_email = $_POST["userEmail"];

As you can see, your $_POST refer to the id of each input, not the name.

So try this :

$user_name_one = $_POST["user_name_one"]; 
$user_name_two = $_POST["user_name_two"]; 
$user_email = $_POST["user_email"];

A good practice to avoid this problem is using the same id and name in your input if you can do it !

I suggested you to read this question to understand your problem : Difference between id and name attributes in HTML

EDIT : (I use to work with PDO or Doctrine so the syntax may be wrong, but here is the main idea)

To add this in your database, do a prepare statement and bind the param before executing your request:

$sql = "INSERT INTO user_info
        (user_name_one,user_name_two,user_email) 
        VALUES(':name_one',':name_two',':email')"
$req = $connection->prepare($sql);
$req->bindParam(":name_one", $user_name_one);
$req->bindParam(":name_two", $user_name_two);
$req->bindParam(":email", $user_email);
$req->execute();

Is this what you are looking for?

Mickaël Leger
  • 3,426
  • 2
  • 17
  • 36
0

first you really don't need $_SERVER['REQUEST_METHOD'] to check whether post is is set. you can simply check with your submit button.

if (isset($_POST['submit'])){}

then second one is you calling input's id. not the name. you can fix it by using input fields name.

$user_name_one = $_POST['user_name_one'];

here is the code for insertion.

$user_name_one = $_POST['user_name_one'];
$user_name_two = $_POST['user_name_two'];
$user_email = $_POST['user_email'];
$connection->query("INSERT INTO user_info(user_name_one,user_name_two,user_email) VALUES('$user_name_one','$user_name_two','$user_email')");
Lahiru Madusanka
  • 270
  • 2
  • 13
  • 1
    Care to SQL injection with this code, since you don't use prepare statement and use $_POST value direclty in your query ! I'm not pro in SQL injection but if you do somehting like `$_POST['user_email'] = 'test@test.fr')"; DROP TABLE user_info;'` it should be annoying – Mickaël Leger Mar 19 '18 at 09:40
  • This is a sample code for use who stuck on insertion query. i didn't needed him to be confused with all of that security issues. – Lahiru Madusanka Mar 19 '18 at 10:08