0

I am trying to get some informations from users such as name midterm final grades and post them into database which I am using the MySQL server. The problem is when I press the Add to DD button nothing changes and the data does not go into my table in database.

here is my main code:

<html>
<body>

 <table border ="1">
  <tr>
  <td>Name</td>
  <td><input id="name"> </input></td>
  </tr>
  <tr>
  <td>Midterm</td>
  <td> <input id="midterm"> </input></td>
  </tr>
  <tr>
  <td>Final</td>
  <td> <input id="final"> </input></td>
  </tr>
  <tr>
  <td>Grade</td>
  <td> <input id="grade"> </input></td>
  </tr>
  <td><input type="button" onclick="calculate()" value="Calculate"></td>
  <td>  <input type="submit"  value="Add to DB"> </td>
  </tr>
 </table>
</body>

<script type="text/javascript">
 function calculate(){
  var mid=document.getElementById('midterm').value;
  var fin=document.getElementById('final').value;
  var grade=mid*(0.3)+fin*(0.7);
  document.getElementById('grade').value=grade;
 }
 

</script>


</html>

and this is also the code that inserts datas :

<html>
<body>
 <form method="get" action="grade.php">
  <input type="text" value="Welcome to Student Grades Calculator">
  <br>
  <input type="submit" value="GO">
 </form>
 </body>
 </html>
<?php

 $name=$_POST['name'];
 $midterm=$_POST['midterm'];
 $final=$_POST['final'];
 $grade=$_POST['grade'];
 echo 'Hey';
 
 $connect= mysql_connect('localhost','root','','test');
 
 if(mysqli_connect_errno())
 {
   echo "Failed to connect to MySQL:".mysql_connect_errno();;
 }
 
 $s = "INSERT INTO(name,midterm,final,grade) VALUES('rr','33','33','33')";
 $sql = "INSERT INTO(name,midterm,final,grade) VALUES ('$name','$midterm','$final','$grade')";
 mysqli_query($connect , $sql);
 
 mysqli_close($connect);
 
 ?>
Peter Haddad
  • 78,874
  • 25
  • 140
  • 134
anil aytekin
  • 1
  • 2
    Your code is vulnerable to [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [mysqli](https://secure.php.net/manual/en/mysqli.prepare.php) or [PDO](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). –  Apr 22 '18 at 19:57
  • 1
    Why are you mixing `mysql` with `mysqli`? – Spoody Apr 22 '18 at 20:00
  • while I agree with @Dominik (have a look at htmlentities) change the form method to `post` instead of `get`. – Ali Apr 22 '18 at 20:00
  • firstly you should give input name to each field after that yu can get data from form – Mohini Apr 23 '18 at 04:28

1 Answers1

0

You need to set your variables to $_GETnot $_POST

$name=$_GET['name'];
$midterm=$_GET['midterm'];
$final=$_GET['final'];
$grade=$_GET['grade'];

I also recommend using post instead of get just for security

Will
  • 122
  • 1
  • 9