-2

Here is my main PHP code:

<?php

define('dbServer', 'localhost');
$dbUsername = 'root';
$dbPassword = '';
define('dbName', '1');

$dbConnection = mysqli_connect(dbServer, $dbUsername, $dbPassword, dbName);

if(!$dbConnection){
    die("Unsuccessful Connection: " . mysqli_connect_error());
}



// All user data will be taken from the form //

$emailAddress = $_POST['emailaddress'];
$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$streetAddress = $_POST['streetaddress'];
$phoneNumber = $_POST['phonenumber'];
$comments = $_POST['comments'];

$sql = "INSERT INTO user-submission (email, firstName, lastName, address, phoneNumber, comment) VALUES ('$emailAddress', '$firstName', '$lastName', '$streetAddress', '$phoneNumber', '$comments')";

$result = mysqli_query($dbConnection, $sql);

if (!$result){
    die('Error: ' . mysqli_connect_error());
}

?>

My SQL database contains the rows ID, email, firstName, lastName, address, phoneNumber, comment. They are in a database called '1' (for testing purposes) and a table called 'user-submission'.

I have been unable to query this information into my table. I have been successful prior to this on other SQL and PHP pairings. What am I doing wrong this time?

razr_unlimited
  • 1
  • 2
    You don't say what's actually happening when you run this so there may well be other problems as well, but you'll definitely need to quote the table name if it contains a dash. See https://stackoverflow.com/questions/18670394/using-dash-in-mysql-table-name – iainn Apr 24 '18 at 18:19
  • 2
    You'll also want to read up on SQL injection as soon as possible: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – iainn Apr 24 '18 at 18:19
  • Enable error reporting, and acquire the skill of debugging the programs you write... how to detect errors, and how to diagnose the problem. StackOverflow is not a debugging service. https://ericlippert.com/2014/03/05/how-to-debug-small-programs/ – spencer7593 Apr 24 '18 at 18:36
  • Your title isn't particularly helpful, a lot of questions could be described as an 'Issue with PHP and MySQL Database' – Nigel Ren Apr 24 '18 at 18:44
  • `mysqli_connect_error()` isn't the right function to use against a query, just a connection error method is all it is. – Funk Forty Niner Apr 24 '18 at 18:44
  • `INSERT INTO user-submission` did you know that mysql is interpreting that as `INSERT INTO user MINUS submission`? well now you do. Either escape it or replace the hyphen with an underscore and renaming the table to that name. – Funk Forty Niner Apr 24 '18 at 18:46

2 Answers2

0

Add this right below the opening php tag at the top then the server will tell you what the error is. Copy the error here if you need help decyfering

error_reporting( E_ALL );
Jim VanPetten
  • 413
  • 3
  • 11
  • also add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` (*before* `mysqli_connect` is called.) With this enabled, when an error occurs in mysqli, mysqli will raise a PHP error. – spencer7593 Apr 24 '18 at 18:39
  • this is a comment at best. It won't do anything for mysql where the deleted answer gave a better answer in a way. That table name of theirs, well... mysql thinks they want to do math. – Funk Forty Niner Apr 24 '18 at 18:44
  • 99 out of a hundred times it reveals the problem as its usually something simple. So its the first step. – Jim VanPetten Apr 24 '18 at 19:22
0

First you need to make changes so hackers don't abuse your code. Just wait till johnny;drop tables; comes by and wipes out your database.

// All user data will be taken from the form //

$emailAddress = mysqli_real_escape_string($dbConnections,$_POST['emailaddress']);
$firstName = mysqli_real_escape_string($dbConnections,$_POST['firstname']);
$lastName = mysqli_real_escape_string($dbConnections,$_POST['lastname']);
$streetAddress = mysqli_real_escape_string($dbConnections,$_POST['streetaddress']);
$phoneNumber = mysqli_real_escape_string($dbConnections,$_POST['phonenumber']);
$comments = mysqli_real_escape_string($dbConnections,$_POST['comments']);


$sql = "INSERT INTO `user-submission` (email, firstName, lastName, address, phoneNumber, comment) VALUES (?,?,?,?,?,?)";
$prep=$dbConnections->prepare($sql);
$prep->bind_param("ssssss",$emailAddress,$firstName,$lastName,$streetAddress,$phoneNumber,$comments);

#actually puts everything together, and puts it in the database
$prep-execute();
cybernard
  • 180
  • 10