Sending PHP form to MySQL database

Question

I am new to PHP and am really struggling to post my PHP contact form data to my database (MySQL, MAMP, phpMyAdmin), I dont know why I am finding this so complex, I have been looking at my code for ages but can not figure it out. my database structure

connection.php

<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "FutureDesign";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
//if ($conn->connect_error) {
//    die("Connection failed: " . $conn->connect_error);
//} 
//echo "Connected successfully";

$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$message = $_POST['message'];

$sql = "INSERT INTO ContactForm (name, phone, email, message ) VALUES ('$name', '$phone', '$email', '$message')";


if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>

contact.php

<form name="sentMessage" id="contactForm" method="post" action="connection.php" novalidate>
            <div class="control-group form-group">
              <div class="controls">
                <label>Full Name:</label>
                <input type="text" class="form-control" name="name" id="name" required data-validation-required-message="Please enter your name.">
                <p class="help-block"></p>
              </div>
            </div>
            <div class="control-group form-group">
              <div class="controls">
                <label>Phone Number:</label>
                <input type="tel" class="form-control" name="phone" id="phone" required data-validation-required-message="Please enter your phone number.">
              </div>
            </div>
            <div class="control-group form-group">
              <div class="controls">
                <label>Email Address:</label>
                <input type="email" class="form-control" name="email" id="email" required data-validation-required-message="Please enter your email address.">
              </div>
            </div>
            <div class="control-group form-group">
              <div class="controls">
                <label>Message:</label>
                <textarea rows="10" cols="100" class="form-control" name="message" id="message" required data-validation-required-message="Please enter your message" maxlength="999" style="resize:none"></textarea>
              </div>
            </div>
            <div id="success"></div>
            <!-- For success/fail messages -->
            <button type="submit" value="submit" class="btn btn-primary" id="sendMessageButton">Send Message</button>
          </form>

Answer 1

I have removed (name="sentMessage" id="contactForm") from the first line in my form and everything works perfectly?!

original line (with error)

<form name="sentMessage" id="contactForm" method="post" action="connection.php" novalidate>

edited line (removed error)

<form method="post" action="connection.php" novalidate>

Answer 2

As an addition to other posts, try using Prepared Statements. This is more secure than using the mysqli function. W3schools is a great place to learn! They have a few articles on the subject. https://www.w3schools.com/php/php_mysql_prepared_statements.asp

Good Luck!

Answer 3

try to wrap your parameter with double quote like this

$sql = "INSERT INTO ContactForm (name, phone, email, message ) VALUES (".'$name'.", ".'$phone'.", ".'$email'.", ".'$message'.")";

i recommend you to bind you parameter with bind_param to avoiding sql injection