Passing a variable from html to mysql with php

Question

I'm trying to put info I get from a form in html into a mysql database by way of php and do it all on the same page. My code so far is thus

<?php
    require('conn.php');
    if( isset($_POST['send'])){
    $Product_Name = htmlspecialchars($_POST["product_name"]);
    $Stock = htmlspecialchars($_POST["stock"]);
    $Price = htmlspecialchars($_POST["price"]);

    $insert = "INSERT INTO product (Product_Name, Stock, Price) VALUES ('$Product_Name','$Stock','$Price')";
    if (mysqli_query($conn,$insert)){
            echo "Values inserted!\n";
    }
    else {
            echo "Error inserting values: " . mysqli_error($conn);
    }
    }
    mysqli_close($conn);

?>

<html>
<body>
<form action="insert.php" method="post">

<table border="1">

<tr>
    <td>Product Name</td>
    <td align="center"><input type="text" name="product_name" size= "30" /></td>
</tr>

<tr>
    <td>In Stock</td>
    <td align="center"><input type="text" name ="stock" size="30"/></td>
</tr>

<tr>
    <td>Price</td>
    <td align="center"><input type="text" name="price" size="30"/></td>
</tr>

<tr>
    <td>Submit</td>
    <td align="center"><input type="submit" value="send"></td>
<tr>

However when I try and load the page its just comes up blank. It used to at least show the form before I added in the php code but I can't pin down what I broke. What do I need to change so that this puts the users data into the database?

Edit: changed code based upon Jeffry's catches

You might be interested in [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) — brzuchal, May 03 '18 at 04:02

score 1 · Answer 1 · answered May 03 '18 at 03:38

1

just quick check, you miss the closing ) in

$Product_Name = htmlspecialchars($_POST["product_name"];

i also think you need a dot to append the string

$insert = "INSERT INTO product (Product_Name, Stock, Price) VALUES ("$Product_Name","$Stock","$Price")";

and if your product name is a varchar, you might need to quote it

answered May 03 '18 at 03:38

Jeffry Evan

317
1
7

Well, your advice got the page to load so thank you for that but its not putting it into the database. – masral May 03 '18 at 03:43
have you check the query (to see if its append the string and the quote on varchar)? try to echo the $insert to see if you get it right – Jeffry Evan May 03 '18 at 03:49

score 1 · Accepted Answer · answered May 03 '18 at 04:00

1

You're missing the name attribute in your submit button declaration.

update

<input type="submit" value="send">

to

<input type="submit" name = "send" value="send">

answered May 03 '18 at 04:00

Sandeep

145
2
7

Passing a variable from html to mysql with php

2 Answers2