0

I have a problem with my Database connection. whenever I try to connect, it dies and show this message that I've written "Query FAILED". I'm trying to make a contact form to send the data to my database the name of my database is "contact". and the name of my table is "contact_table".

I don't know what to do please help me. These are my codes:

<div class="contact">
  <form action="contact_us.php" method="POST">
    <label class="label-name">Name: </label>
    <input class="input-name" name="name" type="text">
    <label class="label-lname">Last Name: </label>
    <input class="input-lname" name="lastname" type="text">
    <label class="label-email">Email: </label>
    <input class="input-email" name="email" type="email">
    <label class="label-message">Message: </label>
    <textarea class="input-message" name="message" type="text"></textarea>
    <a href="#"><input class="submit-btn" name="submit" type="submit" value="Submit"></a>
  </form>
</div>
if(isset($_POST['submit'])){
    global $connection;
    $name = $_POST['name'];
    $lname = $_POST['lastname'];
    $email = $_POST['email'];
    $message = $_POST['message'];

    $name = mysqli_real_escape_string($connection, $name );
    $lname = mysqli_real_escape_string($connection, $lname );
    $email = mysqli_real_escape_string($connection, $email );
    $message = mysqli_real_escape_string($connection, $message );

    $query = "INSERT INTO contact_table('name', 'lastname', 'email', 'message') ";
    $query .= "VALUES ('name', 'lastname', 'email', 'message')";

    $result = mysqli_query($connection, $query);

    if(!$result){
        die('Query FAILED');
    } else {
        echo "Record Created";
    }
}

This is my Database Connection

$server = "localhost";
$username = "root";
$password = "";
$dbname = "contact";


$connection = mysqli_connect($server , $username, $password, $dbname);
    if(!$connection){
        die("Database connection failed".  mysqli_error());
}
YvesLeBorg
  • 9,070
  • 8
  • 35
  • 48
Armin
  • 5
  • 6
  • 2
    You need to prefix your values with $, e.g $name. – Leander Iversen Jul 08 '18 at 11:25
  • 1
    you are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You need to use prepared statements, rather than concatenating variables into your query. Escaping values is not enough. See [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). – elixenide Jul 08 '18 at 12:05
  • Escaping is enough so long as your db is setup and used correctly... not an [edge case](https://stackoverflow.com/a/12118602/2960971). However its just easier and less stress to use prepared statements. – IncredibleHat Jul 08 '18 at 13:04

3 Answers3

0

Your connection is not failed. There is an error in your insert query.

The query should be 

$query = "INSERT INTO contact_table('name', 'lastname', 'email', 'message') ";
$query .= "VALUES ($name, $lname, $email, $message)";
joy
  • 164
  • 1
  • 7
  • Please can you try again like $query = "INSERT INTO contact_table('name', 'lastname', 'email', 'message') "; $query .= "VALUES ('$name', '$lname', '$email', '$message')"; – joy Jul 08 '18 at 11:54
0

This should work for a insert statement. I am a fan of PDO and would suggest its use. 

    <div class="contact">
      <form action="contact_us.php" method="POST" id="your_form"> //Give the form an ID
        <label class="label-name">Name: </label>
        <input class="input-name" name="name" type="text">
        <label class="label-lname">Last Name: </label>
        <input class="input-lname" name="lastname" type="text">
        <label class="label-email">Email: </label>
        <input class="input-email" name="email" type="text">
        <label class="label-message">Message: </label>
        <textarea class="input-message" name="message" form="your_form"></textarea> 
        //Tell your text he belongs with your form.
        <input class="submit-btn" name="submit" type="submit" 
        value="Submit">//removed <a> tag
      </form>
    </div>



        if(isset($_POST['name'])){ //if this post is set then...
        $name = $_POST['name']; //get posted information
        $lname = $_POST['lastname'];
        $email = $_POST['email'];
        $message = $_POST['message'];

        //Use PDO connection
        $dsn = "mysql:host=localhost;dbname=your_database_here";
        $username = "your_username";
        $password= "your_password";
        $conn = new PDO($dsn, $username, $password); //should test connection



        $stmt = $conn->prepare("INSERT INTO contact_table (name, lastname, email, message) 
        VALUES (:name, :lastname, :email, :message); //Make named placeholders
        $stmt->bindParam(':name', $name);
        $stmt->bindParam(':lastname', $lname);
        $stmt->bindParam(':email', $email); //bind the posted information
        $stmt->bindParam(':message', $message);

        $stmt->execute(); //Execute the insert



        if(!$stmt){
            die('Query FAILED');
        } else {
            echo "Record Created";
        }
    }
tim
  • 677
  • 9
  • 11
-1

I finally found out what was the problem. I shouldn't have used quotation marks. This is the right code:

$query = "INSERT INTO contact_table(name, lastname, email, message) ";
Armin
  • 5
  • 6