-1

Could someone please help me and tell me why my php form isn't sending the data to the database.

The types are emp_no(int11), birth_date(date), first_name(varchar14), last_name(varchar16), gender(enum('M','F'), hire_date(date)

 // Checks to see if the save button was pressed and if so, then it should run the 
 query that inserts the data into the data fields specified.
if(isset($_POST['save'])) {

    $sql = "INSERT INTO 'employees' ('emp_no', 'birth_date', 'first_name', 
    'last_name', 'gender', 'hire_date')
    VALUES ('".$_POST['emp_no']."', '".$_POST['birth_date']."', 
    '".$_POST['first_name']."', '".$_POST['last_name']."',
    '".$_POST['gender']."', '".$_POST['hire_date']."')";

    $result = mysqli_query($conn, $sql);

    }

code here: https://codepen.io/blackemr/pen/mjMgPQ

fmw42
  • 46,825
  • 10
  • 62
  • 80
Matt Blackert
  • 25
  • 1
  • 1
  • 5
  • use print_r($_POST) and send us the results – Tom Jul 26 '18 at 15:48
  • 1
    You shouldn't wrap column/table names with `'`, instead use the backtick.. `\`` – IsThisJavascript Jul 26 '18 at 15:50
  • Code is vuln to sql injection. Protect yourself and your users by switching to [prepared statments](http://php.net/manual/en/mysqli.prepare.php) – IsThisJavascript Jul 26 '18 at 15:51
  • @Tom Array ( [emp_no] => 29302 [birth_date] => 2018-05-26 [first_name] => Matthew [last_name] => Blackert [gender] => M [hire_date] => 2018-06-26 [save] => Enter Employee Information ) – Matt Blackert Jul 26 '18 at 15:55
  • 4
    Possible duplicate of [When to use single quotes, double quotes, and back ticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-back-ticks-in-mysql) Also a must read or possible duplication could be [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Raymond Nijland Jul 26 '18 at 15:57
  • @RaymondNijland No, that didn't work so it's not that. – Matt Blackert Jul 26 '18 at 15:59
  • remove the single quotes around the column names – Tom Jul 26 '18 at 15:59
  • "No, that didn't work so it's not that. " trust me it is. – Raymond Nijland Jul 26 '18 at 16:00
  • .. and around table name – Tom Jul 26 '18 at 16:01
  • @Tom it's still not sending the data to the database. $sql = "INSERT INTO employees (emp_no, birth_date, first_name, last_name, gender, hire_date) VALUES ('".$_POST['emp_no']."', '".$_POST['birth_date']."', '".$_POST['first_name']."', '".$_POST['last_name']."', '".$_POST['gender']."', '".$_POST['hire_date']."')"; – Matt Blackert Jul 26 '18 at 16:04
  • change to $result = mysqli_query($conn, $sql) or trigger_error($conn->error."[ $sql]"); – Tom Jul 26 '18 at 16:08
  • it should be `mysqli_error()` .. Dont mix MySQLI OOP with procedural call's it's sloppy. @Tom – Raymond Nijland Jul 26 '18 at 16:10
  • Thanks @RaymondNijland .. updated the answer. – Tom Jul 26 '18 at 16:24

1 Answers1

0

change to:

$sql = "INSERT INTO employees (emp_no, birth_date, first_name, last_name, gender, hire_date) VALUES ...

You can also return the error using:

$result = mysqli_query($conn, $sql) or trigger_error(mysqli_error($conn));
Tom
  • 432
  • 2
  • 9