Error while filling a mysql database with data from php/html

Question

I created this for one of my projects. We have a webshop where users can enter their credentials and order products. The current solution puts all the data into a .csv-file and I was tasked with creating a mysql database as a new solution.

I added a simple HTML insert for the user to enter his name, but if I try to run the script I get a syntax error for line 19. I'm new to programming and therefore not sure what the error is here.

<!DOCTYPE html>
<html>
<body>


<?php

$servername = "localhost";
$username = "localhost";
$password = "";
$dbname = "test"

    // create a variable
$Vorname=$_POST['Vorname'];
$Nachname=$_POST['Nachname'];

    //Execute the query

mysqli_query($connect "INSERT INTO tbl_bestellungen(Vorname,Nachname)
    VALUES('$Vorname','$Nachname')");
    <?php include 'database.php';>


if(mysqli_affected_rows($connect) > 0){
    echo "<p>Bestellung erfasst</p>";
   } else {
    echo "Bestellvorgang fehlgeschlagen<br />";
    echo mysqli_error ($connect);

<h2>Text Input</h2>

<form>
  Vorname:<br>
  <input type="text" name="Vorname">
  <br>
  Nachname:<br>
  <input type="text" name="Nachname">
  
  <input type="submit" name="button1"  value="Senden">
</form>

</body>
</html>

Thanks in advance.

is inside an already opened php block. You are also adding straight html into a php file without closing off the php tag. This code is also never going to work as the query will execute with blank statements. You need to wrap everything in a $_POST check. — Ne Ma, Aug 06 '18 at 08:15
**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Aug 06 '18 at 08:19
You forgot the comma after `$connect`. Voting off-topic due to typo. — Quentin, Aug 06 '18 at 08:21

score -1 · Answer 1 · answered Aug 06 '18 at 08:24

-1

Well you should do like this way:

$servername = "localhost";
$username = "localhost";
$password = "";
$dbname = "test"

$dbConn = mysqli_connect($servername, $username, $password, $dbname);
if(!$dbConn){
   echo "No Db connected"; 
}

//above connection code should be in a separate file and include in all files or header



$Vorname=$_POST['Vorname'];
$Nachname=$_POST['Nachname'];

$query = "INSERT INTO tbl_bestellungen (Vorname,Nachname)
            VALUES('$Vorname','$Nachname')";

or you can set query like

$query = "INSERT INTO tbl_bestellungen (Vorname,Nachname)
            VALUES('".$Vorname."','".$Nachname."')";

if($dbConn->query($query)){
   echo "Record inserted !";
}else{
   echo "Record cannot be inserted !";
}

answered Aug 06 '18 at 08:24

Naveed Ramzan

3,565
3
25
30

This reads like a game of spot-the-different, not an answer. What did you change? Why should it solve the problem? – Quentin Aug 06 '18 at 08:27
2 things, he has syntax error which is answered (if he continue the way) secondly, quotes should be around when we use variables in query (although variables works fine without that if we using double quotes) – Naveed Ramzan Aug 06 '18 at 08:30
"he has syntax error which is answered" — How? Again: Answers should not be a game of spot the difference. – Quentin Aug 06 '18 at 08:33
"although variables works fine without that if we using double quotes" — Which the code in the question does, so that is just a massive red herring that makes the code harder to read. – Quentin Aug 06 '18 at 08:33

Error while filling a mysql database with data from php/html

1 Answers1