My PhP script doesn't write on my MySql database

Question

I started to learn PHP and I need your help because I'm trying to write on my MySQL database. The script seems fine (for me :D) and it doesn't give me errors. But when I submit the query the data doesn't appear inside my MySQL database. Could you help me, please?

This is my HTML/PHP code:

<?php
session_start();
$_SESSION['message'] = '';

//connection variables

$host = '127.0.0.1';
$user = 'root';
$password = 'MyPassword';
$database= 'test';
$port= '3306';

//create mysql connection
$mysqli = new mysqli($host, $user, $password,$database,$port);
if ($mysqli->connect_errno) {
    printf("Connection failed: %s\n", $mysqli->connect_error);
    die();
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $name = $mysqli->real_escape_string($_POST['name']);
    $email = $mysqli->real_escape_string($_POST['email']);
    if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name','$email')") == true) {
        $_SESSION['message'] = "registration succesfull! Added $name to the database";
    } else {
        $_SESSION['message'] = "User can't be added to the database";
    }
}
?>


    <!DOCTYPE html>
    <html>
        <center>
        <h1>Inputs</h1>
        <form class="form" action="welcome.php" method="post" autocomplete="off">
            <div class="alert alert-error"><?= $_SESSION['message'] ?></div>
     <input type="text" name="name" placeholder="Insert your name" /> <br>
     <input type="email" name="email" placeholder="Insert your email"/><br>
     <input type="submit" name="submit" placeholder="Submit"/>
        </form>
        </center>
    </html>

This is the database: [Table structure] [ enter image description here ]1 [Database info]

You didn't pass your database name, you can pass it like this: $mysqli = new mysqli($host, $user, $password, $db); after defining your database name in variable $db — Hesham AbuSaif, Sep 19 '18 at 08:49
Could you please include all relevant information in the question itself, rather than linking to images on another site? — Roland Weber, Sep 19 '18 at 09:11
@Roland Weber, he can't he isn't a high enough rank. -Andrea - You're not connecting to your database, you need the name of it in your mysqli object parameter. See Hesham's comment for more. — NoOne, Sep 19 '18 at 11:16
@c-hunter Table structure can be described in text form, regardless of rank. — Roland Weber, Sep 19 '18 at 12:38
@RolandWeber Regardless, stackoverflow has the feature to link images, so it's obviously the OPs choice, it actually makes it very easy to follow. If you don't like it there's a edit button under his comment, just click that and make it the way you like it :) — NoOne, Sep 19 '18 at 12:46
@HeshamAbuSaif I added the db and port but it still not working — Andrea Ferrario, Sep 19 '18 at 16:02

score 0 · Answer 1 · answered Sep 19 '18 at 08:54

Please use preapared statements and bind parameters instead: http://php.net/manual/en/mysqli-stmt.bind-param.php

You can also debug your mysql server response with error_list:

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $stmt = $mysqli->prepare("INSERT INTO `contatti` (`name`, `email`) VALUES (?,?)");
    $stmt->bind_param('ss', $name, $email);
    if ($stmt->execute()) {
        /* ... */
    }
    else {
        $errors = $stmt->error_list;
        /* ... */
    }
}

Ayak973 · Answer 2 · 2018-09-20T07:54:27.270

0

You should use prepared statements for MYSQL and PHP, if possible, at least to protect yourself from SQL injection (SO Ref).

That said, when you read this line :

if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ($name,$email)") == true)

You are concatening strings into your SQL query without quotes, and the query string look like (with $name = 'test', $email = 'test@test' :

INSERT INTO 'contatti' ('name', 'email') VALUES (test,test@test) : incorrect syntax

You must escape strings on SQL :

if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name', '$email' )") == true)

The resulting query should look like : INSERT INTO 'contatti' ('name', 'email') VALUES ('test','test@test')

Edit : please note that the table (contatti) and the fields name (name, email) are supposed to be surrounded by backticks, not single quotes (I cannot escape backticks in a quote), and variables $name and $email by single quotes

edited Sep 20 '18 at 07:54

answered Sep 19 '18 at 09:48

Ayak973

468
1
6
23

I changed the query and it still not working. I updated the script – Andrea Ferrario Sep 19 '18 at 16:02
In addition, make sure that your primary key in phpMyAdmin (the "id" field) has the default attribute set to "Default", not "None", otherwise you have to provide the "id" value yourself... – Ayak973 Sep 20 '18 at 06:39
there isn't the Default attribute – Andrea Ferrario Sep 20 '18 at 08:11

score -1 · Accepted Answer · answered Sep 20 '18 at 07:36

-1

You have a syntax error in your query, try to change the INSERT query inside the if condition here:

 if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name','$email')") == true) {
        $_SESSION['message'] = "registration succesfull! Added $name to the database";
    } else {
        $_SESSION['message'] = "User can't be added to the database";
    }

To be like this:

  if ($mysqli->query("INSERT INTO contatti (name, email) 
             VALUES('$name', '$email')") == true) {
        $_SESSION['message'] = "registration succesfull! Added $name to the database";
    } else {
        $_SESSION['message'] = "User can't be added to the database";
    }

answered Sep 20 '18 at 07:36

Hesham AbuSaif

84
4

@AndreaFerrario can you tell me what is the error showing ? – Hesham AbuSaif Sep 20 '18 at 09:15
Thank you! Now it's working I wrote form the beginning the script with the correct syntax and now it's working! – Andrea Ferrario Sep 20 '18 at 09:24
@AndreaFerrario glad to help – Hesham AbuSaif Sep 20 '18 at 09:35
You should not use variables directly in queries. This is the rule. – Ostin Oct 03 '18 at 10:28
@Ostin The answer is just for the question been asked for the problem in the insertion, because of the syntax error. – Hesham AbuSaif Oct 03 '18 at 11:33

My PhP script doesn't write on my MySql database

3 Answers3