1

I'm trying to insert data from the form created into the SQL Server Database Table that is connected through ODBC. After I submit the data it shows up as a blank row with only the ID that has a value. I am very new to PHP and got parts of code from tutorials. This is just a test project. Here's the code:

<html>
<header>
<title>

</title>

</header>
<body>
<form action="\INSERTCODE.php" method="POST">
    <input type= "number" step="any" name="sepal_lengp" placeholder="Sepal Length">
    <input type= "number" step="any" name="sepal_widthp" placeholder="Sepal Width">
    <input type= "number" step="any" name="petal_lengp" placeholder="Petal Length">
    <input type= "number" step="any" name="petal_widthp" placeholder="Petal Width">
    <input type= "text" name="flower_type" placeholder="Flower Name">
    <button type="submit" name="submit" >INPUT VALUES</button>
</form>
<?php
    //display all results from table
    include("C:\Users\Dshop\Desktop\php-7.3.3\Server1\connection.php");
    $i=1;
    $sql = "SELECT * FROM dbo.textcsv";
    $result = odbc_exec( $connection, $sql );
    while($all =odbc_result_all($result,$i) ){
        echo $all;


}


?>

</body>
</html>

This part includes the form. The filename is index1.php.

<?php

include("C:\Users\Dshop\Desktop\php-7.3.3\Server1\connection.php");

$sepal_lengp = $_POST['sepal_lengp']??'';
$sepal_widthp = $_POST['sepal_widthp']??'';
$petal_lengp = $_POST['petal_lengp']??'';
$petal_widthp = $_POST['petal_widthp']??'';
$flower_typep = $_POST['flower_typep']??'';



$dbinsert = "INSERT INTO dbo.textcsv (sepal_leng, sepal_width, petal_leng, petal_width, flower_type) VALUES ('$sepal_lengp', '$sepal_widthp', '$petal_lengp', '$petal_widthp', '$flower_typep');";

odbc_exec( $connection, $dbinsert ); 

HEADER("Location: ../index1.php?=success");

This part inserts data into the database table, using $_POST to obtain the data from index1.php. This file is called INSERTCODE.php. $connection and connection.php is the file that includes the connection to ODBC.

What it looks like in the SQL Server Management Studio

For this test project I used the Iris dataset. I believe that I had to use ODBC and SQL Server instead of mysql. Sql server is the 2014 version, PHP is 7.33, using node.js to run the server. Help is greatly appreciated!

EDIT I found out that the $_POST isn't getting any values from the form. Any ideas?

EDIT 2 I've tried using $_REQUEST, checking var_dump, and did all that stuff, but I still got nothing. After going to https://www.w3schools.com/php7/php7_forms.asp for an example form, I found out that the example did not work either. Now i'm not sure if the problem is from the code, or from something like the php configuration. Need help, please help.

Heizen
  • 13
  • 5
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 22 '19 at 14:38
  • not sure if the type=number and step=any is really working on any webbrowser..and how it handle float numbers.... what does the $sepal_lengp contains before it gets into database? var_dump($sepal_lengp) – Christian Felix Mar 22 '19 at 14:46
  • @ChristianFelix https://imgur.com/a/wd9QPoI when i remove step from the code this happens. $sepal_lengp should just be the user input from the form. Edit: Not sure about the var_dump part, do you want me to echo what it returns?echo var_dump($sepal_lengp); gives string(0) "". I'm kinda new. – Heizen Mar 22 '19 at 14:53
  • then your problem is related to your values posted via formular. you posting the data to INSERTCODE.php.... are you really getting in this file? when yes, var_dump($_POST) data and check whether the values are really available – Christian Felix Mar 22 '19 at 15:11
  • @ChristianFelix I just checked and found out that INSERTCODE.php didn't get any value from the form, any ideas? – Heizen Mar 22 '19 at 22:33
  • Possible duplicate of [Undefined Index Error & No Output From POST/GET](https://stackoverflow.com/questions/55357245/undefined-index-error-no-output-from-post-get) – Heizen Mar 29 '19 at 14:29

2 Answers2

0

you're treating your variables as strings, by th look of your database you want them as floats. Try using floatval( ) (http://php.net/manual/en/function.floatval.php) on your variables to make sure they are in the write format, this will also go some way to sanitising them until you update this to prepare statements so you can safely bind the values and specify the type

imposterSyndrome
  • 896
  • 1
  • 7
  • 18
  • I used floatval() over the $_POST(ex. $sepal_lengp = floatval($_POST['sepal_lengp']??'');) when I run the form now it looks like this https://imgur.com/a/a0g23c0 Im going to check if the form gets any data at all now. – Heizen Mar 22 '19 at 22:19
0

After rephrasing my issue to "node.js not taking post data" I found the issue. Node.js needs extra steps to process POST data. So, because of this, my input was ignored by node.js and the INSERTDATA.php ran without any data to insert anything. Turns out the solution of the problem was to use something like the body-parser or the other solution from another question.

The solution I took was to uninstall node.js and use XAMPP instead. It was much easier to use.

Also could someone flag my question for duplicate?

Heizen
  • 13
  • 5