-1

I made a simple form with two variables which should be sent to database after SUBMITing them. However even thought there is no bug reports, the database is still empty after submit. Where Can I look for mistake?

I already tried multiple ' or " or '", none of these worked. I can with no problem SELECT data from fdatabase so the connection is established.


        $total = $_POST['kwota'];
        $way = $_POST['sposob'];
        echo $total . "<BR>" . $way;

        $sql = "INSERT INTO payments (Total, Way) VALUES ('$kwota', '$sposob');";

        mysqli_query($conn, $sql);

        header("Location: ../index.php?Payment=success");

<form action="includes/Platnosc.inc.php" method="POST">
    <input type="text" name="kwota" placeholder="kwota"><br>
    <input type="text" name="sposob" placeholder="sposób"><br>
    <button type="submit" name="submit">Dodaj płatność</button>
</form>
AdrianIT
  • 47
  • 7

1 Answers1

0

You are inserting $_POST array indexes as php variables. Change your query to this

$sql = "INSERT INTO payments (Total, Way) VALUES ('$total', '$way')";

However, I suggest you to use prepared statements to prevent from sql injections

Zain Farooq
  • 2,956
  • 3
  • 20
  • 42
  • Oh my... such a stupid mistake. Thanks a lot! I wasted like half an hour before writing the question, but didn't think of it... Damn... – AdrianIT May 17 '19 at 11:30
  • Also I know that Prepared STatements are better. But first I have to learn how the heck does PHP work. It's my 2nd day of using it hahah – AdrianIT May 17 '19 at 11:32
  • Can you give me a clue how to enable it? I use VS Code and WAMP if that changes something. I work on localhost – AdrianIT May 17 '19 at 11:47