-1

I have a question about PHP, I am new at it, and would try something.

I have a Contact form the should submit data into my Database.

This is the PHP Content

<?php

if(isset($_POST['addEntry'])){
        $fname  = $_POST['sirname'];
        $lname  = $_POST['lastname'];
        $email  = $_POST['email'];
        $amount = $_POST['amount'];
        $period = $_POST['period'];

        $sqlInsert = "INSERT INTO testBase (sirname, lastname, email, amount, period) VALUES ('$fname', '$lname', '$email', '$amount', '$period');";
        $pdo->query($sqlInsert);

        var_dump('Test');
    }
    else {
        echo '<p style="color: white;"> Error !? Show Mee </p>';
    }

?>

This is the HTML Document : 

<form action="index.php?id=test" method="POST" style="display: flex;">
    <input id="boxInput" class="editBoxInput" placeholder="Vorname" name="sirname" autocomplete="off" />
    <input id="boxInput1" class="editBoxInput" placeholder="Nachname" name="lastname" autocomplete="off" />
    <input id="boxInput2" class="editBoxInput" placeholder="Email" name="email" autocomplete="off" />
    <input id="boxInput3" class="editBoxInput" placeholder="Betrag €" name="amount" autocomplete="off" />
    <input id="boxInput4" class="editBoxInput" placeholder="Bezahlperiode" name="period" autocomplete="off" />
    <button class="addButton" type="submit" name="addEntry"> Einfügen </button>
    <button onclick="deleteContentEntrys()" class="addButton" type="submit" name="clearEntry" style="margin-left: 15px;"> Löschen </button>
</form>

The Error Message in the PHP Code is showing all the Time! ( echo ' Error !? Show Mee

'; ) <-- This showing up all time in the Document.

All code is in the same file. The PHP code is above the HTML Form

Crownii
  • 1
  • 2
  • 2
    What error message? – fonini Sep 26 '19 at 17:08
  • 2
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Sep 26 '19 at 17:09
  • i have addet the Post. The message what i wrote : Error !? Show Mee that is showing all the time. When i press submit then i don´t change anything. – Crownii Sep 26 '19 at 17:28

1 Answers1

-2
  <?php

    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "bgvt_db";

   if(isset($_POST['addEntry'])){

    $fname  = $_POST['sirname'];
    $lname  = $_POST['lastname'];
    $email  = $_POST['email'];
    $amount = $_POST['amount'];
    $period = $_POST['period'];


    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
   // set the PDO error mode to exception
   $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
   $sqlInsert = "INSERT INTO testBase (sirname, lastname, email, amount, period) VALUES ('$fname', '$lname', '$email', '$amount', '$period');";
  // use exec() because no results are returned
    $conn->exec($sqlInsert);


    var_dump('Test');
  }
 else {
     echo '<p style="color: white;"> Error !? Show Mee </p>';
 }

?>


 <form action="stack.php?id=test" method="POST" style="display: flex;">
 <input id="boxInput" class="editBoxInput" placeholder="Vorname" name="sirname" autocomplete="off" />
<input id="boxInput1" class="editBoxInput" placeholder="Nachname" name="lastname" autocomplete="off" />
<input id="boxInput2" class="editBoxInput" placeholder="Email" name="email" autocomplete="off" />
<input id="boxInput3" class="editBoxInput" placeholder="Betrag €" name="amount" autocomplete="off" />
<input id="boxInput4" class="editBoxInput" placeholder="Bezahlperiode" name="period" autocomplete="off" />
<button class="addButton" type="submit" name="addEntry"> Einfügen </button>
<button onclick="deleteContentEntrys()" class="addButton" type="submit" name="clearEntry" style="margin-left: 15px;"> Löschen </button>

Ravi Makwana
  • 375
  • 1
  • 4
  • 12