-1

Hi I am facing some issues in the below code. Records are not getting inserted into the database. Could anyone please look into this code and help me out. I am using wamp server for doing it in my local machine. Records are not getting inserted when I opened PHPMyAdmin tool. 

<!DOCTYPE html>
<html>
<head>
    <title>New Album Creation</title>
    <link rel="stylesheet" href="style5.css">
</head>
<body>
<a href="welcome.php"><b> Go Back</b> </a>
<h1>Welcome to create New Album </h1>
<fieldset>
<legend>Create new album</legend>
<form action="createalbum.php" method="post">
    <table style="margin: 10px 10px 10px 10px;">
        <tr><td>Title</td>
            <td><input id="title" type="text" name="title"/></td><</tr>
        <tr><td>Album Name</td>
             <td><input id="albumname" type="text" name="albumname"/></td></tr>
        <tr><td>Artist</td>
           <td><input id="artist" type="text" name="artist"/></td></tr>
        <tr><td>Language</td>
          <td><input id="language" type="text" name="language"/></td></tr>
        <tr><td></td>
            <td colspan="2" align="center"><input type="submit" id="btnSubmit" name="Submit" value="Submit"/></td></tr>

    </table>


</form> 
</fieldset>
<?php

//require_once('process.php');


    if (isset($_POST["btnSubmit"]))
    {  
         $servername ="localhost";
         $username = "root";
         $password = "";
         $databasename="musicstoredb";

         $conn = new mysqli($servername,$username,$password,$databasename,"3308") or die("Connection Failed");
         echo "Connection granted";


         $title=$_REQUEST["title"];
         $album_name=$_REQUEST["albumname"];
         $artist =$_REQUEST["artist"];
         $language =$_REQUEST["language"]; 
         $query = "INSERT into album(Title,Album_Name,Artist,Language)values('$title','$album_name','$artist','$language')";
         $result=mysqli_query($conn,$query) or die ("Error in inserting records");
         if($result >0)
         {

           echo "Album created successfully";
           echo "<a href ='index.php'>Home</a>";


          }
     }



?>

</body>
</html>
amt1906
  • 75
  • 3
  • 10

2 Answers2

1

To avoid unpleasant surprises with your database you should take as much care as possible when dealing with user supplied data so using a prepared statement is the way to go. I hope the following will be of interest in this regard.

<!DOCTYPE html>
<html>
    <head>
        <title>New Album Creation</title>
        <link rel="stylesheet" href="style5.css"><!-- style5 or styles ? -->
    </head>
    <body>
        <a href="welcome.php"><b> Go Back</b> </a>
        <h1>Welcome to create New Album </h1>
        <fieldset>
            <legend>Create new album</legend>       
            <form method="post">
                <table style="margin:10px;">
                    <tr>
                        <td>Title</td>
                        <td><input type="text" name="title" /></td>
                    </tr>
                    <tr>
                        <td>Album Name</td>
                        <td><input type="text" name="albumname" /></td>
                    </tr>
                    <tr>
                        <td>Artist</td>
                        <td><input type="text" name="artist" /></td>
                    </tr>
                    <tr>
                        <td>Language</td>
                        <td><input type="text" name="language" /></td>
                    </tr>
                    <tr>
                        <td></td>
                        <td colspan="2" align="center"><input type="submit" /></td>
                    </tr>
                </table>
            </form> 
        </fieldset>
        <?php
            /*
                it is of no importance to the record insertion whether the button is in the POST array
                but it is vitally important that the fields referenced in the SQL are in this POST data.

                `isset` will take as many arguments as you wish and if multiple parameters are supplied 
                then isset() will return TRUE only if all of the parameters are set.
            */
            if ( isset( $_POST["title"], $_POST["albumname"], $_POST["artist"], $_POST["language"] ) ) {

                $servername ="localhost";
                $username = "root";
                $password = "";
                $databasename="musicstoredb";
                $port=3308; #unusual!

                $conn = new mysqli( $servername, $username, $password, $databasename, $port ) or die("Connection Failed");

                $status=false;

                $args=array(
                    'title'     =>  FILTER_SANITIZE_STRING,
                    'albumname' =>  FILTER_SANITIZE_STRING,
                    'artist'    =>  FILTER_SANITIZE_STRING,
                    'language'  =>  FILTER_SANITIZE_STRING
                );
                $_POST=filter_input_array( INPUT_POST, $args );
                extract( $_POST );

                $sql='insert into `album` (`title`,`album_name`,`artist`,`language`)values(?,?,?,?)';
                $stmt=$conn->prepare( $sql );

                if( $stmt ){
                    $stmt->bind_param('ssss',$title,$albumname,$artist,$language);
                    $stmt->execute();
                    $status=$stmt->affected_rows;
                }else{
                    echo 'Bad Foo! Unable to prepare SQL query';
                }


                if( $status ){
                   echo "
                   Album created successfully!
                   &nbsp;
                   <a href='index.php'>Home</a>";               
                }
            }
        ?>
    </body>
</html>
Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46
0

In php coding part:

Replace

if (isset($_POST["btnSubmit"]))

With

if (isset($_POST["Submit"]))

----And----

If HTML & PHP Code is in same file then

Replace

<form action="createalbum.php" method="post">

With

<form action="#" method="post">
Rakesh Hiray
  • 721
  • 3
  • 15