0

I'm just trying to store the integer (with id as id) that is entered by the user through html form, in database of phpmyadmin using php and mysql . I'm new to mysql and php. I'm sure that something wrong with the database connection code of php only or mysql queries. Database name is testdb and the table name is testdbtable. My code is below.

<?php


if (isset($_POST['id'])) { 
         $integ = $_POST['id']; 
    } 

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "testdb";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO testdbtable (id)
VALUES ('$integ')";

$conn->close();
 ?>


<!DOCTYPE html>
<html>
  <head>
    <title>SAMPLE TEST2</title>
  </head>
  <body>
    <form  method="post">
    <label >Enter your integer:</label>

    <input type="number" id="id" name="id">

    <br>
    <br>
    <button type="submit">Submit</button>
</form>
Dharman
  • 30,962
  • 25
  • 85
  • 135
JagadeeshRelli
  • 25
  • 5
  • 1
    You never run the `$sql` query? You created the `$sql` INSERT string, but that does nothing with doing `$conn->query($sql);` Also, the closing `}` to the `if` check on `$_POST['id']` should be moved after the `$conn->close();`. ... and beware that using the variable in that manner leaves you open to sql injection. After you get it working, look into using prepared queries as soon as you can. Will save you grief in the long run. – Paul T. Jul 11 '20 at 03:07
  • Your `
    ` element doesn't have `action` attribute. `
    `
     – user3647971 Jul 11 '20 at 03:13
  • @PaulT. thank you so much – JagadeeshRelli Jul 11 '20 at 03:18
  • @user3647971 i think no use of action attribute, because the whole code is stored in php file along with html code at bottom – JagadeeshRelli Jul 11 '20 at 03:19
  • @user158302 Yeah, maybe not in this case but it's good practice. [Here](https://stackoverflow.com/questions/2314401/what-is-the-default-form-http-method) some useful information about forms. – user3647971 Jul 11 '20 at 03:21
  • Please read https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement – Dharman Jul 11 '20 at 10:45

2 Answers2

3

You're defining the query but never run it. Try this:

$sql = "INSERT INTO testdbtable (id) VALUES ('$integ')";
$conn->query($sql);

As Paul T. said, move the } to the end of the script. Otherwise, even if condition is false, You will just prevent definig $integ, but still running all the rest of the code. Also, user Prepared Statements to make it more secure.

if (isset($_POST['id'])) { 
    $integ = $_POST['id']; 

    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "testdb";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);

    // Use prepared statements to make it more secure
    $sql = "INSERT INTO testdbtable (id) VALUES (?)";

    // Prepare statement and bind params
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("i", $integ);

    // Execute statement
    $stmt->execute();

    $conn->close();
}

Take a look at Should we ever check for mysqli_connect() errors manually? as @Dharman commented to stop manually error checking.

Daniel Guzman
  • 588
  • 2
  • 8
0

Before

$conn->close();

you need to run

$conn->query($sql);

This will actually execute the query.

But this is not the end of the story. You have other issues:

  1. Your code is vulnerable to SQL injection attack. Consider changing the line:

    $integ = $_POST['id'];

    to

    $integ = (int)$_POST['id'];

    or (better!) learn how to work with prepared statements.

  2. The query will still be invalid. I bet that the datatype of the column "id" in the "testdbtable" is INT and therefore you should not put quotes around its value. So the $sql variable should be:

    $sql = "INSERT INTO testdbtable (id) VALUES ($integ)";

  3. And one more thing - move all query-related code inside the if statement. You should not execute the query if the POST variable is not set.

  4. Your <form> tag has no "action" attribute. You should include it so it do an actual post...

Philip Petrov
  • 975
  • 4
  • 8