Insert data into 2 seperate mySQL tables

Question

Below is a simplified version of what i am trying to do. Essentially i have 2 registration forms and the content of each form is to be written to a different table. When i load the form i get many errors undefined index on line xx and i still get the errors on this example with line 75 and 84, i think the errors are down to some of the fields being "required" but that page hasnt loaded as its floated away using some JS. ... Please help!

<?php
ob_start(); //Turns on output buffering
session_start(); //This starts a session variable where it store the input so the user doesnt have to start over if they get an error
$con = mysqli_connect("localhost","root","","test-sql"); //connection variables
  
  $timezone = date_default_timezone_set("Europe/London");
  
   if(mysqli_connect_errno()){
        echo "failed to connect:" . mysqli_connect_errno();
    }
?>

<html>
    <head>
            <! here we add the links and the jquery>
    <title>Register Project</title>
    </head>
    <body>
        
        <div id="first">
                    <form action="test-sql.php" method="POST">
                        <input type="text" name="Inf_fname" placeholder="First Name" required>
                        <br>
                        <input type="text" name="Inf_lname" placeholder="Last Name" required>
                        </form>
                    </div>
        
        <div id="second">
                
                    <form action="test-sql.php" method="POST">
                        
                       <br>
                    <input type="text" name="Cust_fname" placeholder="First Name" required>
                    <br>
                                               
                    <input type="text" name="Cust_lname" placeholder="Last Name" required>
                    <br>
    
                    <input type="submit" name="register_button" value="Register">
                        
                       </form>
                    </div>
    </body>
    
</html>

<?php

$inf_fname = "";
$cust_fname = "";
$inf_lname = "";
$cust_lname = "";

if(isset($_POST['register_button'])) {
    
    $inf_fname = strip_tags($_POST['Inf_fname']);
    $inf_fname = str_replace(' ', '', $inf_fname);
    $_SESSION['Inf_fname'] = $inf_fname;
    
    $cust_fname = strip_tags($_POST['Cust_fname']);
    $cust_fname = str_replace(' ', '', $cust_fname);
    $_SESSION['Cust_fname'] = $cust_fname;
    
    $inf_lname = strip_tags($_POST['Inf_lname']);
    $inf_lname = str_replace(' ', '', $inf_lname);
    $_SESSION['Inf_lname'] = $inf_lname;
    
    $cust_lname = strip_tags($_POST['Cust_lname']);
    $cust_lname = str_replace(' ', '', $cust_lname);
    $_SESSION['Cust_lname'] = $cust_lname;
    
    $query = mysqli_query($con, "INSERT INTO inf VALUES('', '$inf_fname', '$inf_lname')");
    $query = mysqli_query($con, "INSERT INTO customer VALUES('', '$cust_fname', '$cust_lname')");
    
}
?>

Why are you doing it with 2 separate forms? Only one of them can be submitted at a time. So if they submit the first form, you can't access the inputs from the second form, and vice versa. — Barmar, Aug 10 '20 at 20:33
It is 2 forms because there are 2 types of members, therefor the registration forms require different information about the members. There is some JS to take make the right form appear based on which form they select. — richb, Aug 10 '20 at 20:37
**Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Aug 10 '20 at 23:35

Barmar · Accepted Answer · 2020-08-10T21:22:32.573

Since you're only submitting one format a time, you can't insert into both tables. You need to check which form was submitted, and insert into the corresponding table. Each form needs a submit button with a different name or value, so you can tell which one was used in PHP.

You also should use prepared statements rather than substituting variables into SQL, to protect against SQL injection. I've shown how to do this.

<?php
ob_start(); //Turns on output buffering
session_start(); //This starts a session variable where it store the input so the user doesnt have to start over if they get an error
$con = mysqli_connect("localhost","root","","test-sql"); //connection variables
  
$timezone = date_default_timezone_set("Europe/London");
  
if(mysqli_connect_errno()){
    echo "failed to connect:" . mysqli_connect_errno();
}
?>

<html>
<head>
<! here we add the links and the jquery>
<title>Register Project</title>
</head>
<body>
        
<div id="first">
    <form action="test-sql.php" method="POST">
    <input type="text" name="Inf_fname" placeholder="First Name" required>
    <br>
    <input type="text" name="Inf_lname" placeholder="Last Name" required>
    <input type="submit" name="inf_submit" value="Register">
    </form>
</div>

<div id="second">
                
    <form action="test-sql.php" method="POST">
                        
    <br>
    <input type="text" name="Cust_fname" placeholder="First Name" required>
    <br>
                                               
    <input type="text" name="Cust_lname" placeholder="Last Name" required>
    <br>
    
    <input type="submit" name="cust_submit" value="Register">
                        
    </form>
</div>
</body>

</html>

 <?php

 $inf_fname = "";
 $cust_fname = "";
 $inf_lname = "";
 $cust_lname = "";

 if(isset($_POST['inf_submit'])) {

     $inf_fname = strip_tags($_POST['Inf_fname']);
     $inf_fname = str_replace(' ', '', $inf_fname);
     $_SESSION['Inf_fname'] = $inf_fname;
     $inf_lname = strip_tags($_POST['Inf_lname']);
     $inf_lname = str_replace(' ', '', $inf_lname);
     $_SESSION['Inf_lname'] = $inf_lname;

     $stmt = mysqli_prepare($con, "INSERT INTO inf VALUES (?, ?)");
     mysqli_stmt_bind_param($stmt, "ss", $inf_fname, $inf_lname);
     mysqli_stmt_execute($stmt);
 } elseif (isset($_POST['cust_submit'])) {

     $cust_fname = strip_tags($_POST['Cust_fname']);
     $cust_fname = str_replace(' ', '', $cust_fname);
     $_SESSION['Cust_fname'] = $cust_fname;
     $cust_lname = strip_tags($_POST['Cust_lname']);
     $cust_lname = str_replace(' ', '', $cust_lname);
     $_SESSION['Cust_lname'] = $cust_lname;

     $stmt = mysqli_prepare($con, "INSERT INTO customer VALUES (?, ?)");
     mysqli_stmt_bind_param($stmt, "ss", $cust_fname, $cust_lname);
     mysqli_stmt_execute($stmt);
 }
 ?>

Thank you for your quick reply Barmar.. That doesnt seem to be entering anything to the DB (even with the typo on the inf_submit fixed) its probably something simple but no errors so i'll go through it some more — richb, Aug 10 '20 at 21:10

Insert data into 2 seperate mySQL tables

1 Answers1