0

I want to send user entered form data to mysql via php using get.

  <form  action="formtosql.php" method="get">
  <div class="row">
  <div class="form-group col-md-4">
    <label for="001">Student name:</label>
    <input type="text" class="form-control" id="001" name="sname">
  </div>
  </div>
  
<div class="row">
<div class="form-group col-md-4">
    <label for="002">Status:</label>
    <input type="text" class="form-control" id="002" name="sstatus">
  </div>
</div>
 

  <button type="submit" class="btn btn-primary">Submit</button>
 
</form>

php code looks like this:

 <?php
    if ($_SERVER['REQUEST_METHOD'] == 'GET'){
        $name = $_GET['sname'];
        $stat = $_GET['sstatus'];
        
        
      
      // Connecting to the Database
      $servername = "localhost";
      $username = "root";
      $password = "";
      $database = "exam";

      // Create a connection
      $conn = mysqli_connect($servername, $username, $password, $database);
      // Die if connection was not successful
      if (!$conn){
          die("Sorry we failed to connect: ". mysqli_connect_error());
      }
      else{ 
       
        $sql = "INSERT INTO `estatus` (`name`, `status`, `date`) VALUES ('$name', '$stat', current_timestamp())";
        $result = mysqli_query($conn, $sql);

    
?>

In php im getting an error while using get:

Notice: Undefined index: sname in C:\xampp\htdocs\helloworld\formtosql.php
Notice: Undefined index: sstatus in C:\xampp\htdocs\helloworld\formtosql.php

This error does not occur if I am using Post.

Dharman
  • 30,962
  • 25
  • 85
  • 135
ayvahb
  • 11
  • 3
  • 3
    If you're inserting the data into a table, you should be using "POST", not "GET" as you're "posting" to the database, not "getting" from it. As that works for you, why try to switch to "GET"? You also need to look into prepared statements rather than just concatenating strings into the query. Also, if the date is always the current timestamp, set that as a default in your table definition and leave it out of the query altogether. – droopsnoot Sep 25 '20 at 10:46
  • I have seen few posts where GET() was used to send or print data. So it was a bit confusing as I am just a beginner :( – ayvahb Sep 25 '20 at 10:51
  • I don't get it why you want use the GET method rather than POST because the POST method is safer than GET for sending data to server. – Rabby Sep 25 '20 at 10:52
  • I just wanted to know the reason behind this error while using GET – ayvahb Sep 25 '20 at 10:52
  • 1
    **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Sep 25 '20 at 11:02

1 Answers1

2

I am assuming that you have both the generation of the form, and the processing of the submitted value, in the same script here?

This error does not occur if I am using Post.

You checked the REQUEST_METHOD to determine if you are dealing with the case, that the form was submitted.

When you use method="post" on your form, you can do that - the initial request that loaded the page containing the form was used making the GET method, submitting it will use POST - so these two cases can be distinguished between using that method.

But if you use method="get", then both requests - the one used to initialy load the page, and the one used to submit the form data - are of the same method, and therefor you can not use that any more, to differentiate between the two cases.

If you give your submit button a name, then you could check (using isset/empty), whether the corresponding parameter exists - and use that to determine, which of the two cases you are dealing with.

But as already mentioned in comments - for requests that create data on the server side, you should generally use POST, not GET. Under When do you use POST and when do you use GET? you can find a more in-depth explanation of that.

04FS
  • 5,660
  • 2
  • 10
  • 21
  • Oh good point, I never thought of that. So the messages are not from when the form was submitted, they are from when it was drawn prior to submission. – droopsnoot Sep 25 '20 at 13:14