-1

I tried to create a form which will send an email and add data to MySQL data base. For email part because I work on localhost I used formsubmit. All good but there is a conflict. When I press on send only the email is send without any data added to my database. If I delete the action attribute from form data will be added but in this case I can't send any emails. Here is my file:

<?php

require 'config.php';

if(!empty($_SESSION["id"]))
{
    $id= $_SESSION["id"];
    $result = mysqli_query($conn,"SELECT * FROM tb_user WHERE id= $id");
    $row = mysqli_fetch_assoc($result);
}
else
{
    header("Location: login.php");
    
}

if(isset($_POST["submit"]))
{
    $name = $_POST['name'];
    $email = $_POST['email'];
    $cui = $_POST['cui'];
    $tip = $_POST['tip'];
    $adresa = $_POST['adresa'];
    $query = "INSERT INTO beneficiari VALUES('','$email','$name','$cui','$tip','$adresa')";
    mysqli_query($conn,$query);

}

?>



<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Beneficiari </title>
    <link rel="stylesheet" href="indexCSS.css">
    <link rel="stylesheet" type="text/css" href="beneficiariCSS.css">
</head>
<body>
    <div class="topnav">
            <a href="#">Welcome <?php echo $row["name"]; ?></a>
            <a href="logout.php">Logout</a>
            <a class="active" href="index.php">Home</a> 
            <a href="anunt.php">Anunturi</a>
            <a href="view.php">Viz</a>
            <a href="beneficiari.php">Registration</a>
        </div>


    <div class="container">
        <form action="https://formsubmit.co/0e6b51872b4393271dbfa08bb0655fc8" method="POST">
            <h3>Inregistrare</h3>
            <input type="text" name="name" id="name" placeholder="Denumire institutie" required>
            <input type="email" name="email" id="email" placeholder="Enter an valid email" required>
            <input type="text" name="cui" id="cui" placeholder="CUI" required>
            <input type="text" name="tip" id="tip" placeholder="Tipul institutie" required>
            <input type="text" name="adresa" id="adresa" placeholder="Adresa" required>
            <button type="submit" name="submit">Send</button>
            
        </form>
    </div>

</body>
</html>
desertnaut
  • 57,590
  • 26
  • 140
  • 166
DariusMan
  • 31
  • 7
  • 1
    I think you have misunderstood php. When you submit the form, request will directly go to the formsubmit.co. It won't run your php submit code in this file – George Raveen Mar 20 '22 at 10:38
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Mar 20 '22 at 12:39

1 Answers1

0

You can remove the action from form, and add it after the SQL query, within the if statement as header, like so:

if(isset($_POST["submit"]))
{
    $name = $_POST['name'];
    $email = $_POST['email'];
    $cui = $_POST['cui'];
    $tip = $_POST['tip'];
    $adresa = $_POST['adresa'];
    $query = "INSERT INTO beneficiari VALUES('','$email','$name','$cui','$tip','$adresa')";
    mysqli_query($conn,$query);
    header('location: https://formsubmit.co/0e6b51872b4393271dbfa08bb0655fc8');
}

I believe this will work. But whatever you do make sure you check the input!! The way you are handling your input right now is very dangerous, and allows users to inject you with SQLs (read up on SQL injections and protection)

tola
  • 152
  • 1
  • 7
  • For now I only use this for a personal project and it will never be hosted online. This way don't work, I only get the data in my database using this. – DariusMan Mar 20 '22 at 11:01
  • @DariusMan ok, I've edited it to have a cleaner redirect usage. – tola Mar 20 '22 at 11:49
  • 1
    wait, do you need the post data to be sent to the formsubmit.co URL as well? – tola Mar 20 '22 at 11:50
  • 1
    this approach is fine. After the sql query execution, need to send the post request in the following way. https://stackoverflow.com/questions/5647461/how-do-i-send-a-post-request-with-php – George Raveen Mar 21 '22 at 09:07
  • Yes, I want to send data from form to fromsbumit.co to get it on my email aswell. @tola – DariusMan Mar 22 '22 at 08:30