Attempting to Submit HTML Form to Database Has Blank Output

Question

I am new to PHP and web development, and trying to create an HTML form that will submit data into MYSQL.

Upon checking phpmyadmin after submission of the form, it shows that there has been a row submitted, however the row is completely blank. I had a problem before this one, that instead of a blank row, it would be "1" submitting instead of the data inserted into the HTML form. Now, no data submits into the database.

Here is the PHP:

<?php
Include("connection.php");

// HTML Identification
$lname = isset($_POST['lastname']);
$fname = isset($_POST['firstname']);
$email = isset($_POST['email']);
$phone = isset($_POST['phonenum']);
$addr = isset($_POST['address']);
$city = isset($_POST['city']);
$state = isset($_POST['state']);
$zip = isset($_POST['zipcode']);

//Database Insertion

$sql= "INSERT INTO CustomerInfo (LastName, FirstName, Email, PhoneNum, Address, City, State, ZipCode)
VALUES ('$lname', '$fname', '$email', '$phone', '$addr', '$city', '$state', '$zip')";

// Insertion
$ds= mysqli_query($conn, $sql);

// - Insertion Confirmation

if($ds)
{
print 'Row Inserted!';
print ' Response Recorded!';
}

?>

The HTML Form:

!DOCTYPE html>
<html>
<head>
        <title> GS Entry Form </title>
        <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/water.css@2/out/water.css" </link>
<style>
h1 {text-align: center;}
h2 {text-align: center;}
</style>
</head>

<body>

        <h1>Customer Entry Form</h1>

        <h2>Please Input Contact Information</h2>

        <form action="database.php" method="POST">
                First Name:<br />
                <input type="text" name="firstname" />

                <br /><br />

                Last Name:<br />
                <input type="text" name="lastname" />

                <br /><br />

                Email:<br />
                <input type="text" name="email" />

                <br /><br />

                Phone Number:<br />
                <input type="text" name="phonenum"/>

                <br /><br />

                Address:<br />
                <input type="text" name="address"/>

                <br /><br />

                City:<br />
                <input type="text" name="city"/>

                <br /><br />

                State:<br />
                <input type="text" name="state"/>

                <br /><br />

                Zip Code:<br />

                <input type="text" name="zipcode"/>

                <br /><br />

                <button type="button" name= "submit" value= "submit" />

        </form>
</body>
</html>

Here, also, is the connection.php referenced:

<?php
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";

// Create Connection
$conn= mysqli_connect("$servername:3306","$username","$password","$dbname");

// Check Connection
if ($conn->connect_error)
{
        die("Connection failed: " .$conn->connect_error);
}

        else echo "Connection successful! "
?>

I don't think it has anything to do with the connection, but I figured I would post it to cover all the bases. The attached imgur picture is what my database has been looking like after submissions have been made.

I truly am not sure what to do now, any help would be greatly appreciated.

Thank you! -G

EDIT:

This is what my PHP code looks like after the changes suggested from @EinLinuus:

<?php
Include("connection.php");

// HTML Identification POST
if(isset($_POST['firstname'])) {
        $fname = $_POST['firstname'];
}else{

        die("Firstname is missing");
}
if(isset($_POST['lastname'])) {
        $lname = $_POST['lastname'];
}else{
        die("Lastname is missing");
}

if(isset($_POST['email'])) {
        $email = $_POST['email'];
}else{
        die("Email is missing");
}

if(isset($_POST['phone'])) {
        $phone = $_POST['phone'];
}else{
        die("Phone Number is missing");
}

if(isset($_POST['addr'])) {
        $addr = $_POST['addr'];
}else{
        die("Address is missing");
}

if(isset($_POST['city'])) {
        $city = $_POST['city'];
}else{
        die("City is missing");
}

if(isset($_POST['state'])) {
        $state = $_POST['state'];
}else{
        die("State is missing");
}

if(isset($_POST['zip'])) {
        $zip = $_POST['zip'];
}else{
        die("Zip Code is missing");
}

//Database Insertion
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$stmt= $conn->prepare("INSERT INTO CustomerInfo(FirstName, LastName, Email, PhoneNum, Address, City, State, ZipCode) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param('ssssssss', $fname, $lname, $email, $phone, $addr, $city, $state, $zip);
$stmt->execute();
// Insertion
$sql= mysqli_query($conn, $stmt);

// - Insertion Confirmation

if($ds)
{
print 'Row Inserted!';
print ' Response Recorded!';
}

$stmt->close();
$conn->close();
?>

My HTML remains the same, besides adding ID attributes to each variable to no effect. I appreciate the help!

It's also worth noting that this code is vulnerable to [SQL injection](https://stackoverflow.com/q/60174/328193). "Escaping" user input is the wrong approach. Whatever tutorial you're following, abandon it and find one that uses prepared statements with query parameters. You'll also want to [enable error reporting for mysqli](https://stackoverflow.com/q/22662488/328193) so you don't miss any errors from the database. — David, Jul 26 '22 at 18:46

score 0 · Accepted Answer · answered Jul 26 '22 at 20:04

0

The isset function returns if the variable is declared or not -> the return type is a boolean.

$test = [
    "hello" => "world"
];
var_dump(isset($test["hello"])); // bool(true)
var_dump(isset($test["something"])); // bool(false)

You can use isset to check if the field exists in the $_POST variable, but don't save the result of the isset function to the database. If you do so, the boolean will be converted to a number (true => 1, false => 0) and this number gets stored in the database.

Example:

if(isset($_POST['lastname'])) {
    die("lastnameis missing");
}
$lname = $_POST['lastname'];

Security

This code is vulnerable to SQL Injections. You should never trust user input. I'd recommend to use prepared statements here:

$stmt = $mysqli->prepare("INSERT INTO CustomerInfo (LastName, FirstName, ...) VALUES (?, ?, ...)");
$stmt->execute([$lname, $fname]);

In the SQL statement, replace the actual values with ?. Now you can execute the statement and pass the values to the execute function. In the example above, $lname will replace the first ?, $fname the second, ...

answered Jul 26 '22 at 20:04

EinLinuus

625
5
16

After taking what you've said into consideration I have further worked on the code, only to find that now I am being returned the error upon Submit: "Phone Number is missing". I believe this is related to the error I received relating to an undefined array of 'phone', 'addr', and 'zip'. It may be a problem related to the isset function still, but I'm not sure. I will edit my original post to show my code after the changes. I appreciate the help! – SpaceBroom Jul 27 '22 at 18:34
I think that's because your fields are named different than the fields you're using in PHP: the phone number field is named `phonenum` in your HTML (`name="phonenum"`), but in PHP you're trying to get `$_POST["phone"]`. Change this to `$_POST["phonenum"]` and it should work. Same for address and zip. – EinLinuus Jul 28 '22 at 15:13
1

Oh, jeez! That's what it was! Thanks for the help, I really appreciate it. I'm trying to get more acquainted with coding, and your guidance certainly bolsters it. – SpaceBroom Jul 28 '22 at 19:23

Attempting to Submit HTML Form to Database Has Blank Output

1 Answers1