-5
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Ping pong</title>
</head>
<body>
    <center>
        <form action = "proage.php" method = "POST">
        <h3>Qué estilo de juego tienes</h3>
        <img src="https://i.ytimg.com/vi/7GxYqIyyeW4/hqdefault.jpg">
        <br>
        <label>Ofensivo</label>
        <br>
        <input value="ofensivo" name = "EstiloDeJuego_1" type="radio">
        <br>
        <a style = "text-decoration: none;" href="index.php">1</a>
        <a style = "text-decoration: none;" href = "index2.php">2</a>
        <br>
        <button name = "btn" type="submit">Enviar</button>
    </form>
    </center>
</body>
</html>

<?php
$sname= "localhost";

$unmae= "root";

$password = "";

$db_name = "pingpong";

$conexion = mysqli_connect($sname, $unmae, $password, $db_name) or die('No se ha conectado a la base datos correctamente');
if (isset($_POST['submit'])){
        $ofensivo = $_POST['EstiloDeJuego_1'];
        $sqlQuery = "INSERT INTO estilodejuego VALUES ($ofensivo)";
        
        if(mysqli_query($conn,$sqlQuery)){
                echo 'Dato guardado correctamente';
        }
        
}
?>

Data is not inserting in the database. It's compiling, but not running. I just want to get to insert data in database. The database has 2 attributes: Id (Primary Key) Estilo

I'll be very grateful, if you answer me.

Thanks for all, you helped me since i had 15 years.

Barmar
  • 741,623
  • 53
  • 500
  • 612
finnend
  • 1
  • 2
  • 1
    You need quotes around `$ofensivo` since the value is a string. But you should use a prepared statement with parameters rather than substituting variables into the SQL. – Barmar Nov 01 '22 at 01:28
  • 1
    Also, it makes no sense to have just one radio button. Radio buttons are supposed to be in groups that the user chooses from. A single radio button should be a checkbox. – Barmar Nov 01 '22 at 01:28
  • 1
    `$_POST['submit']` should be `$_POST['btn']` because the submit button has `name="btn"` – Barmar Nov 01 '22 at 01:29
  • `$conexion` is NOT the same as `$conn` – Ken Lee Nov 01 '22 at 01:57
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Nov 01 '22 at 10:17

1 Answers1

1
  1. Please use parameterized prepared statement in your insert query
  2. You should match your HTML submission form button name with the one in PHP (so let's use btn for both)

So, change the following block of your PHP from

<?php

$conexion = mysqli_connect($sname, $unmae, $password, $db_name) or die('No se ha conectado a la base datos correctamente');
if (isset($_POST['submit'])){
        $ofensivo = $_POST['EstiloDeJuego_1'];
        $sqlQuery = "INSERT INTO estilodejuego VALUES ($ofensivo)";
        
     if(mysqli_query($conn,$sqlQuery)){
              echo 'Dato guardado correctamente';
     }        
}
?>

to

<?php  

$mysqli = new mysqli($sname, $uname, $password, $db_name);

if (isset($_POST['btn'])){
  $ofensivo = $_POST['EstiloDeJuego_1'];

  $stmt = $mysqli->prepare("INSERT INTO estilodejuego VALUES (?)");
  bind_param("s", $ofensivo); 
  $stmt->execute();

  echo 'Dato guardado correctamente';
}
?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
Ken Lee
  • 6,985
  • 3
  • 10
  • 29