PHP: pasting values from a form in MySQL

Question

PHP: pasting values from a form in MySQL

I created a users table in mysql from the terminal, and I'm trying to create a simple task: paste the values from the form. This is my dbConfig file

 <?php $mysqli = new mysqli("localhost", "root", "pass", "testDB"); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } ?>

and this is my Index.php .

 <!doctype html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="description" content="$1"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" type="text/css" href="style.css"> <title>test</title> <?php include_once 'dbConfig.php'; ?> </head> <body> <?php if(isset($_POST['save'])){ $sql = "INSERT INTO users (username, password, email) VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')"; } ?> <form method="post"> <label id="first"> First name:</label><br/> <input type="text" name="username"><br/> <label id="first">Password</label><br/> <input type="password" name="password"><br/> <label id="first">Email</label><br/> <input type="text" name="email"><br/> <button type="submit" name="save">save</button> <button type="submit" name="get">get</button> </form> </body> </html>

After clicking the save button, nothing happens, the database is still empty. I tried echo'ing an INSERT request and accepts all the values from the form, as intended. After I try to check if this works from the terminal, I enter my sql try to return all the data from the user table, and I get an empty set.

+8

html php mysql

notrealme May 21 '16 at 21:03

source share

7 answers

There are two problems in the code.

No action found on the form.
You did not execute the mysqli_query () query

dbConfig.php

 <?php $conn=mysqli_connect("localhost","root","password","testDB"); if(!$conn) { die("Connection failed: " . mysqli_connect_error()); } ?>

index.php

  include('dbConfig.php'); <!Doctype html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="description" content="$1"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" type="text/css" href="style.css"> <title>test</title> </head> <body> <?php if(isset($_POST['save'])) { $sql = "INSERT INTO users (username, password, email) VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')"; $result = mysqli_query($conn,$sql); } ?> <form action="index.php" method="post"> <label id="first"> First name:</label><br/> <input type="text" name="username"><br/> <label id="first">Password</label><br/> <input type="password" name="password"><br/> <label id="first">Email</label><br/> <input type="text" name="email"><br/> <button type="submit" name="save">save</button> </form> </body> </html>

+4

Syed Muneeb Ul Hasan Sep 23 '16 at 7:04

source share

 <?php if(isset($_POST['save'])){ $sql = "INSERT INTO users (username, password, email) VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')"; } **mysql_query($sql) or die(mysql_error());** ?>

0

Dharmesh rakholia May 31 '16 at 4:46

source share

Try the following:

dbConfig.php

 <?php $mysqli = new mysqli('localhost', 'root', 'pwd', 'yr db name'); if($mysqli->connect_error) { echo $mysqli->connect_error; } ?>

Index.php

 <html> <head><title>Inserting data in database table </title> </head> <body> <form action="control_table.php" method="post"> <table border="1" background="red" align="center"> <tr> <td>Login Name</td> <td><input type="text" name="txtname" /></td> </tr> <br> <tr> <td>Password</td> <td><input type="text" name="txtpwd" /></td> </tr> <tr> <td>&nbsp;</td> <td><input type="submit" name="txtbutton" value="SUBMIT" /></td> </tr> </table> control_table.php <?php include 'config.php'; ?> <?php $name=$pwd=""; if(isset($_POST['txtbutton'])) { $name = $_POST['txtname']; $pwd = $_POST['txtpwd']; $mysqli->query("insert into users(name,pwd) values('$name', '$pwd')"); if(!$mysqli) { echo mysqli_error(); } else { echo "Successfully Inserted <br />"; echo "<a href='show.php'>View Result</a>"; } } ?>

-1

Dewesh sinha Mar 01 '17 at 18:07

source share

 <!DOCTYPE html> <?php $con = new mysqli("localhost","root","","form"); ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <script type="text/javascript"> $(document).ready(function(){ //$("form").submit(function(e){ $("#btn1").click(function(e){ e.preventDefault(); // alert('here'); $(".apnew").append('<input type="text" placeholder="Enter youy Name" name="e1[]"/><br>'); }); //} }); </script> </head> <body> <h2><b>Register Form<b></h2> <form method="post" enctype="multipart/form-data"> <table> <tr><td>Name:</td><td><input type="text" placeholder="Enter youy Name" name="e1[]"/> <div class="apnew"></div><button id="btn1">Add</button></td></tr> <tr><td>Image:</td><td><input type="file" name="e5[]" multiple="" accept="image/jpeg,image/gif,image/png,image/jpg"/></td></tr> <tr><td>Address:</td><td><textarea cols="20" rows="4" name="e2"></textarea></td></tr> <tr><td>Contact:</td><td><div id="textnew"><input type="number" maxlength="10" name="e3"/></div></td></tr> <tr><td>Gender:</td><td><input type="radio" name="r1" value="Male" checked="checked"/>Male<input type="radio" name="r1" value="feale"/>Female</td></tr> <tr><td><input id="submit" type="submit" name="t1" value="save" /></td></tr> </table> <?php //echo '<pre>';print_r($_FILES);exit(); if(isset($_POST['t1'])) { $values = implode(", ", $_POST['e1']); $imgarryimp=array(); foreach($_FILES["e5"]["tmp_name"] as $key=>$val){ move_uploaded_file($_FILES["e5"]["tmp_name"][$key],"images/".$_FILES["e5"]["name"][$key]); $fname = $_FILES['e5']['name'][$key]; $imgarryimp[]=$fname; //echo $fname; if(strlen($fname)>0) { $img = $fname; } $d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')"; if($con->query($d)==TRUE) { echo "Yoy Data Save Successfully!!!"; } } exit; // echo $values;exit; //foreach($_POST['e1'] as $row) //{ $d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')"; if($con->query($d)==TRUE) { echo "Yoy Data Save Successfully!!!"; } //} //exit; } ?> </form> <table> <?php $t="select * from form"; $y=$con->query($t); foreach ($y as $q); { ?> <tr> <td>Name:<?php echo $q['name'];?></td> <td>Address:<?php echo $q['address'];?></td> <td>Contact:<?php echo $q['contact'];?></td> <td>Gender:<?php echo $q['gender'];?></td> </tr> <?php }?> </table> </body> </html>

-2

mittal bhatt Jun 22 '17 at 3:57

source share

 <?php $username="root"; $password=""; $database="test"; #get the data from form fields $Id=$_POST['Id']; $P_name=$_POST['P_name']; $address1=$_POST['address1']; $address2=$_POST['address2']; $email=$_POST['email']; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die("unable to select database"); if($_POST['insertrecord']=="insert"){ $query="insert into person values('$Id','$P_name','$address1','$address2','$email')"; echo "inside"; mysql_query($query); $query1="select * from person"; $result=mysql_query($query1); $num= mysql_numrows($result); #echo"<b>output</b>"; print"<table border size=1 > <tr><th>Id</th> <th>P_name</th> <th>address1</th> <th>address2</th> <th>email</th> </tr>"; $i=0; while($i<$num) { $Id=mysql_result($result,$i,"Id"); $P_name=mysql_result($result,$i,"P_name"); $address1=mysql_result($result,$i,"address1"); $address2=mysql_result($result,$i,"address2"); $email=mysql_result($result,$i,"email"); echo"<tr><td>$Id</td> <td>$P_name</td> <td>$address1</td> <td>$address2</td> <td>$email</td> </tr>"; $i++; } print"</table>"; } if($_POST['searchdata']=="Search") { $P_name=$_POST['name']; $query="select * from person where P_name='$P_name'"; $result=mysql_query($query); print"<table border size=1><tr><th>Id</th> <th>P_name</th> <th>address1</th> <th>address2</th> <th>email</th> </tr>"; while($row=mysql_fetch_array($result)) { $Id=$row[Id]; $P_name=$row[P_name]; $address1=$row[address1]; $address2=$row[address2]; $email=$row[email]; echo"<tr><td>$Id</td> <td>$P_name</td> <td>$address1</td> <td>$address2</td> <td>$email</td> </tr>"; } echo"</table>"; } echo"<a href=lab2.html> Back </a>"; ?>

-3

Jalak nimavat Jun 19 '17 at 5:46

source share

When a button is pressed

 if(isset($_POST['save'])){ $sql = "INSERT INTO `members`(`id`, `membership_id`, `email`, `first_name`) VALUES ('".$_POST["id"]."','".$_POST["membership_id"]."','".$_POST["email"]."','".$_POST["firstname"]."')"; **if ($conn->query($sql) === TRUE) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . $conn->error; }** }

This will execute the query in the $ sql variable

  if ($conn->query($sql) === TRUE) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . $conn->error; }

-4

ntthushara Oct 27 '17 at 22:10

source share

dimlucas · Accepted Answer · 2016-05-21T21:48:27+0000

The following code simply declares a string variable that contains the MySQL query:

 $sql = "INSERT INTO users (username, password, email) VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";

This does not fulfill the request. You need to use some functions for this, but let me explain something else first.

NEVER TRUST THE USER'S LOGIN . Never add user input (e.g. form input from $_GET or $_POST ) directly to your request. Someone can neatly manipulate input so that it can do a lot of damage to your database. This is called SQL injection. You can read more about it here.

To protect your script from such an attack, you must use prepared statements. Read more about ready-made statements here.

Include prepared statements in your code as follows:

 $sql = "INSERT INTO users (username, password, email) VALUES (?,?,?)";

Pay attention to how ? used as placeholders for values. Then you must prepare the expression using mysqli_prepare :

 $stmt = mysqli_prepare($sql);

Then start associating the input variables with the prepared statement:

 $stmt->bind_param("sss", $_POST['username'], $_POST['email'], $_POST['password']);

And finally, execute prepared statements. (The actual insertion takes place here)

 $stmt->execute();

NOTE Although this is not part of the question, I strongly advise you to never store passwords in clear text. Instead, you should use password_hash to store the password hash

PHP: pasting values ​​from a form in MySQL

More articles:

PHP: pasting values from a form in MySQL