The PHP linked to this form isn't submitting entries to my database

158
January 06, 2018, at 09:03 AM

I have a form on a website I'm working on which needs to submit information to a MySQL database. I'm primarily a web designer, and PHP is somewhat new to me. I've written this PHP code as the action for my HTML form, which is below:

<?php 
//only process if $_POST isn't empty
if ( ! empty( $_POST ) ){
//connect to mysql
$mysqli = new mysqli( 'localhost', 'user', 'pass', 'dbname' );
//check connection
if ( $mysqli->connect_error ) {
    die( 'Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}
//insert data
$sql = ("
INSERT INTO `table` (`ID`, `u_fname`, `u_lname`, `u_email`) 
VALUES (NULL, '{$mysqli->real_escape_string($_POST['u_fname'])}', '{$mysqli->real_escape_string($_POST['u_lname'])}', {$mysqli->real_escape_string($_POST['u_email'])}')");
$insert = $mysqli->query($sql);
//print response from sql
if ( $insert ) {
    echo "Success! Row ID: {$mysqli->insert_id}";   
}
else {
    die("Error: {$mysqli->errno} : {$mysqli->error}");
}
//close connection
$mysqli->close();
}
?>

The relevant HTML form is here:

<div class="form-container">
                <form action="signupform.php" method="post" class="isubmit" name="signup" onsubmit="swal({
                    type: 'success',
                    title: 'Thanks!',
                    showConfirmButton: false,
                    timer: 1500
                })">
                    <input required type="text" name="u_fname" class="first-name" placeholder="First Name">
                    <input required type="text" name="u_lname" class="last-name" placeholder="Last Name">
                    <input required type="text" name="u_email" class="email" placeholder="Email">
                    <button class="isubmit submit-text" type="submit">submit</button>
                </form>
            </div>

The HTML and PHP files are separate but in the same directory. I'm aware the PHP needs to be made more secure to avoid injection, but that is not my issue. The issue is that when the submit button is pressed, the PHP does not send the entries to my database. The database remains unchanged, and what I need is for the information from the form fields to populate the database table when the user hits the submit button on the HTML form. Any help with my code or suggestions of a better method would be greatly appreciated.

Answer 1

This is what your Insert Query could look like without it being a prepared statement. Remove the mysqli_real_escape_string from your string in your query and set a variable to equal your post value. Your 'id' also needs to be removed from the insert as the ID in your database should be an auto increment.

//insert data
                                $f_name = mysqli_real_escape_string($_POST['u_fname']);
                                $u_lname = mysqli_real_escape_string($_POST['u_lname']);
                                $u_email = mysqli_real_escape_string($_POST['u_email']);
                                $sql = ("
                                INSERT INTO `table` (`u_fname`, `u_lname`, `u_email`) 
                                VALUES ('{$u_fname}', '{$u_lname}', {$u_email}')");
Rent Charter Buses Company
READ ALSO
Laravel with SQL Server does not work on Google App Engine, but works locally

Laravel with SQL Server does not work on Google App Engine, but works locally

I am trying to create API service with Laravel and SQL serverI am following this tutorial from official document, but it does not have SQL server setup information

252
How to escape URL-parameter to prevent HTML injection

How to escape URL-parameter to prevent HTML injection

What is a good way to escape the URL-parameter in the last line of the code to prevent HTML injection through the parametrized href url? I mean in the: editformphp?id='

243
Updating mysqli with Ajax and Jquery is not working

Updating mysqli with Ajax and Jquery is not working

I just want to update or edit <td> with AjaxEdit or Save Button is in a <td> and so far everything is woking

237