How do I submit form data to a database and redirect someone to URL?

Question

PHP Newbie here: Quick question on forms and php,

Form in Html page

 <form class="form" id="form" onsubmit="return validateForm()" method="post"           action="submitdatabase.php">

I can insert data into my database successfully but how do I direct them to a certain URL as well?

If it helps, below is my PHP, needless to say it doesn't work:

<?php
    $con = mysql_connect("localhost","root","");
    if (!$con) {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("database", $con);
    $sql="INSERT INTO leads (fname, lname, address, phone, email)
          VALUES ('$_POST[fname]','$_POST[lname]','$_POST[address]','$_POST[phone]','$_POST[email]')";
    if (!mysql_query($sql,$con)) {
        die('Error: ' . mysql_error());
    }

    mysql_close($con)
    header("Location: URLREDIRECTION.com")
?>

Answer 1

PHP Newbie.. this should work
always use this to escape strings mysql_escape_string($var);
also mysql_connect() is depreciated, use mysqli_connect('host', 'user', 'password', 'database') instead.

<?php
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}

$fname = mysql_escape_string($_POST['fname']);
$lname = mysql_escape_string($_POST['lname']);
$address = mysql_escape_string($_POST['address']);
$phone = mysql_escape_string($_POST['phone']);
$email = mysql_escape_string($_POST['email']);

mysql_select_db("database", $con);
$sql="INSERT INTO leads (fname, lname, address, phone, email)
VALUES 
('$fname','$lname','$address','$phone','$email')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
header("Location: http://yoursite.com");

Answer 2

This code... is... a bit of a mess and old. First things first: don't use mysql_* functions. Also you must escape your user's data for sure . To simplify both in one, I will work with PDO. Here you have a tutorial (just click here) . Also, as other stated, you also needed to close a couple of semicolons.

<?php
/* Create a PDO object */
$DB = new PDO("mysql:host=localhost;dbname=database",'root','');

/* Prepare the statement you want to do, in this case, an INSERT */
$con = $DB->prepare("INSERT INTO leads (fname, lname, address, phone, email)
                     VALUES (?,?,?,?,?)");

/* Execute the previous statement with the corresponding values for each '?' */
$con->execute(array($_POST['fname'],
                    $_POST['lname'],
                    $_POST['address'],
                    $_POST['phone'],
                    $_POST['email']));

/* Redirect the user */
header("Location: http://www.example.com/");

?>

Answer 3

Obviously this is not secure. The OP knows this and has chosen to do things this way. If he genuinely wants to do things deliberately wrong I have no problem with that.

Anyone else reading this answer should keep in mind that this is horrible practice and I have only given it as an answer because it is clearly what he wanted. Do not use this.

In an actual application, you should be at the very least using mysql_real_escape_string() to escape the $_POST variables from user input, or (much) better yet, use MySQLi or PDO in conjunction with prepared statements, to eliminate the chances of SQL injection.

You were missing a semicolon. Also, you changed the header line instead of leaving somewhere you were trying to redirect to there. How are we supposed to debug a script that we can't even see? Try it as posted here and see if it takes you to google. If not then there's something else going on. If it does, you typed out the header() function wrong but we couldn't tell, because you didn't show it to us.

Try this:

<?php
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$sql="INSERT INTO leads (fname, lname, address, phone, email)
VALUES 
('$_POST[fname]','$_POST[lname]','$_POST[address]','$_POST[phone]','$_POST[email]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
header("Location: http://www.google.com");
?>

Also, as a few people have pointed out already mysql() functions are officially depreciated. Although it should be working anyway.

Answer 4

try this..this will work 100%

<?php 
  $fname=$_POST['fname'];
  $lname=$_POST['lname'];
  $phn=$_POST['phn'];
  $email=$_POST['email'];
  $street=$_POST['street'];
  $city=$_POST['city'];
  $state=$_POST['state'];
  $con=mysqli_connect('localhost','root','','database');
  $insert= "INSERT INTO table (id,name,phone,email,street,city,state) VALUES('','$fname $lname','$phn','$email','$street','$city','$state')";
$run=mysqli_query($con,$insert);
  if($run)
  {
  header('location:https://google.com');
  }
?>

Answer 5

You have a syntax error here:

mysql_close($con)

You need to add a semicolon:

mysql_close($con);

If your script produces any output before the header() statement, the redirect will not happen. Warnings, errors, and intentional output will all cause your header() statement to fail.

If you are redirecting to another site, consider use the 'http://' or 'https://' prefix for clarity:

header("Location: http://urlredirection.com");

If you are redirecting to your own site, just use a leading slash:

header("Location: /your/url.php");

Finally, consider updating your code to use mysqli or PDO instead of the deprecated mysql_* functions.