MySQL database update via form

Question

I'm making a form with which I can put something in my MySQL database, but for some reason it isn't working. When I try to submit the form it runs the else statement which means I get error Can someone tell me what I'm doning wrong???

I have two files the first one is the form:

        <html>
<body>

<form name="form4" method="post" action="incident_submit.php">

<table>
<tr>
<td>Gebruiker</td>
<td>:</td>
<td>
<?php /* Include de pagina waar je config file staat */

include 'dbconnectie.php'; /* INCLUDE CONNECTION */

$query = $query = "SELECT naam FROM gebruikers"; /* YOUR QUERY */
$uitvoeren = mysqli_query($connectie,$query); /* EXECUTE QUERY */

echo "<select name='naam' id='naam'>";

while($rij = mysqli_fetch_array($uitvoeren)){ /* FETCH ARRAY */
/* De data in de dropdown zetten */
$naam=mysqli_real_escape_string($con,$rij['naam']);
echo "<option value='$naam'>".$naam."</option>";
}
/* De dropdown beëindigen */
echo '</select>';
?>

</td>
</tr>
<tr>
<td>Hardwaretypen</td>
<td>:</td>
<td>
<select name="typen" id="typen"> <?php
$query2 = "SELECT typen FROM hardware_typen"; /* YOUR SECOND QUERY */
/* Query uitvoeren */
$uitvoeren2 = mysqli_query($connectie,$query2); /* EXECUTE SECOND QUERY */
/* Begin van dropdown
While voor data in de dropdown */
while($rij2 = mysqli_fetch_array($uitvoeren2)) { /* SECOND FETCH */
$typen=mysqli_real_escape_string($con,$rij2['typen']); /* ESCAPE STRINGS */
/* De data in de dropdown zetten */
echo "<option value='$typen'>".$typen."</option>";
}
/* De dropdown beëindigen */
echo '</select>';
?>
</td>
</tr>
<tr>
<td>Melding</td>
<td>:</td>
<td><input name="melding" type="text" id="melding"></td>
</tr>
<tr>
<td><input type="submit" name="Submit" value="Incident melden"></td>
</tr>
</table>
</form>
</body>
</html>

The second file:

        <?php

include('dbconnectie.php');

/* Get values from form */
$naam=mysqli_real_escape_string($con,$_POST['naam']); /* PRACTICE ESCAPING STRINGS BEFORE USING THEM INTO A QUERY */
$typen=mysqli_real_escape_string($con,$_POST['typen']);
$melding=mysqli_real_escape_string($con,$_POST['melding']);

/* Insert data into mysql */
$sql="INSERT INTO incidenten(naam, typen, melding) VALUES ('$naam', '$typen', '$melding')";
$result=mysqli_query($con,$sql); /* EXECUTE QUERY */

// if successfully insert data into database, displays message "Successful". 
if($result){
echo "Uw melding is verwerkt in het systeem.";
echo "<BR>";
echo "<a href='gebruikerpagina.html'>Terug naar de startpagina</a>";
}

else {
echo "ERROR";
}
?> 

<?php 
// close connection 
mysqli_close($connectie);
?>

My MySQL table gebruikers:

CREATE TABLE IF NOT EXISTS `gebruikers` (
  `naam` text NOT NULL,
  `wachtwoord` text NOT NULL,
  `level` int(1) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

INSERT INTO `gebruikers` (`naam`, `wachtwoord`, `level`) VALUES
('niek', 'P@password1', 1),
('Hansie', 'Hansie1', 3);

Thanks in advance!

Answer 1

Try

$sql="INSERT INTO {$tbl_name}(naam, typen, melding)VALUES('$naam', '$typen', '$melding')";
$result=mysql_query($sql) or die(mysql_error()); // will display the error

When adding - or die (mysql_error()) it will display errors related to MySql engine (such as wrong username & password, typos , etc)

Answer 2

add name and Id to select for both naam and typen

echo '<select id="naam" name="naam">';//add name and id
//While voor data in de dropdown
while($rij = mysql_fetch_assoc($uitvoeren)) {
//De data in de dropdown zetten
echo '<option>'.$rij['naam'].'</option>';
}
//De dropdown beëindigen
echo '</select>';

and here

echo '<select id="typen" name="typen">';//add name and id
//While voor data in de dropdown
while($rij = mysql_fetch_assoc($uitvoeren)) {
//De data in de dropdown zetten
echo '<option>'.$rij['typen'].'</option>';
}
//De dropdown beëindigen
echo '</select>';?>

Answer 3

change your form select to ( you have one more select in select ) Also no need to include file twice:-

<td>
<?php //Include de pagina waar je config file staat
include 'dbconnectie.php';
//Query
$query = "SELECT naam FROM gebruikers WHERE level='3'";
//Query uitvoeren
$uitvoeren = mysql_query($query);
?>
<select name="naam" id="naam" >
<?php while($rij = mysql_fetch_assoc($uitvoeren)) {?>
  <option value="<?php echo $rij['naam'];?>"><?php echo $rij['naam'];?></option>
<?php }?>
</select></td>
</tr>
<tr>
<tr>
<td>Hardwaretypen</td>
<td>:</td>
<td>
<?php $query = "SELECT typen FROM hardware_typen";
//Query uitvoeren
$uitvoeren = mysql_query($query);?>
<select name="typen" id="typen">
<?php while($rij = mysql_fetch_assoc($uitvoeren)) {?>
<option value="<?php echo $rij['typen'];?>"><?php echo $rij['typen'];?></option>
<?php }?>
</select></td>

and then insert query to :-

$sql="INSERT INTO incidenten (naam, typen, melding)VALUES('$naam', '$typen', '$melding')";

Answer 4

Summary of Answer:

• Converted code from deprecated MySQL to MySQLi .
• Too many include function of dbconnectie.php where-in you can just use it once in a page.
• Tried to clean the html table.
• Used mysqli_real_escape_string function on variables to prevent some of the SQL injections.
• Removed unnecessary and excessive <select>
• Missing >
• And importantly ! Missing value tags in your <option>

I have included explanations quoted in /* */ inside the code I have provided for further reference.

dbconnectie.php :

<?php

/* ESTABLISH CONNECTION */

$con=mysqli_connect("localhost","root","","helpdesk_middenpolder");

if(mysqli_connect_errno()){

echo "Error".mysqli_connect_error();
}

?>

Your form :

<html>
<body>

<form name="form4" method="post" action="incident_submit.php">

<table>
<tr>
<td>Gebruiker</td>
<td>:</td>
<td>
<?php /* Include de pagina waar je config file staat */

include 'dbconnectie.php'; /* INCLUDE CONNECTION */

$uitvoeren = mysqli_query($con,"SELECT * FROM gebruikers"); /* YOUR QUERY */

echo "<select name='naam' id='naam'>";

while($rij = mysqli_fetch_array($uitvoeren)){ /* FETCH ARRAY */
/* De data in de dropdown zetten */
$naam=mysqli_real_escape_string($con,$rij['naam']);
echo "<option value='$naam'>".$naam."</option>";
}
/* De dropdown beëindigen */
echo '</select>';
?>

</td>
</tr>
<tr>
<td>Hardwaretypen</td>
<td>:</td>

<td>
<select name="typen" id="typen">
<?php
$query2 = "SELECT typen FROM hardware_typen"; /* YOUR SECOND QUERY */
/* Query uitvoeren */
$uitvoeren2 = mysqli_query($con,$query2); /* EXECUTE SECOND QUERY */
/* Begin van dropdown
While voor data in de dropdown */
while($rij2 = mysqli_fetch_array($uitvoeren2)) { /* SECOND FETCH */
$typen=mysqli_real_escape_string($con,$rij2['typen']); /* ESCAPE STRINGS */
/* De data in de dropdown zetten */
echo "<option value='$typen'>".$typen."</option>";
}
/* De dropdown beëindigen */
echo '</select>';
?>
</td>

</tr>
<tr>
<td>Melding</td>
<td>:</td>
<td><input name="melding" type="text" id="melding"></td>
</tr>
<tr>
<td><input type="submit" name="Submit" value="Incident melden"></td>
</tr>
</table>
</form>
</body>
</html>

incident_submit.php :

<?php

include('dbconnectie.php');

/* Get values from form */
$naam=mysqli_real_escape_string($con,$_POST['naam']); /* PRACTICE ESCAPING STRINGS BEFORE USING THEM INTO A QUERY */
$typen=mysqli_real_escape_string($con,$_POST['typen']);
$melding=mysqli_real_escape_string($con,$_POST['melding']);

/* Insert data into mysql */
$sql="INSERT INTO incidenten (naam, typen, melding) VALUES ('$naam', '$typen', '$melding')";
$result=mysqli_query($con,$sql); /* EXECUTE QUERY */

// if successfully insert data into database, displays message "Successful". 
if($result){
echo "Uw melding is verwerkt in het systeem.";
echo "<BR>";
echo "<a href='gebruikerpagina.html'>Terug naar de startpagina</a>";
}

else {
echo "ERROR";
}

// close connection 
mysqli_close($con);
?>