Insert form data into MySQL database table

Question

I want to insert data from a form into a table but everytime i hit submit nothing happens, i checked and re-checked everything but i can't find the reason.

indextest1.php

<!DOCTYPE html>

<html>    
    <head>  
        <title></title>    
        <meta charset="UTF-8">    
        <meta name="author" content="">    
        <meta name="description" content="">    
        <meta name="keywords" content="">   
    </head>    
    <body>
        <form action="test1.php" method="post">
        <input type="text" name="name"><br>
        <input type="text" name="lastname"><br>
        <input type="radio" name="radio" value="one" checked> one<br>   
        <input type="radio" name="radio" value="two" > two<br>
        <select name="drop">   
            <option value="0" selected>0</option>    
            <option value="1">1</option>    
            <option value="2">2</option>    
            <option value="3">3</option>    
            <option value="4">4</option>    
            <option value="5">5</option>   
            <option value="6">6</option>    
            <option value="7">7</option>    
            <option value="8">8</option>    
        </select>
        <input type="checkbox" name="check" value="1"><br>    
        <input type="submit" value="Submit">   
        </form>    
    </body>   
</html>

test1.php

<?php

$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "db-test";

$connect = ("$servername, $username, $password, $dbname") or die ("ERROR DURING CONNECTION");

$name = $_POST["name"];
$lastname = $_POST["lastname"];
$radio = $_POST["radio"];
$drop = $_POST["drop"];
$check = $_POST["check"];

$sql_insert = mysql_query("INSERT INTO test-table (id, name, lastname, radio, drop, check) VALUES ('', '$name', '$lastname', '$radio', '$drop', '$check')");
        header("location: indextest1.php");

?>

Table values

Thanks in advance, i hope i provided all the info needed.

Answer 1

Besides the other answer,

Firstly, this part of your query:

INSERT INTO test-table (id, name, lastname, radio, drop, check)

should read as

INSERT INTO `test-table` (id, name, lastname, radio, `drop`, `check`)

MySQL is interpreting your table as "test minus table". Use ticks, or rename it using an underscore test_table which is a safe seperator.

Then you're using two MySQL reserved words, "drop" and "check". Use ticks for those also.

Reference:

• http://dev.mysql.com/doc/refman/5.6/en/keywords.html

See how MySQL is telling you where the syntax error begins?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'drop, check)

and it would have shown you another one after that being

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check)

Just to clarify, you are mixing MySQL APIs with

mysql_query("INSERT ...

which those mysql_ functions do not intermix with your present method. Use the same from connection to query

mysqli_query($connect, "INSERT ...

and of course the fact that you're open to SQL injection. Use a prepared statement:

• https://en.wikipedia.org/wiki/Prepared_statement

You should also check for empty fields against your POST arrays such as !empty() .

Sidenote: If an apostrophe or any other character is to be inserted that MySQL will complain about, then you must escape them. Either way, you should.

Plus, remember to add exit; after header. Otherwise and if you have more code below that, it may want to continue and execute.

header("location: indextest1.php");
exit;

Answer 2

I'd recommend you read up on how to connect to MySQL first from PHP before proceeding as your code posted evidently shows otherwise.

http://php.net/manual/en/function.mysqli-connect.php http://php.net/manual/en/mysqli.query.php

Stop using mysql , as it is deprecated. You need to specify the arguments correctly in your script. Your $connect is completely invalid syntax (for connecting to MySQL)

<?php

$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "db-test";

$connect = mysqli_connect($servername, $username, $password, $dbname)
or die ("ERROR DURING CONNECTION");

$name = $_POST["name"];
$lastname = $_POST["lastname"];
$radio = $_POST["radio"];
$drop = $_POST["drop"];
$check = $_POST["check"];
$sql = "INSERT INTO test-table (name, lastname, radio, drop, check) VALUES ('$name', '$lastname', '$radio', '$drop', '$check')";
//Don't need to insert id since it's an PRI_KEY A_I
$result = mysqli_query($connect, $sql)
or die (mysqli_error($connect));
header("location: indextest1.php");
?>

Among other things, you are asking to be hit with an SQL injection attack which you can easily block via. mysqli_real_escape_string

Answer 3

to add varchar data type to a sql table we have to put it in single quote, so first put single quote after that if the value is in variable than put between double quotes and dots (for php only).

For auto increment value we only have to pass null.

write your query as following.

$sql_insert = mysql_query("INSERT INTO test-table (id, name, lastname, radio, drop, check) VALUES (null, '".$name."', '".$lastname."', '".$radio."', ".$drop.", ".$check.")");

Hope this will work.