PHP: Inserting Values from the Form into MySQL
Question
I created a users table in mysql from the terminal and I am trying to create simple task: insert values from the form. This is my dbConfig file
<?php
$mysqli = new mysqli("localhost", "root", "pass", "testDB");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
?>
and This is my Index.php .
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="$1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>test</title>
<?php
include_once 'dbConfig.php';
?>
</head>
<body>
<?php
if(isset($_POST['save'])){
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
}
?>
<form method="post">
<label id="first"> First name:</label><br/>
<input type="text" name="username"><br/>
<label id="first">Password</label><br/>
<input type="password" name="password"><br/>
<label id="first">Email</label><br/>
<input type="text" name="email"><br/>
<button type="submit" name="save">save</button>
<button type="submit" name="get">get</button>
</form>
</body>
</html>
After hitting my save button, nothing happens, database is still empty. I tried echo'ing the INSERT query and it takes all values from the form as it is supposed to. After I try to check if this worked from terminal, I login into my sql try to return all data from users table and I get empty set.
2 answers
solution1
47 ACCPTED 2016-05-21 21:48:27
The following code just declares a string variable that contains a MySQL query:
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
It does not execute the query. In order to do that you need to use some functions but let me explain something else first.
NEVER TRUST USER INPUT : You should never append user input (such as form input from $_GET or $_POST ) directly to your query. Someone can carefully manipulate the input in such a way so that it can cause great damage to your database. That's called SQL Injection. You can read more about it here
To protect your script from such an attack you must use Prepared Statements. More on prepared statements here
Include prepared statements to your code like this:
$sql = "INSERT INTO users (username, password, email)
VALUES (?,?,?)";
Notice how the ? are used as placeholders for the values. Next you should prepare the statement using mysqli_prepare :
$stmt = $mysqli->prepare($sql);
Then start binding the input variables to the prepared statement:
$stmt->bind_param("sss", $_POST['username'], $_POST['email'], $_POST['password']);
And finally execute the prepared statements. (This is where the actual insertion takes place)
$stmt->execute();
NOTE Although not part of the question, I strongly advice you to never store passwords in clear text. Instead you should use password_hash to store a hash of the password
solution2
6 2016-09-23 07:04:51
There are two problems in your code.
- No action found in form.
- You have not executed the query mysqli_query()
dbConfig.php
<?php
$conn=mysqli_connect("localhost","root","password","testDB");
if(!$conn)
{
die("Connection failed: " . mysqli_connect_error());
}
?>
index.php
include('dbConfig.php');
<!Doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="$1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>test</title>
</head>
<body>
<?php
if(isset($_POST['save']))
{
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
$result = mysqli_query($conn,$sql);
}
?>
<form action="index.php" method="post">
<label id="first"> First name:</label><br/>
<input type="text" name="username"><br/>
<label id="first">Password</label><br/>
<input type="password" name="password"><br/>
<label id="first">Email</label><br/>
<input type="text" name="email"><br/>
<button type="submit" name="save">save</button>
</form>
</body>
</html>
solution3
-1 2017-03-01 18:07:18
Try this:
dbConfig.php
<?php
$mysqli = new mysqli('localhost', 'root', 'pwd', 'yr db name');
if($mysqli->connect_error)
{
echo $mysqli->connect_error;
}
?>
Index.php
<html>
<head><title>Inserting data in database table </title>
</head>
<body>
<form action="control_table.php" method="post">
<table border="1" background="red" align="center">
<tr>
<td>Login Name</td>
<td><input type="text" name="txtname" /></td>
</tr>
<br>
<tr>
<td>Password</td>
<td><input type="text" name="txtpwd" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="txtbutton" value="SUBMIT" /></td>
</tr>
</table>
control_table.php
<?php include 'config.php'; ?>
<?php
$name=$pwd="";
if(isset($_POST['txtbutton']))
{
$name = $_POST['txtname'];
$pwd = $_POST['txtpwd'];
$mysqli->query("insert into users(name,pwd) values('$name', '$pwd')");
if(!$mysqli)
{ echo mysqli_error(); }
else
{
echo "Successfully Inserted <br />";
echo "<a href='show.php'>View Result</a>";
}
}
?>
solution4
-2 2017-06-22 03:57:08
<!DOCTYPE html>
<?php
$con = new mysqli("localhost","root","","form");
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<script type="text/javascript">
$(document).ready(function(){
//$("form").submit(function(e){
$("#btn1").click(function(e){
e.preventDefault();
// alert('here');
$(".apnew").append('<input type="text" placeholder="Enter youy Name" name="e1[]"/><br>');
});
//}
});
</script>
</head>
<body>
<h2><b>Register Form<b></h2>
<form method="post" enctype="multipart/form-data">
<table>
<tr><td>Name:</td><td><input type="text" placeholder="Enter youy Name" name="e1[]"/>
<div class="apnew"></div><button id="btn1">Add</button></td></tr>
<tr><td>Image:</td><td><input type="file" name="e5[]" multiple="" accept="image/jpeg,image/gif,image/png,image/jpg"/></td></tr>
<tr><td>Address:</td><td><textarea cols="20" rows="4" name="e2"></textarea></td></tr>
<tr><td>Contact:</td><td><div id="textnew"><input type="number" maxlength="10" name="e3"/></div></td></tr>
<tr><td>Gender:</td><td><input type="radio" name="r1" value="Male" checked="checked"/>Male<input type="radio" name="r1" value="feale"/>Female</td></tr>
<tr><td><input id="submit" type="submit" name="t1" value="save" /></td></tr>
</table>
<?php
//echo '<pre>';print_r($_FILES);exit();
if(isset($_POST['t1']))
{
$values = implode(", ", $_POST['e1']);
$imgarryimp=array();
foreach($_FILES["e5"]["tmp_name"] as $key=>$val){
move_uploaded_file($_FILES["e5"]["tmp_name"][$key],"images/".$_FILES["e5"]["name"][$key]);
$fname = $_FILES['e5']['name'][$key];
$imgarryimp[]=$fname;
//echo $fname;
if(strlen($fname)>0)
{
$img = $fname;
}
$d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')";
if($con->query($d)==TRUE)
{
echo "Yoy Data Save Successfully!!!";
}
}
exit;
// echo $values;exit;
//foreach($_POST['e1'] as $row)
//{
$d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')";
if($con->query($d)==TRUE)
{
echo "Yoy Data Save Successfully!!!";
}
//}
//exit;
}
?>
</form>
<table>
<?php
$t="select * from form";
$y=$con->query($t);
foreach ($y as $q);
{
?>
<tr>
<td>Name:<?php echo $q['name'];?></td>
<td>Address:<?php echo $q['address'];?></td>
<td>Contact:<?php echo $q['contact'];?></td>
<td>Gender:<?php echo $q['gender'];?></td>
</tr>
<?php }?>
</table>
</body>
</html>
solution5
-3 2017-06-19 05:46:34
<?php
$username="root";
$password="";
$database="test";
#get the data from form fields
$Id=$_POST['Id'];
$P_name=$_POST['P_name'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$email=$_POST['email'];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die("unable to select database");
if($_POST['insertrecord']=="insert"){
$query="insert into person values('$Id','$P_name','$address1','$address2','$email')";
echo "inside";
mysql_query($query);
$query1="select * from person";
$result=mysql_query($query1);
$num= mysql_numrows($result);
#echo"<b>output</b>";
print"<table border size=1 >
<tr><th>Id</th>
<th>P_name</th>
<th>address1</th>
<th>address2</th>
<th>email</th>
</tr>";
$i=0;
while($i<$num)
{
$Id=mysql_result($result,$i,"Id");
$P_name=mysql_result($result,$i,"P_name");
$address1=mysql_result($result,$i,"address1");
$address2=mysql_result($result,$i,"address2");
$email=mysql_result($result,$i,"email");
echo"<tr><td>$Id</td>
<td>$P_name</td>
<td>$address1</td>
<td>$address2</td>
<td>$email</td>
</tr>";
$i++;
}
print"</table>";
}
if($_POST['searchdata']=="Search")
{
$P_name=$_POST['name'];
$query="select * from person where P_name='$P_name'";
$result=mysql_query($query);
print"<table border size=1><tr><th>Id</th>
<th>P_name</th>
<th>address1</th>
<th>address2</th>
<th>email</th>
</tr>";
while($row=mysql_fetch_array($result))
{
$Id=$row[Id];
$P_name=$row[P_name];
$address1=$row[address1];
$address2=$row[address2];
$email=$row[email];
echo"<tr><td>$Id</td>
<td>$P_name</td>
<td>$address1</td>
<td>$address2</td>
<td>$email</td>
</tr>";
}
echo"</table>";
}
echo"<a href=lab2.html> Back </a>";
?>
solution6
-4 2017-10-27 22:10:49
When you click the Button
if(isset($_POST['save'])){
$sql = "INSERT INTO `members`(`id`, `membership_id`, `email`, `first_name`)
VALUES ('".$_POST["id"]."','".$_POST["membership_id"]."','".$_POST["email"]."','".$_POST["firstname"]."')";
**if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}**
}
This will execute the Query in the variable $sql
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
inserting a dynamically generated $_POST values from a form into mysql from php
PHP: Inserting values from registration form into MySQL table
PHP Form Inserting to MySQL NULL Values Allowed
Inserting Array values from form into mysql
Inserting data from form into database PHP MYSQL
Multiple records inserting into MySql from PHP form
PHP - inserting record to mysql from form
Inserting data with PHP from a form to MySQL database
Inserting Date from form using PHP Mysql
Values are not inserting in MySQL form from php form even after successful submission
Related Tags