Form is not inserting data into mysql database

Question

Here is the code in the submit.php file. I don't get any errors on my end, I think the data should be going to the database but I don't know where it's going after the user clicks submit. I think the issue is somewhere in the second php if else statement since it was working before I added in checking whether a user was logged in or not.

    <?php
session_start();
include_once 'dbconnect.php';

 // variables for input data
 $Comment = $_POST['Comment'];
 $ip=$_SERVER['REMOTE_ADDR'];
 // variables for input data

 // sql query for inserting data into database
 $sql_query = "INSERT INTO sentences(Comment, ipaddress) VALUES('$Comment','$ip')";
 // sql query for inserting data into database
 ?>
<html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>The Internet Writes a Book</title>
<link rel="stylesheet" href="style.css" type="text/css" />
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
</head>
<body>
<center>

<nav class="navbar navbar-default" role="navigation">
    <div class="container-fluid">
        <div class="navbar-header">
            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar1">
                <span class="sr-only">Toggle navigation</span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="navbar-brand" href="index.php">The Internet Writes A Novel</a>
        </div>
        <div class="collapse navbar-collapse" id="navbar1">
            <ul class="nav navbar-nav navbar-right">
                <?php if (isset($_SESSION['usr_id'])) { ?>
                <li><p class="navbar-text">Signed in as <?php echo $_SESSION['usr_name']; ?></p></li>
                <li><a href="logout.php">Log Out</a></li>
                <?php } else { ?>
                <li><a href="login.php">Login</a></li>
                <li><a href="register.php">Sign Up</a></li>
                <?php } ?>
            </ul>
        </div>
    </div>
</nav>




<?php if (isset($_SESSION['usr_id'])) { ?>
    <div id="body">
    <div id="content">
        <form method="post">
            <table align="center">
                <tr>
                    <td><input type="paragraph_text" cols="50" rows="10" name="Comment" placeholder="Sentence" required /></td>
                </tr>
                <tr>
                    <td><button type="submit" name="btn-save"><strong>Add to the Novel</strong></button></td>
                </tr>
            </table>
        </form>
    </div>
</div>
<?php } else { ?>
    <a href="http://theinternetwritesanovel.tk/login.php">You must be logged in to submit a sentence!</a>
<?php } ?>
<br>
<a href="http://theinternetwritesanovel.tk/">Click here to view the novel!</a>
</div>
</center>
</body>
</html> 

Answer 1

You haven't actually submitted the SQL query. You need to use your database connector object and then use mysqli_query($dbc,$sqlStatement) where $dbc is your database connector.;

Also you should first check that the request type is POST (ie that the user has submitted the form, and not just come onto the page, which would be a GET request). So first check if($_SERVER['REQUEST_METHOD'] == 'POST');

Also, you really should sanitize your input using something like mysqli_real_escape_string. But even that isn't really sufficient, you should look into using prepared statements using mysqli or using PDO.

For More info on using mysqli_query function http://www.w3schools.com/php/func_mysqli_query.asp

For More info on Prepared Statements http://php.net/manual/en/mysqli.prepare.php