Inserting HTML Form data into MySQL with PHP

Question

I'm trying to make a simple message board MySQL database where you can write a review and submit it via an HTML form on one page and view all of the reviews on a separate page once you've submitted your review.

My problem is two of the fields from the HTML form are not being inserted into my MySQL database which results in my view all reviews page to be missing the Name and Title.

Link to what the "Read all Reviews" page looks like.

The code works without any issue when I tested it doing MySQL queries with just PHP but I need my HTML form to work.

HTML form:

<form action ="process.php" method = "post">
            <fieldset>
                <legend>Review Field</legend>
                Reviewer Name: <br />
                <input type="text" name "name" id = "name"><br />
                Title of Review:<br />
                <input type="text" name "title" id = "title"><br />
                Enter your review below:
                 <!--Textbox start-->   
                 <textarea name="body" id = "body" rows="10" cols="100">
                 </textarea>
                  <!--Textbox end-->    
                <br />
                <input type="submit" name = "submit" id="submit">
                <br />
            </fieldset>
            </form>

Code for process.php:

<?php // Create a database connection.
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "password";
$dbname = "ya_reviews";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

//Test if connection occurred.
if (mysqli_connect_errno()) {
die("Database connection failed: " .
mysqli_connect_error() .
" (" . mysqli_connect_errno() . ")"
);
}

//Perform database query
$name = $_POST['name'];
$title = $_POST['title'];
$body = $_POST['body'];

//This function will clean the data and add slashes.
// Since I'm using the newer MySQL v. 5.7.14 I have to addslashes
$name = mysqli_real_escape_string($connection, $name);
$title = mysqli_real_escape_string($connection, $title);
$body = mysqli_real_escape_string($connection, $body);

//This should retrive HTML form data and insert into database
$query  = "INSERT INTO reviews (name, title, body) 
            VALUES ('".$_POST["name"]."','".$_POST["title"]."','".$_POST["body"]."')";

        $result = mysqli_query($connection, $query);
        //Test if there was a query error
        if ($result) {
            //SUCCESS
        header('Location: activity.php');
        } else {
            //FAILURE
            die("Database query failed. " . mysqli_error($connection)); 
            //last bit is for me, delete when done
        }

mysqli_close($connection);
?>

View all Reviews:

<?php

        //This will fetch the data from the database 
        $query = "SELECT * FROM reviews";
        $result = mysqli_query($connection, $query);
        //Test if there was a query error
        if (!$result) {
            die("Database query failed.");
        }

        // This will let me display the data.
        // The loop will be spilt so I can format with HTML
        while ($row = mysqli_fetch_assoc($result)) {
            //output data from each row
        ?>

        Name: <?php echo $row["name"] . "<br />"; ?>
        Title: <?php echo $row["title"] . "<br />"; ?>
        Review: <?php echo $row["body"] . "<br />";
            echo "<hr>"; ?>
        <?php
        } ?>

Note: I connected to the database with the same code seen in process.php before the above code, I excluded it to save space.

Answer 1

Your HTML attribute syntax is incorrect. Its missing = sign between attribute and value .

Change name "name" to name="name" and name "title" to name="title"

<input type="text" name="name" id = "name"><br />
            Title of Review:<br />
<input type="text" name="title" id = "title"><br />

Also during insert you aren't using escaped values.

Use $name instead of $_POST["name"] in insert query. Same goes for title and body values.

Answer 2

The problem is that the name attribute is not correct in HTML.

<input type="text" name="name" id = "name"><br />

<input type="text" name="title" id = "title"><br />

Answer 3

I think you messed up with syntax of HTML

<form action ="process.php" method = "post">
            <fieldset>
                <legend>Review Field</legend>
                Reviewer Name: <br />
                <input type="text" name="name" id = "name"><br />
                Title of Review:<br />
                <input type="text" name="title" id = "title"><br />
                Enter your review below:
                 <!--Textbox start-->   
                 <textarea name="body" id = "body" rows="10" cols="100">
                 </textarea>
                  <!--Textbox end-->    
                <br />
                <input type="submit" name = "submit" id="submit">
                <br />
            </fieldset>
            </form>

It will work surely!

Answer 4

Yo, you're just missing some syntax, therefore creating errors when it comes to gathering the data from those elements,

<input type="text" name "title" id = "title">

You're missing the "=" sign from the name parameter