HTML form not sending data to MySQL using PHP

Question

I have a form in HTML, but it's not setup like normal I guess. I'll post the code form the HTML (PHP) file and the php to send it to the db.

<form action="upload.php" method="POST">
    <!-- Name input-->
    <div class="form-group">
      <label class="control-label" for="name">Name</label>
      <div class="">
        <input id="name" name="name" placeholder="First and Last Name" class="form-control input-md" type="text" required>
      </div>
    </div>
    <div class="form-group">
        <label class=" control-label" for="supportingDoc">Upload Supporting Documentation</label>
        <div class="">
            <input id="supportingDoc" name="supportingDoc" class="input-file" type="file" style="margin-top: .5em; margin-left: 4em;">
        </div>
    </div>
    <hr>
      <!-- Submit -->
      <div class="form-group">
        <label class="control-label" for="submit"></label>
        <div class="">
          <button value="Submit" type="submit" id="submit" name="submit" class="btn btn-danger" style="border-radius: 25px;">Submit</button>
        </div>
      </div>
</form>

Here is my SQL/PHP

<?php
    $servername = "localhost";
    $username = "xxx";
    $password = "xxx";
    $dbname = "xxx";
    // Create connection
    $con = mysqli_connect("localhost","xxx","xxx","xxx");
    // Check connection
    if (mysqli_connect_errno()){
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    if (isset($_REQUEST['name'])){
        // set variables

        $name = mysql_real_escape_string($_POST['name']);
        $supportingDoc = mysql_real_escape_string($_POST['supportingDoc']);

        $sql = "INSERT INTO `tablew` (name,  supportingDoc) VALUES ('$name', '$supportingDoc')";
        $result = mysqli_query($con,$sql);

        if ($con->query($sql) === TRUE) {
            echo "New record created successfully";
            printf("New record created successfully");
        } else {
            echo "Error: " . $sql . "<br>" . $con->error;
            printf("Error: " . $sql . "<br>" . $con->error);
        }

        $con->close();
    }
?>

I've tried all sorts of variations and nothing is showing in phpmyadmin. I've even replicated from a previous site I created and it still didn't work lol.

I see that there are variables for the login info and still put it in the mysqli, but I've been at this one thing for about 8 hours now and am out of juice, so hopefully someone sees what I messed up on.

Thanks in advance for any help everyone.

=========================================================================== UPDATE: I made all the changes mentioned above and now get this:

Warning: mysqli_connect(): (HY000/1049): Unknown database

I can see the database in phpmyadmin and Sequel Pro. I've also made sure to set the password and login to 'root'. My code is as follows for login:

    $con = mysqli_connect("localhost","root","root","epboarding");
// Check connection
if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

and this is my POST:

if (isset($_REQUEST['submit'])){
// set variables
$name = mysqli_real_escape_string($con, $_POST['name']);
$sql = "INSERT INTO `wos` (name) VALUES ('$name')";
$result = mysqli_query($con,$sql);

Answer 1

Following issues can be there:

1. Uploading error. Use enctype="multipart/form-data" in form tag.
2. Correct Mysql_connect details ie Username, Password, Dbname.
3. mysql_real_escape_string is depricated. Use mysqli.
4. Recheck your column names ie name, supportingDoc.

Answer 2

Your html code wrong. Whenever you want to use input type file, you need to put <form> tag to <form enctype="multipart/form-data"> . If you re not declaring the enctype , then the PHP cannot read the file.

Answer 3

you have to put

<form enctype="multipart/form-data"> 

when uploading file . correct your html.

Answer 4

Try This

The issue is after clicked on submit button it's not hitting the (isset($_REQUEST['name']))

Change it

if (isset($_REQUEST['submit'])){ //code here}

because you button name is submit.

Use SQL injection like

$con->real_escape_string($_POST['name']);

Answer 5

for the unknown database error. I simply went to operations in phpmyadmin and changed the name of the database and it worked. give it a try if you haven't fixed the problem yet.

Answer 6

in addition to @tbi answer

• Check php.ini for max post size it cause the POST request to fail if the size exceeds the size set in php.ini

post_max_size=20M upload_max_filesize=20M

• check your SQL connection and your permissions on the DB

• use enctype="multipart/form-data" in your form only when you need to upload files (for security reasons)

• finally, don't forget to bind your post params to prevent SQL-Injection Params Binding

Answer 7

1. If you are using a default account on a local installation, then your connection code will probably look like this:

     <?php $con = mysqli_connect('localhost','root',''); mysqli_select_db('epboarding', $con); ?> 

2. use enctype="multipart/form-data" in form tag when you use file type.

     <form name="" method="POST" action="" enctype="multipart/form-data"> 

3.change the following line

    if (isset($_REQUEST['name'])){

to

       if (isset($_REQUEST['submit'])){

4. correct the syntax when post data like mysql to mysqli.

Answer 8

From the PhpMyAdmin screenshot, it looks like the database is running on port 8889, meaning you would need:

$con = mysqli_connect("localhost","xxx","xxx","xxx", 8889);

Answer 9

In addition to what the others have said, I thought I'd provide a tidied script and some (hopefully) useful resource for you other issues.

http://php.net/manual/en/mysqli.construct.php

What's wrong with using $_REQUEST[]?

https://www.w3schools.com/sql/sql_injection.asp

As for your unknown database error this is either your database doesn't exist, is incorrectly named in your PHP script or is unavailable through localhost.

$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";

// Create connection
$conn = new mysqli ( $servername, $username, $password, $dbname );

// Check connection
if ( $conn->connect_error ) {
    echo "Failed to connect to MySQL: " . $conn->connect_error;
}

// Check if values are set with post rather than request, as this is deprecated and can output unexpected results
if ( isset( $_POST['name'] ) ) {
    // Set variables
    $name = $_POST['name'];
    $supportingDoc = $_POST['supportingDoc'];

    // Prepare a statement and bind parameters to prevent sql injection
    $stmt = $conn->prepare( "INSERT INTO `tablew` (name,  supportingDoc) VALUES (?, ?)" );
    $stmt->bind_param( 'sb', $name, $supportingDoc );

    if ( $stmt->execute() ) {
        echo "New record created successfully";
        printf( "New record created successfully" );
    } else {
        echo "Error: " . $stmt->error;
        printf( "Error: " . $stmt->error );
    }
    $stmt->close();
    $conn->close();
}