Filling data from a form into a database using php

Question

I want to insert data from a form into a database.

I've searched for a long time but can't figure out what I am doing wrong. Any help will be appreciated

---

HTML

<!DOCTYPE html>
<html>
  <head>
    <title>PHP insertion</title> 
    <link href="css/insert.css" rel="stylesheet">
  </head> 
<body>
  <div class="maindiv">
  <!--HTML Form -->
    <div class="form_div">
      <div class="title"> 
        <h2>Book Information</h2>
      </div>
      <form action="new 12.php" method="post">
      <!-- Method can be set as POST for hiding values in URL--> 
        <h3>Enter the Details</h3> 
        <label>Access number</label>
        <input class="input" name="access" type="text" value=""><br> 
        <label>Title</label>
        <input class="input" name="title" type="text" value=""><br> 
        <label>Author</label> 
        <input class="input" name="author" type="text" value=""><br> 
        <label>Edition</label> 
        <input class="input" name="edition" type="text" value=""><br> 
        <label>Publisher</label> 
        <input class="input" name="publisher" type="text" value=""><br> 
        <input class="submit" name="submit" type="submit" value="Submit"><br> 
      </form> 
    </div> 
  </div> 
</body> 
</html>

---

PHP

  <?php
    $link = mysqli_connect("localhost", "root", "admin", "library");
    if($link === false){
        die("ERROR: Could not connect. " . mysqli_connect_error());
    }


    $sql = "INSERT INTO library (access,title,author,edition,publisher) VALUES ('$access','$title','$author','$edition','$publisher')";
    if(mysqli_query($link, $sql)){
        echo "Records inserted successfully.";
    } else{
        echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
    }

    mysqli_close($link);
  ?>

Answer 1

$access is undefined. You need to refer to $_POST['access'] to get the value of your POSTed form. Same for all other fields.

Answer 2

You have not defined values of variable ( $access, $title, $author, $edition,$publisher ).

So First you Have to get these variable values with $_POST .

Put this PHP Code in your file.

<?php
    $link = mysqli_connect( "localhost", "root", "admin", "library" );
    if( $link === false ) {
        die( "ERROR: Could not connect. " . mysqli_connect_error() );
    }

    if( $_SERVER[ 'REQUEST_METHOD' ] == 'POST' ) {

        $access = isset( $_POST[ 'access' ] ) ? $_POST[ 'access' ] :'';
        $title = isset( $_POST[ 'title' ] ) ? $_POST[ 'title' ] :'';
        $author = isset( $_POST[ 'author' ] ) ? $_POST[ 'author' ] :'';
        $edition = isset( $_POST[ 'edition' ] ) ? $_POST[ 'edition' ] :'';
        $publisher = isset( $_POST[ 'publisher' ] ) ? $_POST[ 'publisher' ] :'';

        $sql = "INSERT INTO library ( access, title, author, edition, publisher )VALUES( '".$access."', '".$title."', '".$author."', '".$edition."', '".$publisher."' )";
        if( mysqli_query( $link, $sql ) ) {
            echo "Records inserted successfully.";
        } else {
            echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
        }
    }
    mysqli_close( $link ); 

?>

Answer 3

First of all, I strongly recommend to make a PDO conection like:

<?php
$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
?>

Second: I would put id to all of the inputs Third: You´re missing the $_POST["value"] So you are not sending information The html should look like:

 <!DOCTYPE html>
 <html> 
 <head> 
 <title>PHP insertion
 </title> 
<link href="css/insert.css" rel="stylesheet"> 
</head> 

<body> <div class="maindiv"> 
<!--HTML Form --> 
<div class="form_div"> 
<div class="title"> 
<h2>Book Information</h2> 
</div> 
<form action="new 12.php" method="post"> 
<!-- Method can be set as POST for hiding values in URL--> 
<h3>Enter the Details</h3> 
<label>Access number</label> <input class="input" name="access" id="access" type="text" value=""><br> 
<label>Title</label> <input class="input" name="title" id="title" type="text" value=""><br> 
<label>Author</label> <input class="input" name="author" id="author" type="text" value=""><br> 
<label>Edition</label> <input class="input" name="edition" id="edition" type="text" value=""><br> 
<label>Publisher</label> <input class="input" name="publisher" id="publiser" type="text" value=""><br> 
<input class="submit" name="submit" type="submit" value="Submit"><br> 
</form> 
</div> 
</div> 
</body>
</html>

And the php like this:

<?php
try {
    $conn = new PDO("mysqli:server = yoursever; Database = yourdatabase", "user", "pass");
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
    print("Error connecting to Server.");
    die(print_r($e));
}

$access= $_POST['access'];
$title= $_POST['title'];
$author= $_POST['author'];
$edition= $_POST['edition'];
$publisher= $_POST['publisher'];

$sql = "INSERT INTO library (access, title, author, edition, publisher) VALUES (?,?,?,?,?)";
$stmti= $conn->prepare($sql);
$stmti->execute([$access, $title, $author, $edition, $publisher]);

if ($stmti->error){
      echo "ERROR";
    }
    else{
        echo "Records inserted successfully.";
    }
$conn->close();
?>

This is one safe way to insert info in your server to prevent SQL inyection, please read How does the SQL injection from the "Bobby Tables" XKCD comic work? to understand better how to prevent inyection into your server