Why isn't this form updating the database?

Question

I'm learning php through head first's php and mysql and I'm toying with the simplest of php scripts: data from a form is inserted into a mysql database. I have modified the example from chapter two to use it on my own form and db, but I haven't been able to make the db accept anything I write into the form.

Where's the error?

Here's the php script:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Evaluaciones</title>
</head>
<body>
  <h2>Evaluaciones</h2>

<?php
  $nombre_apellido = $_POST['nombreYapellido'];


  $dbc = mysqli_connect('localhost', 'root', 'password', 'evaluaciones')
    or die('Error connecting to MySQL server.');

  $query = "INSERT INTO `evaluaciones_cursos` (nombre_apellido) " .
    "VALUES ('$nombre_apellido')";




  $result = mysqli_query($dbc, $query)
    or die('Error querying database.');

  mysqli_close($dbc);

  echo 'Gracias por llenar el formulario .<br />'.$nombre_apellido;

?>

</body>
</html>

And here's the html form

formbeta2.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>

 <head>

   <meta http-equiv="Content-Type"
         content="text/html; charset=ISO-8859-1" />

    <title>Evaluaci&oacute;n de Curso</title>


    <style type="text/css">
    body {
        background-color: #CC7722;
        margin-left:20%;
        margin-right:20%;
        border:3px dotted gray;
        padding: 10px 10px 10px 10px;
         font-family:sans-serif;

    }


    .tabla img {
        width:100%;
    }

 </style>

 </head>

<body>
<form>






<img src='http://img690.imageshack.us/img690/4338/softrain2.jpg' width="408" height="123"border='0'/>








<h1>Evaluaci&oacute;n</h1>


<p>Por favor, tome unos minutos para llenar esta evaluaci&oacute;n. </p>

<p> </p>

<form action="script2.php" method="POST">

    <p> 

        <!--h3>Info Personal</h3-->
        <table>


        <tr><td>Nombre y Apellido:</td> <td> <input type="text" name="nombreYapellido" value="" /> </td></tr>



        </table>

         <input type="submit" value="Enviar Evaluaci&oacute;n"/>


</body>

</form>

</html>

On mysql I ran:

CREATE TABLE `evaluaciones_cursos` (
`nombre_apellido` VARCHAR(60)
)

Yet the info isn't showing on phpmyadmin. Why?

Answer 1

You have a form nested inside of another form. I'd start there.

Edit: What's probably happening is that the first (empty) form is what is being submitted. Since it submits to the same page formbeta2.html , your PHP and SQL are never even being run. Please answer the question in my comment and we can help further from there.

Answer 2

Looking at the HTML, the </form> is outside the </body> tag. Change this to:

</form>
</body>

Then, you need to remove the <form> that is right under the <body> tag since you already have it later.

Once you make those changes, everything else looks like it should work just fine.

Buena Suerte!

Answer 3

Where I would start is to separate the business logic and the presentation (the PHP code and the HTML). Putting business logic inside the HTML code is usually a bad idea.

There is a simple trick what I like to use: in PHP, you can very easily make template files. A very basic template system can be:

function render($file, $variables) {
  ob_start();
  extract($variables);
  if(file_exists($file)) {
    include $file;
  }
  return ob_end_clean();
}

Also, remember that trusing in the user input is a bad idea, so never ever substitute user supplied data directly into the an SQL string. In a case of MySQL, use mysql_real_escape_string().

$sql = 'INSERT INTO table(col) VALUES(\'' . mysql_real_escape_string($value) . '\');'

This technique is one of the most essential thing in web security.