Shivam Amin Shivam Amin - 5 months ago 16
SQL Question

How to write information from html form to MySQL Database

Alright, so I'm setting up a website that has a form on it and I want to save all the information that the user types into the form to my MySQL Database. The form is coded like this:

<form method="post" action="claim.php" name="ClaimForm" id="ClaimForm" autocomplete="on">
<fieldset>
<legend>Contact Details</legend>
<div>
<label for="firstname" accesskey="U">Your First Name</label>
<input name="firstname" type="text" id="firstname" placeholder="Enter your name" required />
</div>
<div>
<label for="lastname" accesskey="U">Your Last Name</label>
<input name="lastname" type="text" id="lastname" placeholder="Enter your name" required />
</div>
<div>
<label for="email" accesskey="E">Email</label>
<input name="email" type="email" id="email" placeholder="Enter your Email Address" pattern="^[A-Za-z0-9](([_\.\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\.\-]?[a-zA-Z0-9]+)*)\.([A-Za-z]{2,})$" required />
</div>
<div>
<label for="streetaddress">Street Address</label>
<input name="streetaddress" type="text" id="streetaddress" placeholder="123 Stanley dr." required />
</div>
<div>
<label for="postalcode">Postal Code</label>
<input name="postalcode" type="text" id="postalcode" placeholder="12345, A1B 2C3, etc." required />
</div>
<label for="city">City</label>
<input name="city" type="text" id="city" placeholder="Schenectady" required />
<div>
<label for="state">State/Province</label>
<input name="state" type="text" id="state" placeholder="New York" required />
</div>
<div>
<label for="country">Country</label>
<input name="country" type="text" id="country" placeholder="United States" required />
</div>
</fieldset>
<fieldset>
<legend>Extra</legend>
<div>
<label for="controllers" accesskey="S">Number of Controllers</label>
<select name="controllers" id="controllers" required="required">
<option value="0">0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
</div>
<div>
<label for="color" accesskey="C">Color</label>
<select name="color" id="color" required="required">
<option value="Black">Black</option>
<option value="White">White</option>
<option value="Red">Red</option>
<option value="Blue">Blue</option>
<option value="Gold">Gold</option>
<option value="Purple">Purple</option>
</select>
</div>
</fieldset>
<fieldset>
<legend>Captcha Verification</legend>
<label for="verify" accesskey="V" class="verify"><img src="captcha.php" alt="Verification code" /></label>
<input name="verify" type="text" id="verify" size="6" required style="width: 50px;" title="This confirms you are a human user and not a spam-bot." />
</fieldset>
<input type="submit" class="submit" id="submit" value="Submit" />
</form>


I tried using this code in
Claim.php
to try and save that to the database:

<?php
$mysql_host = "localhost";
$mysql_username = "username";
$mysql_password = "password";
$mysql_database = "database";

mysql_select_db($mysql_database, mysql_connect($mysql_host, $mysql_username, $mysql_password));
//Sending form data to sql db.
mysqli_query("INSERT INTO Information (Firstname,Lastname,Email,StreetAddress,PostalCode,City,StateProvince,Country,Controllers,Color) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[email]','$_POST[streetaddress]','$_POST[postalcode]','$_POST[city]','$_POST[state]','$_POST[country]','$_POST[conrollers]','$_POST[color]'))");
?>


Is there anything wrong with my code? Or is my database structured wrong? I just started learning how to code and this is confusing me.

Picture of my database structure:


Answer

Please use mysqli. I have altered your code to prepare the insert instead.

If you didn't, it would be a huge SQL injection party.

Also, to access $_POST, you should give a string index, like $_POST['firstname']. Though it works like $_POST[firstname], PHP will emit a warning.

<?php
$mysql_host     = "localhost";
$mysql_username = "username";
$mysql_password = "password";
$mysql_database = "database";

$mysqli  = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database);
$prepare = $mysqli->prepare("INSERT INTO `Information`(`Firstname`,`Lastname`,`Email`,`StreetAddress`,`PostalCode`,`City`,`StateProvince`,`Country`,`Controllers`,`Color`) VALUES (?,?,?,?,?,?,?,?,?,?)");
$prepare->bind_param("ssssssssss", $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['streetaddress'], $_POST['postalcode'], $_POST['city'], $_POST['state'], $_POST['country'], $_POST['controllers'], $_POST['color']);
$prepare->execute();
$mysqli->close();
?>