jeff jeff - 5 months ago 9
HTML Question

Cannot put stuff into the database

I am trying to put the form results into a database but it is not working properly. No errors seem to be happening, what is wrong with my code?
This is my first page with the booking form:


$booking_sql = "SELECT * FROM calendar, missions WHERE calendar_id = '%d' AND calendar.missions_id = missions.missions_id" ;
$_SESSION['booking']['calendar'];
$booking_query = mysqli_query($dbconn, $booking_sql) or die(mysqli_error());
$rsBooking = mysqli_fetch_assoc($booking_query);
?>
<form action="confirm.php" method="post" name="fmNumCon" id="fmNumCon">
<div class="row"><span class="label"><strong class="full"></strong></span> <span class="element"><h4><?php echo $rsBooking['missions_name'].', '.$rsBooking['calendar_date']; ?></h4></span></div>
<div class="row"><span class="label"><h4>*Number of people:</h4></span><span class="element">
<select name="number" id="number" onchange="getNumber()">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
</select>
</span></div>
<!-- <div class="row"><span class="label"</span><span class="element"><h4>$NZDisplay cost per person.00</h4><input type="hidden" name="price" id ="price" value="" /></span></div>
<div class="row"><span class="label">&nbsp;</span><span class="element">
<a id="update" href="booking.php?mode=update">Update cost</a>
</span></div> -->
<div class="row"><strong class="full"><h4>Conatact details:</h4></strong>&nbsp;</div>
<div class="row">
<input name="name" type="text" id="name" value="<?= isset($name) ? $name : ''?>" placeholder="name"/>
</div>




<div class="row">
<input name="$phone" type="text" id="phone" placeholder="phone" value="<?= isset($phone) ? $phone : ''?>"/>
</div>

<div class="row">
<input name="email" type="text" id="email" placeholder="email" value="<?= isset($email) ? $email : ''?>"/>
</div>
<div class="row">
<input type="reset" name="Reset" value="Reset" />

<input type="submit" name="Submit" value="Continue" />
</div>
</form>


Here is the confirm page below:


$number = $_SESSION['booking']['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];



require_once('includes/dbconn.php');

$booking_sql = sprintf("SELECT * FROM calendar, missions WHERE calendar_id = '%d' AND calendar.missions_id = missions.missions_id", $_SESSION['booking']['calendar']);
$booking_query = mysqli_query($dbconn, $booking_sql) or die(mysqli_error());
$rsBooking = mysqli_fetch_assoc($booking_query);
?>
<form action="thanks.php" method="post" name="fmConfirm" id="fmConfirm" display="hidden">
<div class="row"><?php echo $rsBooking['missions_name']; ?></div>
<div class="row"><input type="hidden" name="number" value ="<?php echo $number?>"></input></div>

<div class="row"><input type="hidden" name="name" value ="<?php echo $name?>"></input></div>



<div class="row"><input type="hidden" name="phone" value ="<?php echo $phone?>"></input></div>

<div class="row"><input type="hidden" name="email" value ="<?php echo $email?>"></input></div>
<div class="row"><span class="label">&nbsp;</span> <span class="element"><a href="booking.php?calendar_id=<?php echo $_SESSION['booking']['calendar']; ?>&number=<?php echo $_SESSION['booking']['number']; if (!$_COOKIE['PHPSESSID']) { echo '&'.SID; } ?>">Edit details</a></span></div>
<div class="row"><span class="label">&nbsp;</span><span class="element">
<input type="submit" name="Submit" value="Finsih" />
</span></div>
</form>


Here is my thanks page:

<?php require_once('includes/dbconn.php'); ?>
<?php session_start();
$date = date('Y-m-d');
// $calendar = $_POST['calendar_date'];
$name = $_POST['name'];
$number = $_POST['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];
// $booking_sql = "INSERT into bookings (calendar_id, booking_name,
// booking_number, booking_phone,
// booking_email, booking_date) VALUES ('$calendar','$name', 'number', 'phone', 'email')";
$booking_sql = "INSERT INTO bookings (booking_name,
booking_number, booking_phone,
booking_email, booking_date)
VALUES ('$name','$number','$phone','$date')";
$dbconn->query($booking_sql);


// $sql = "INSERT INTO bookings (booking_fname, booking_lname, booking_email, user_id, date_id)
// VALUES ('$fName','$lName','$email', '$userid', '$dateid')";
// $dbc->query($sql);


$booking_query = mysqli_query($dbconn, $booking_sql);
$_SESSION = array();
// session_destroy();
// if(!isset($_COOKIE['active'])) {
// setcookie('active', 'no', time() + 31536000);
// }
?>
<h2>Booking complete </h2>
<p>&nbsp;</p>
<p>Thank you for choosing <strong>Mountain Bike Missions</strong>.</p>
<p>To check your booking immediately, you can log in with your email address <a href="login.php">here</a>. At any another time, please use the <strong>Check booking</strong> link in the <strong>Booking</strong> section of the site.</p>

Answer

I adjusted your thanks.php a little.

  • throughout your other scripts you used the procedural syntax of mysqli, in thanks.php you switched to object-syntax

  • removed all those commented lines

  • session_start() should always be on top of the program (after ini-directives), if you have in an included file some output by accident it would cause a fatal error otherwise

  • I used prepared statemnts to work with the data you get from users, this way the formatting of the query can not be broken if there are special characters in the input

  • enabled display_errors so you get shown your errors (when you are done testing you can remove those lines, you don't want to show technical errormessages to users when going productive)

  • used trigger_error to catch errors thrown by the database to treat them like php errors

Code looks like this:

<?php 
/*
* enable display_errors
*/
ini_set('display_errors', 1);
error_reporting(-1);

/*
* start session, construct connection to db
*/
session_start();
require_once('includes/dbconn.php');

/*
* define your variables
*/
$date = date('Y-m-d');
$name = $_POST['name'];
$number = $_POST['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];

/*
* define your sql-statemnt
* send the statement to the database "preparation"-process
* check if the database had any troubles by asking it for errors
*/
$booking_sql = "INSERT INTO bookings (booking_name, booking_number, booking_phone, booking_email, booking_date) VALUES (?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($dbconn ,$booking_sql);
if(mysqli_errno($dbconn) !== 0){
    trigger_error(mysqli_error($dbconn));
}

/*
* bind your variables to the prepared statement
* execute the statement
* again, ask if the database had any troubles
*/
mysqli_stmt_bind_param($stmt, "sssss", $name, $number, $phone, $email, $date);
mysqli_stmt_execute($stmt);
if(mysqli_errno($dbconn) !== 0){
    trigger_error(mysqli_error($dbconn));
}

$_SESSION = array();
?>
<h2>Booking complete </h2>
Comments