kooldawgstar kooldawgstar - 3 months ago 5x
SQL Question

Form is not inserting data into mysql database

Here is the code in the submit.php file. I don't get any errors on my end, I think the data should be going to the database but I don't know where it's going after the user clicks submit. I think the issue is somewhere in the second php if else statement since it was working before I added in checking whether a user was logged in or not.

include_once 'dbconnect.php';

// variables for input data
$Comment = $_POST['Comment'];
// variables for input data

// sql query for inserting data into database
$sql_query = "INSERT INTO sentences(Comment, ipaddress) VALUES('$Comment','$ip')";
// sql query for inserting data into database
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>The Internet Writes a Book</title>
<link rel="stylesheet" href="style.css" type="text/css" />
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />

<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<a class="navbar-brand" href="index.php">The Internet Writes A Novel</a>
<div class="collapse navbar-collapse" id="navbar1">
<ul class="nav navbar-nav navbar-right">
<?php if (isset($_SESSION['usr_id'])) { ?>
<li><p class="navbar-text">Signed in as <?php echo $_SESSION['usr_name']; ?></p></li>
<li><a href="logout.php">Log Out</a></li>
<?php } else { ?>
<li><a href="login.php">Login</a></li>
<li><a href="register.php">Sign Up</a></li>
<?php } ?>

<?php if (isset($_SESSION['usr_id'])) { ?>
<div id="body">
<div id="content">
<form method="post">
<table align="center">
<td><input type="paragraph_text" cols="50" rows="10" name="Comment" placeholder="Sentence" required /></td>
<td><button type="submit" name="btn-save"><strong>Add to the Novel</strong></button></td>
<?php } else { ?>
<a href="http://theinternetwritesanovel.tk/login.php">You must be logged in to submit a sentence!</a>
<?php } ?>
<a href="http://theinternetwritesanovel.tk/">Click here to view the novel!</a>


You haven't actually submitted the SQL query. You need to use your database connector object and then use mysqli_query($dbc,$sqlStatement) where $dbc is your database connector.;

Also you should first check that the request type is POST (i.e. that the user has submitted the form, and not just come onto the page, which would be a GET request). So first check if($_SERVER['REQUEST_METHOD'] == 'POST');

Also, you really should sanitize your input using something like mysqli_real_escape_string. But even that isn't really sufficient, you should look into using prepared statements using mysqli or using PDO.

For More info on using mysqli_query function http://www.w3schools.com/php/func_mysqli_query.asp

For More info on Prepared Statements http://php.net/manual/en/mysqli.prepare.php