Jay.Smyth Jay.Smyth - 2 months ago 7
PHP Question

Form entry to database won't send

Here goes, I've been trying to follow a few tutorials and build a basic form.

<form name="ContactInformation" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" class="uk-form blcform">

<fieldset data-uk-margin>
<legend>For enquires please leave your contact information below</legend>

<div class="uk-form-row blcinput">
<input type="text" name="firstname" placeholder="First name">
</div>

<div class="uk-form-row blcinput">
<input type="text" name="secondname" placeholder="Second name">
</div>

<div class="uk-form-row blcinput">
<input type="text" name="urcompany" placeholder="Company">
</div>

<div class="uk-form-row blcinput">
<input type="text" name="email" placeholder="Email address">
</div>

<div class="uk-form-row blcinput">
<input type="text" name="telephone" placeholder="+tel">
</div>

<div class="uk-form-row blcinput">
<textarea name="comment" placeholder="Information about your enquiry" rows="6" ></textarea>
</div>

<div class="uk-form-row blcinput"><input type="submit" name="submit" value="Submit"></div>

</fieldset>

</form>


Followed by a php segment

<?php


$conn = new mysqli($servername, $username, $password, $mydb);

// Check connection

if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}

echo "Connected successfully";


if(isset($_POST["submit"])){

//insert into database


$sql = "INSERT INTO ContactInformation (fname, sname, email, comment, telephone, company)
VALUES ('".$_POST["fname"]."','".$_POST["sname"]."','".$_POST["email"]."','".$_POST["comment"]."','".$_POST["telephone"]."','".$_POST["company"]."')";
}

//fetch from database
$sql = "SELECT email, fname, sname FROM ContactInformation";
$result = $conn->query($sql);


//Test pre existing database entries


if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["email"]. " - Name: " . $row["fname"]. " " . $row["sname"]. "<br>";
}
} else {
echo "0 results";
}

$conn->close();

?>


So I'm connecting to the database fine because I'm getting info back from it, my issue is new user input isn't put to the server.

Answer

See this part of your code?

 if(isset($_POST["submit"])){

 //insert into database


 $sql = "INSERT INTO ContactInformation (fname, sname, email, comment, telephone, company)
        VALUES ('".$_POST["fname"]."','".$_POST["sname"]."','".$_POST["email"]."','".$_POST["comment"]."','".$_POST["telephone"]."','".$_POST["company"]."')";
     } 

That only gets executed when you hit the submit button, yet you didn't query() as you did for the SELECT query. Plus, you're using the same $sql variable for both.

  • Use a different variable; it helps to differentiate between both of them.

You're not getting undefined index notices from error reporting because that query never gets executed; that's why.

You have 2 of those inputs that bear the wrong name attributes.

  • name="firstname"
  • name="secondname"

who respectively belong to:

  • $_POST["fname"]
  • $_POST["sname"]

You need to use a prepared statement here, since your code is prone to an SQL injection.

References:

Debugging tools:

and apply that to your code.

Comments