Travist6983 Posted August 28, 2013 Share Posted August 28, 2013 Hello - I am trying to learn PHP here and i have created a simple form that should be posting to the database but i cant for the life of me figure out why? If anyone could point me at what i am missing that would be great PHP Code at the top of my page... <?php if($_POST['formSubmit'] == "Submit") { $mysqli = new mysqli("localhost", "root", "060983tt", "test"); if ($mysqli->connect_error) {die('Connect Error: ' . $mysqli->connect_error);} $varAssign = $_POST['formAssign']; $varDue = $_POST['formDue']; $varLink = $_POST['formLink']; $sql = "INSERT INTO table (assign, due, link) VALUES (". $varAssign . ", " . $varDue . ", " . $varLink . ")"; $mysqli->query($sql); header("location: index.php?success=1"); exit(); } ?> HTML Form <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"> <fieldset> <h2>Assignment 1</h2> <div class="form-group"> <label for="exampleInputEmail">Assignment Title</label> <input type="text" class="form-control" name="formAssign1" placeholder="John Smith"> </div> <div class="form-group"> <label for="exampleInputEmail">Due Date</label> <input type="text" class="form-control" name="formDue1" placeholder="john@sample.com"> </div> <div class="form-group"> <label for="exampleInputEmail">File Name </label> <input type="text" class="form-control" name="formLink1" placeholder="123 Main"> </div> <input type="submit" name="formSubmit" value="Submit" class="btn btn-default" /> <?php $success = $_GET["success"]; if(isset($success)) { echo("<div class=\"success\">"); echo "Message was sent successfully!"; echo("</div>\n"); } ?> </fieldset> </form> Thanks Quote Link to comment Share on other sites More sharing options...
NomadicJosh Posted August 28, 2013 Share Posted August 28, 2013 (edited) Change to this: $varAssign = $_POST['formAssign1']; $varDue = $_POST['formDue1']; $varLink = $_POST['formLink1']; $sql = "INSERT INTO table (assign, due, link) VALUES ('$varAssign','$varDue','$varLink')"; Edited August 28, 2013 by parkerj Quote Link to comment Share on other sites More sharing options...
JD* Posted August 28, 2013 Share Posted August 28, 2013 Just to tack on, make sure that you escape anything that comes from a user/form or else you'll get an SQL injection attack $varAssign = mysqli_real_escape_string($_POST['formAssign1']); $varDue = mysqli_real_escape_string($_POST['formDue1']); $varLink = mysqli_real_escape_string($_POST['formLink1']); $sql = "INSERT INTO table (assign, due, link) VALUES ('$varAssign','$varDue','$varLink')"; Quote Link to comment Share on other sites More sharing options...
Travist6983 Posted August 28, 2013 Author Share Posted August 28, 2013 (edited) Thanks for the reply parkerj and thanks for the prevention against SQL injections JD. But it still isnt posting to the database. I am thinking maybe it is the way that i configured the database. I have uploaded a screenshot of PHPMyAdmin below does anything look off to you? Edited August 28, 2013 by Travist6983 Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted August 28, 2013 Share Posted August 28, 2013 is your table actually named table? if so, that's a reserved mysql keyword and is producing a query error. to use a reserved keyword as a table or column name, you must enclose it in back-ticks `` or even better, rename it to something else that indicates the purpose of the table. you need to ALWAYS have error checking logic in your code to test if a step that might fail has worked or not before trying to use the result from that step. your code would have been telling you that the query failed and provided some information about where in the query the problem was at. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.