Jump to content

php form mysql issue

ianhaney50

By ianhaney50
in PHP Coding Help

 Share

Recommended Posts

ianhaney50 Member

ianhaney50

Posted
Posted
Hi

 

I have created a form that allows my clients visitors to sign up and it stored the values in a mysql database but for some reason the form just resets itself and does not give any error reporting issue as have that in the coding and does not save into the database, below is PHP coding

 

<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
?>
 
<?php 
$title = "Sign Up - Micromend";
 
$pgDesc="";
 
$pgKeywords="";
 
include ( 'includes/header.php' );
?>
<!--CONTENT-->
 
<div id="column-whole-inner">
<div id="login">
<h2>Visitor's Form</h2>
<br />
<form action="" method="post">
<label>Name :</label>
<input type="text" name="vis_name" id="name" required placeholder="Please Enter Name"/>
<br /><br />
<label>Email :</label>
<input type="email" name="vis_email" id="email" required placeholder="john123@gmail.com"/>
<br/><br />
<label>Address Line 1 :</label>
<input type="text" name="vis_firstline" id="firstline" required placeholder="Please Enter First Line of your address"/>
<br><br>
<label>Address Line 2 :</label>
<input type="text" name="vis_secondline" id="secondline" required placeholder="Please Enter Second Line of your address"/>
<br><br>
<label>Town :</label>
<input type="text" name="vis_town" id="town" required placeholder="Please Enter your Town"/>
<br><br>
<label>County :</label>
<input type="text" name="vis_county" id="county" required placeholder="Please Enter Your County"/>
<br/><br />
<label>Postcode :</label>
<input type="text" name="vis_postcode" id="postcode" required placeholder="Please Enter Your Postcode"/>
<br><br>
<label>Telephone Number :</label>
<input type="text" name="vis_tel" id="tel" required placeholder="Please Enter Your Telephone Number"/>
<br><br>
<label>Mobile Number :</label>
<input type="text" name="vis_mobile" id="mobile" required placeholder="Please Enter Your Mobile Number"/>
<br><br>
<label>Receive our Monthly Newsletter :</label>
<br>
<input type="radio" name="vis_newsletter" value="Yes">Yes
<br>
<input type="radio" name="vis_newsletter" value="No">No
<br><br>
<input type="submit" value=" Submit " name="submit"/>
<br />
</form>
</div>
 
</div>
<?php
if(isset($_POST["submit"])){
$servername = "";
$username = "";
$password = "";
$dbname = "";
 
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
 
$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter)
VALUES ('".$_POST["vis_name"]."','".$_POST["vis_email"]."','".$_POST["vis_town"]."','".$_POST["vis_county"]."','".$_POST["vis_postcode"]."','".$_POST["vis_tel"]."','".$_POST["vis_mobile"]."','".$_POST["vis_newsletter"]."'')";
 
if ($conn->query($sql) === TRUE) {
echo "<script type= 'text/javascript'>alert('Your Information has been added successfully to our database');</script>";
} else {
echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}
 
$conn->close();
}
?>
 
<!--CONTENT-->
 
<?php include( 'includes/footer.php' ); ?>


 

Don't think I have missed anything as it seems to connect to the database ok and don't get a connection error

 

Thank you in advance

 

Ian

Link to comment
Share on other sites
rwhite35 Member

rwhite35

Posted
Posted

Change this - 

'".$_POST["vis_name"]."',

to  this - 

$_POST['vis_name'],

The double quotes are messing up the query statement.  Also, it would be a better practice to use some sort of filter sanitizing function provided by PHP.  I prefer the following

$visName = filter_var($_POST['vis_name'], FILTER_SANITIZE_SPECIAL_CHARS);

There are others, check the manual http://us3.php.net/manual/en/filter.filters.sanitize.php

Link to comment
Share on other sites
ricpurcell Newbie

ricpurcell

Posted
Posted

as above the issue was the double quotes but don't know if you are planning it but I would suggest you validate the form to check the form is complete as atm the moment if all fields are empty and the user submits the form sql will receive the blank data

Link to comment
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted (edited)

Change this - 

'".$_POST["vis_name"]."',

to  this - 

$_POST['vis_name'],

The double quotes are messing up the query statement.

 

For the sake of others, the double quotes shouldn't be an issue. The first part of the query string is surrounded by double quotes.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('"

It is then concatenated with the necessary POST variables outside of the string.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('" . $_POST["vis_name"] . "','" . $_POST["vis_email"]...

So this isn't a problem with double quotes being used within a double-quoted string. It's probably just a matter of the script that displays the form is calling itself. Note the form's action attribute is blank.

 

Once the form is submitted, the same page / script is called and the form is re-displayed. But since the form isn't being populated with whatever was submitted before, the form appears to reset itself.

Edited by cyberRobot
Link to comment
Share on other sites
rwhite35 Member

rwhite35

Posted
Posted (edited)

For the sake of others, the double quotes shouldn't be an issue. The first part of the query string is surrounded by double quotes.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('"

It is then concatenated with the necessary POST variables outside of the string.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('" . $_POST["vis_name"] . "','" . $_POST["vis_email"]...

So this isn't a problem with double quotes being used within a double-quoted string. It's probably just a matter of the script that displays the form is calling itself. Note the form's action attribute is blank.

 

Once the form is submitted, the same page / script is called and the form is re-displayed. But since the form isn't being populated with whatever was submitted before, the form appears to reset itself.

Good point... That's me over under thinking things...  The code is valid but confusing.  It would benefit from simplifying the query statement.  Not to mention input validation/sanitizing etc. etc... But yes, my bad. 

Edited by rwhite35
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.