Jump to content
ianhaney50

php form mysql issue

Recommended Posts

Hi

 

I have created a form that allows my clients visitors to sign up and it stored the values in a mysql database but for some reason the form just resets itself and does not give any error reporting issue as have that in the coding and does not save into the database, below is PHP coding

 

<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
?>
 
<?php 
$title = "Sign Up - Micromend";
 
$pgDesc="";
 
$pgKeywords="";
 
include ( 'includes/header.php' );
?>
<!--CONTENT-->
 
<div id="column-whole-inner">
<div id="login">
<h2>Visitor's Form</h2>
<br />
<form action="" method="post">
<label>Name :</label>
<input type="text" name="vis_name" id="name" required placeholder="Please Enter Name"/>
<br /><br />
<label>Email :</label>
<input type="email" name="vis_email" id="email" required placeholder="john123@gmail.com"/>
<br/><br />
<label>Address Line 1 :</label>
<input type="text" name="vis_firstline" id="firstline" required placeholder="Please Enter First Line of your address"/>
<br><br>
<label>Address Line 2 :</label>
<input type="text" name="vis_secondline" id="secondline" required placeholder="Please Enter Second Line of your address"/>
<br><br>
<label>Town :</label>
<input type="text" name="vis_town" id="town" required placeholder="Please Enter your Town"/>
<br><br>
<label>County :</label>
<input type="text" name="vis_county" id="county" required placeholder="Please Enter Your County"/>
<br/><br />
<label>Postcode :</label>
<input type="text" name="vis_postcode" id="postcode" required placeholder="Please Enter Your Postcode"/>
<br><br>
<label>Telephone Number :</label>
<input type="text" name="vis_tel" id="tel" required placeholder="Please Enter Your Telephone Number"/>
<br><br>
<label>Mobile Number :</label>
<input type="text" name="vis_mobile" id="mobile" required placeholder="Please Enter Your Mobile Number"/>
<br><br>
<label>Receive our Monthly Newsletter :</label>
<br>
<input type="radio" name="vis_newsletter" value="Yes">Yes
<br>
<input type="radio" name="vis_newsletter" value="No">No
<br><br>
<input type="submit" value=" Submit " name="submit"/>
<br />
</form>
</div>
 
</div>
<?php
if(isset($_POST["submit"])){
$servername = "";
$username = "";
$password = "";
$dbname = "";
 
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
 
$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter)
VALUES ('".$_POST["vis_name"]."','".$_POST["vis_email"]."','".$_POST["vis_town"]."','".$_POST["vis_county"]."','".$_POST["vis_postcode"]."','".$_POST["vis_tel"]."','".$_POST["vis_mobile"]."','".$_POST["vis_newsletter"]."'')";
 
if ($conn->query($sql) === TRUE) {
echo "<script type= 'text/javascript'>alert('Your Information has been added successfully to our database');</script>";
} else {
echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}
 
$conn->close();
}
?>
 
<!--CONTENT-->
 
<?php include( 'includes/footer.php' ); ?>


 

Don't think I have missed anything as it seems to connect to the database ok and don't get a connection error

 

Thank you in advance

 

Ian

Share this post


Link to post
Share on other sites

 We have to see the whole content of the header and footer php files. You're finding too sexy to call JS via PHP, don't you? 

Share this post


Link to post
Share on other sites

Change this - 

'".$_POST["vis_name"]."',

to  this - 

$_POST['vis_name'],

The double quotes are messing up the query statement.  Also, it would be a better practice to use some sort of filter sanitizing function provided by PHP.  I prefer the following

$visName = filter_var($_POST['vis_name'], FILTER_SANITIZE_SPECIAL_CHARS);

There are others, check the manual http://us3.php.net/manual/en/filter.filters.sanitize.php

Share this post


Link to post
Share on other sites

as above the issue was the double quotes but don't know if you are planning it but I would suggest you validate the form to check the form is complete as atm the moment if all fields are empty and the user submits the form sql will receive the blank data

Share this post


Link to post
Share on other sites

Change this - 

'".$_POST["vis_name"]."',

to  this - 

$_POST['vis_name'],

The double quotes are messing up the query statement.

 

For the sake of others, the double quotes shouldn't be an issue. The first part of the query string is surrounded by double quotes.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('"

It is then concatenated with the necessary POST variables outside of the string.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('" . $_POST["vis_name"] . "','" . $_POST["vis_email"]...

So this isn't a problem with double quotes being used within a double-quoted string. It's probably just a matter of the script that displays the form is calling itself. Note the form's action attribute is blank.

 

Once the form is submitted, the same page / script is called and the form is re-displayed. But since the form isn't being populated with whatever was submitted before, the form appears to reset itself.

Edited by cyberRobot

Share this post


Link to post
Share on other sites

For the sake of others, the double quotes shouldn't be an issue. The first part of the query string is surrounded by double quotes.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('"

It is then concatenated with the necessary POST variables outside of the string.

$sql = "INSERT INTO visitors (visitor_name, visitor_email, visitor_firstline, visitor_secondline, visitor_town, visitor_county, visitor_postcode, visitor_tel, visitor_mobile, visitor_newsletter) VALUES ('" . $_POST["vis_name"] . "','" . $_POST["vis_email"]...

So this isn't a problem with double quotes being used within a double-quoted string. It's probably just a matter of the script that displays the form is calling itself. Note the form's action attribute is blank.

 

Once the form is submitted, the same page / script is called and the form is re-displayed. But since the form isn't being populated with whatever was submitted before, the form appears to reset itself.

Good point... That's me over under thinking things...  The code is valid but confusing.  It would benefit from simplifying the query statement.  Not to mention input validation/sanitizing etc. etc... But yes, my bad. 

Edited by rwhite35

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.