PHP add new register in database

[sigmahokies]

Hi everyone,

 

I'm sure you have seen me around in here by learning PHP, I am getting advance now. But I don't understand why it won't insert in PHPmyadmin (MySQL) with my prompt in php. Can you find why it won't add name as insert into my database?

 

if ($_POST['submmited']) 

{

$first = $_POST['firstname'];

$last = $_POST['lastname'];

$email = $_POST['email'];

 

if ($first && $last && $email) {

$sql = "INSERT INTO Student (StudentID,Firstname,LastName,Email) VALUES (NULL,'$first','$last','$email')";

mysqli_query($Garydb, $sql);

}

else {

echo "Failed to add register";

}

}

 

I checked around, there is no mistake but it won't add a new as insert into my database...why? What Did I do wrong?

 

Thank you in advance

 

Gary

Edited October 4, 2015 by sigmahokies

[cobusbo]

 

Hi everyone,

 

I'm sure you have seen me around in here by learning PHP, I am getting advance now. But I don't understand why it won't insert in PHPmyadmin (MySQL) with my prompt in php. Can you find why it won't add name as insert into my database?

 

if ($_POST['submmited']) 

{

$first = $_POST['firstname'];

$last = $_POST['lastname'];

$email = $_POST['email'];

 

if ($first && $last && $email) {

$sql = "INSERT INTO Student (StudentID,Firstname,LastName,Email) VALUES (NULL,'$first','$last','$email')";

mysqli_query($Garydb, $sql);

}

else {

echo "Failed to add register";

}

}

 

I checked around, there is no mistake but it won't add a new as insert into my database...why? What Did I do wrong?

 

Thank you in advance

 

Gary

 

If the StudentID is an Auto Increase Int don't mention it in your query and try the delimited sign

$sql = "INSERT INTO Student (`Firstname`,`LastName`,`Email`) VALUES (`$first`,`$last`,`$email`)";

[benanamen]

As @cobusbo said, remove StudentID and the NULL entry. What you have is old school Mysql functionality as far as using the null on an auto-increment column as you have it. Newer version Mysql wont work, dont remember what version that changed, nevertheless, it is completely unnecessary.

Edited October 4, 2015 by benanamen

[sigmahokies]

I think i know why it won't insert a new data in PHPmyadmin, It show the error in the function in the database, the message showed "A fatal JavaScript error has occur". It must prevent the add a new data in the database. 

 

Of course, I removed StudentiD and NULL from function already, but still won't add the new data...

[cobusbo]

I think i know why it won't insert a new data in PHPmyadmin, It show the error in the function in the database, the message showed "A fatal JavaScript error has occur". It must prevent the add a new data in the database. 

 

Of course, I removed StudentiD and NULL from function already, but still won't add the new data...

Where is the form?

[Jacques1]

You've adopted some weird and even dangerous techniques, so the first thing you should do is actually learn how the MySQLi extension works.

 

Queries don't just fail. Whenever there's a problem, MySQLi provides a detailed error report. This can either be manually requested through mysqli_error(), or you can ask MySQLi to automatically throw exceptions:

<?php

const DB_HOST = 'localhost';
const DB_USER = '...';
const DB_PASSWORD = '...';
const DB_NAME = '...';

// Turn on exceptions so that you don't have to manually check for errors
$mysqliDriver = new mysqli_driver();
$mysqliDriver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT;

$databaseConnection = new mysqli('localhost', DB_USER, DB_PASSWORD, DB_NAME);

You can't just insert PHP variables into query strings. This will lead to SQL injection attacks and crash your application whenever the input happens to include a single quote (which does happen in the English language). To fix this problem, use prepared statements:

$registrationStmt = $databaseConnection->prepare('
  INSERT INTO
    student
  SET
    firstname = ?,
    lastname = ?,
    email = ?
');
$registrationStmt->bindParam('sss', $_POST['firstname'], $_POST['lastname'], $_POST['email']);
$registrationStmt->execute();

As you can see, the $_POST values never touch the query string directly. Instead, you create a query template with three parameters (the question marks), and then you bind the values to those parameters. This provides perfect security and robustness.

 

Last but not least, you should get rid of this weird “CamelCase” naming style. Make the identifiers all-lowercase to avoid confusion and mistakes.

[benanamen]

 

 

Last but not least, you should get rid of this weird “CamelCase” naming style. Make the identifiers all-lowercase to avoid confusion and mistakes.

 

+1

I personally prefer an underscore separator as well.

 

first_name

 

Much more readable to me than firstname. Sticking to lowercase will completely eliminate an errors due to wrong case. If you develop on windows (IIS) it is dumb when it comes to case and thinks FIRSTNAME, firstname and FirstName is all the same, then you move it to Linux and run into problems since Linux says they are all different.

Edited October 4, 2015 by benanamen

[sigmahokies]

Guru, 

 

I can see you said my weird and technique in MySQL and PHP, I guess i am still having a long way to go. As i can see, you are using object-oriented style in PHP, I am using procedural style in PHP. Is Procedural style dangerous, too?

[Jacques1]

No, the procedural style is perfectly fine.

[sigmahokies]

All right, I will do my best to make reduced the risk of weird and dangerous technique. I have two websites, one website for practice, other one is set as professional website what I learned from previous website. For now, I am using one website for practice, but oddly, in practice website, Insert data into the database is working, so, I copied the code from practice one to my professional website, it is not working. Of course, I tested the connect to MySQL and select database, it works finely. what I don't get is why practice one is working, and professional website does not work at all. I am beginning to think about different OS in server; my professional website is in ubuntu, maybe this practice website is other OS, maybe Linux or IIS. I don't like IIS, but I'm not sure Linux. 

 

Now, I am practice on update the data in the database, I know it is little harder than register. You can look up in other thread in this website.

[seandisanti]

in practice website, Insert data into the database is working, so, I copied the code from practice one to my professional website, it is not working.

That's a perfect moment to learn! Rather than copying the one that seems to be working, compare the two implementations to see what's different. It may add a little more time, but it will give you a better understanding of the output you're receiving and the functions that you're trying to use. If you can't spot the differences or make sense of it yourself, paste the snippets here (minus credentials of course) and there are plenty of people happy to help.