bhagat321 Posted April 5, 2017 Share Posted April 5, 2017 /*CODE GIVEN BELOW: */ <?php $conn=mysqli_connect("localhost","root","","form_reg"); if(isset($_POST['submit'])) { $name=$_POST['name']; $email=$_POST['email']; $add_line1=$_POST['add_line1']; $vill=$_POST['village']; $teh=$_POST['tehsil']; $dist=$_POST['district']; $state=$_POST['state']; $form_insert="INSERT INTO registration (Name, Email, Add_line1,Village,Tehsil,State) VALUES('$name','$email,,'$add_line1','$vill','$teh', '$dist','$state'); $insert=mysqli_query($form_insert, $conn); if(!$insert){ echo "data not inserted, some error"; } else { echo "data inserted successfully"; } /* --- THIS IS COMMENT FOR TESTING ---- echo $name; echo $email; echo $vill; echo $land; echo $state; echo $irr; */ ?> Link to comment Share on other sites More sharing options...
requinix Posted April 5, 2017 Share Posted April 5, 2017 Converting your code from mysql to mysqli takes more than just adding an "i" in a few places. mysqli Link to comment Share on other sites More sharing options...
benanamen Posted April 5, 2017 Share Posted April 5, 2017 Since you are apparently just starting out, now is the time to start using PDO. You are already off to the wrong start with common noob mistakes. Do not create variables for nothing. NEVER EVER put variables in the query. Use prepared statements. Do not mix your naming styles. Pick one and stick to it. Except for classes, I recommend you always use lowercase column names and variables with an under_score_seperating_multiple_words. Your insert check logic is not needed. If you have things setup correctly any errors will be properly handled whether you want them logged, emailed to you or whatever. What you never want to do is output system error to the user which so far you have not done. This information is of no use to the user and of great use to a hacker. Link to comment Share on other sites More sharing options...
Psycho Posted April 5, 2017 Share Posted April 5, 2017 Give this a try. No promises that there are no typos since I didn't test it. <?php //Set variables for DB connection $host = 'localhost'; $db = 'form_reg'; $charset = 'utf8'; $user = 'root'; $pass = ''; //Connect to DB $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; $opt = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; $pdo = new PDO($dsn, $user, $pass, $opt); //Process POST data if($_SERVER['REQUEST_METHOD']=='POST') { //Create array of the POST indexes to be used in query insert values $keyMap = array('name'=>0, 'email'=>0, 'add_line1'=>0, 'village'=>0, 'tehsil'=>0, 'state'=>0); //Pull the POST fields into an array to use for the insert $values = array_intersect_key($_POST, $keyMap); //Create a prepared statement $sql = "INSERT INTO registration (Name, Email, Add_line1, Village, Tehsil, State) VALUES (:name, :email, :add_line1, :village, :tehsil, :state)"; $stmt = $pdo->prepare($sql); //Execute the query with the POST values $result = $stmt->execute($values); if($result===false) { echo "data not inserted, some error"; } else { echo "data inserted successfully"; } } //Set debug to true as needed $debug = false; if($debug) { echo "<b>Debug data:</b><br>\n"; echo "Post: <pre>" . print_r($_POST, 1) . "</pre><br>\n"; echo "Values: <pre>" . print_r($values, 1) . "</pre>"; } ?> Link to comment Share on other sites More sharing options...
Jacques1 Posted April 5, 2017 Share Posted April 5, 2017 It makes no sense to check the return value of PDO method calls when you have exceptions enabled. Just do the query, and if it fails, the method will throw an exception. The POST parameters should also be validated. Right now, any missing or invalid parameter will blow up the query, which isn't very elegant. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.