Jump to content

Recommended Posts

personcreate.php

<?php
session_start();
?>

<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Bootstrap demo</title>
    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
  </head>
  <body>
    
    <div class="container">
        
        <?php include('message.php'); ?>
        <div class="row">
            <div class="col-md-12">
                <div class="class">
                    <div class="class-header">
                        <h3> Add Info
                            <a href="index.php" class="btn btn-danger float-end">Back</a>
                        </h3>
                    </div>
                    <div class="card-body">
                        <form action="infoconn.php" method="POST">
                             <div class="mb-3">
                                <label>First name</label>
                                <input type="text" firstname="firstname" class="form-control">
                             </div>
                             <div class="mb-3">
                                <label>Last name</label>
                                <input type="text" lastname="lastname" class="form-control">
                             </div>
                             <div class="mb-3">
                                <label>Date Registered</label>
                                <input type="date" datereg="datereg" class="form-control">
                             </div>
                             <div class="mb-3">
                                <label>Address</label>
                                <input type="text" address="address"  class="form-control">
                             </div>
                             <div class="mb-3">
                                <label>Phone</label>
                                <input type="text" phone="phone" class="form-control">
                             </div>
                             <div class="mb-3">
                                <label>Email</label>
                                <input type="email" email="email" class="form-control">
                             </div>
                             <div class="mb-3">
                                <button type="submit" name="save_info" class="btn btn-primary">Save Info</button>
                             </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>

    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script>
  </body>
</html>

infoconn.php

<?php
session_start();
require 'dbconn.php';

if(isset($_POST['save_info'])) {
    $firstname = mysqli_real_escape_string($con, $_POST['firstname']);
    $lastname = mysqli_real_escape_string($con, $_POST['lastname']);
    $datereg = mysqli_real_escape_string($con, $_POST['datereg']);
    $address = mysqli_real_escape_string($con, $_POST['address']);
    $phone = mysqli_real_escape_string($con, $_POST['phone']);
    $email = mysqli_real_escape_string($con, $_POST['email']);

    $query = "INSERT INTO persondetails (firstname,lastname,datereg,address,phone,email) VALUES ('$firstname', '$lastname', '$datereg', '$address', '$phone', '$email')";

    $query_run = mysqli_query($con, $query);
    if($query_run) {
        $_SESSION['message'] = "Info Added";
        header("Location: personcreate.php");
        exit(0);
    }
    else {
        $_SESSION['message'] = "Failed to Add";
        header("Location: personcreate.php");
        exit(0);
    }
}

?>

form fields need a name="..." attribute, e.g. name="firstname", ...

if you are just starting out, forget about using the overly complicated and inconsistent mysqli extension. instead, use the much simpler and more modern PDO extension, and use prepared queries.

you should also put the form and form processing code on the same page, as this results in the simplest code. the code for any page should be laid out in this general order - 1) initialization, 2) post method form processing, 3) get method business logic - get/produce data needed to display the page, 4) html document.

  • Great Answer 1

100% what Mac advised.

    $firstname = mysqli_real_escape_string($con, $_POST['firstname']);
    $lastname = mysqli_real_escape_string($con, $_POST['lastname']);
    $datereg = mysqli_real_escape_string($con, $_POST['datereg']);

This is like something from an antiquated tutorial.  Nobody does this now. 

PDO is much better -- so much so, that I don't think there's a staff member or veteran/pro developer on this site that uses mysqli unless they are working on a project that was already using it.

With that said, if changing to PDO is too much of an issue for you now (although it probably could be converted in less time than you think). then here's a good tutorial to look at.

It's also painful to look at code that uses the procedural interface, when the oop interface is cleaner and easier to understand.  Since you used it, I provide the procedural interface example below.

 

Your code will be something like this:

$query = "INSERT INTO persondetails (firstname, lastname, datereg, address, phone, email) VALUES (?, ?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($con, $query);
mysqli_stmt_bind_param($stmt, 'ssssss', $_POST['firstname'], $_POST['lastname'], $_POST['datereg'], $_POST['address'], $_POST['phone'],$_POST['email']);
mysqli_stmt_execute($stmt);

if (mysqli_stmt_affected_rows($stmt) === 1) {
  $_SESSION['message'] = "Info Added";
} else {
  $_SESSION['message'] = "Failed to Add";
}

header("Location: personcreate.php");
exit(0);

 

One other comment:  use the proper database types and your application will be better.

$_POST['datereg']

Should be a DATE/DATETIME/TIMESTAMP value.  Using any of these is better than storing a CHAR/VARCHAR in the database, from a data integrity/storage size and usability standpoint.  Using a string to store a date is just bad/lazy design.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.