watsonjohn Posted November 21, 2023 Share Posted November 21, 2023 personcreate.php <?php session_start(); ?> <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Bootstrap demo</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous"> </head> <body> <div class="container"> <?php include('message.php'); ?> <div class="row"> <div class="col-md-12"> <div class="class"> <div class="class-header"> <h3> Add Info <a href="index.php" class="btn btn-danger float-end">Back</a> </h3> </div> <div class="card-body"> <form action="infoconn.php" method="POST"> <div class="mb-3"> <label>First name</label> <input type="text" firstname="firstname" class="form-control"> </div> <div class="mb-3"> <label>Last name</label> <input type="text" lastname="lastname" class="form-control"> </div> <div class="mb-3"> <label>Date Registered</label> <input type="date" datereg="datereg" class="form-control"> </div> <div class="mb-3"> <label>Address</label> <input type="text" address="address" class="form-control"> </div> <div class="mb-3"> <label>Phone</label> <input type="text" phone="phone" class="form-control"> </div> <div class="mb-3"> <label>Email</label> <input type="email" email="email" class="form-control"> </div> <div class="mb-3"> <button type="submit" name="save_info" class="btn btn-primary">Save Info</button> </div> </form> </div> </div> </div> </div> </div> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script> </body> </html> infoconn.php <?php session_start(); require 'dbconn.php'; if(isset($_POST['save_info'])) { $firstname = mysqli_real_escape_string($con, $_POST['firstname']); $lastname = mysqli_real_escape_string($con, $_POST['lastname']); $datereg = mysqli_real_escape_string($con, $_POST['datereg']); $address = mysqli_real_escape_string($con, $_POST['address']); $phone = mysqli_real_escape_string($con, $_POST['phone']); $email = mysqli_real_escape_string($con, $_POST['email']); $query = "INSERT INTO persondetails (firstname,lastname,datereg,address,phone,email) VALUES ('$firstname', '$lastname', '$datereg', '$address', '$phone', '$email')"; $query_run = mysqli_query($con, $query); if($query_run) { $_SESSION['message'] = "Info Added"; header("Location: personcreate.php"); exit(0); } else { $_SESSION['message'] = "Failed to Add"; header("Location: personcreate.php"); exit(0); } } ?> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 21, 2023 Share Posted November 21, 2023 form fields need a name="..." attribute, e.g. name="firstname", ... if you are just starting out, forget about using the overly complicated and inconsistent mysqli extension. instead, use the much simpler and more modern PDO extension, and use prepared queries. you should also put the form and form processing code on the same page, as this results in the simplest code. the code for any page should be laid out in this general order - 1) initialization, 2) post method form processing, 3) get method business logic - get/produce data needed to display the page, 4) html document. 1 Quote Link to comment Share on other sites More sharing options...
gizmola Posted November 21, 2023 Share Posted November 21, 2023 100% what Mac advised. $firstname = mysqli_real_escape_string($con, $_POST['firstname']); $lastname = mysqli_real_escape_string($con, $_POST['lastname']); $datereg = mysqli_real_escape_string($con, $_POST['datereg']); This is like something from an antiquated tutorial. Nobody does this now. PDO is much better -- so much so, that I don't think there's a staff member or veteran/pro developer on this site that uses mysqli unless they are working on a project that was already using it. With that said, if changing to PDO is too much of an issue for you now (although it probably could be converted in less time than you think). then here's a good tutorial to look at. It's also painful to look at code that uses the procedural interface, when the oop interface is cleaner and easier to understand. Since you used it, I provide the procedural interface example below. Your code will be something like this: $query = "INSERT INTO persondetails (firstname, lastname, datereg, address, phone, email) VALUES (?, ?, ?, ?, ?, ?)"; $stmt = mysqli_prepare($con, $query); mysqli_stmt_bind_param($stmt, 'ssssss', $_POST['firstname'], $_POST['lastname'], $_POST['datereg'], $_POST['address'], $_POST['phone'],$_POST['email']); mysqli_stmt_execute($stmt); if (mysqli_stmt_affected_rows($stmt) === 1) { $_SESSION['message'] = "Info Added"; } else { $_SESSION['message'] = "Failed to Add"; } header("Location: personcreate.php"); exit(0); One other comment: use the proper database types and your application will be better. $_POST['datereg'] Should be a DATE/DATETIME/TIMESTAMP value. Using any of these is better than storing a CHAR/VARCHAR in the database, from a data integrity/storage size and usability standpoint. Using a string to store a date is just bad/lazy design. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.