Inserting form data into mysql table (safely)

how to insert data in mysql using php
how to insert data in mysql using php form
how to insert html table data into database using php
how to create an html form that stores data in a mysql database using php
insert into mysql
mysql insert into multiple rows
how to insert data in mysql using html form
what is the format of entering data into a database while inserting data into it

Here is the edited code? I still receive a 404 error and nothing is sent to the database table. I see dbhh.php (which is the following file) after the url on the 404 page after the form is submitted

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "dbname";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // prepare sql and bind parameters
    $stmt = $conn->prepare("INSERT INTO user_input(first_name1, last_name1, email1) 
    VALUES (:first_name1, :last_name1, :email1)");

    // insert a row

    $stmt->execute([
    ':first_name1' => $_POST["first_name1"],
    ':last_name1'  => $_POST["last_name1"],
    ':email1'      => $_POST["email1"]
]);

        echo "New records created successfully";
    }
catch(PDOException $e)
    {
    echo "Error: " . $e->getMessage();
    }
$conn = null;

?> 

You have declared the POST variable after you prepare the query. First, make sure that the POST values get assigned to variables.

// insert a row
$first_name1 = $_POST["first_name1"];
$last_name1 = $_POST["last_name1"];
$email1 = $_POST["email1"];

$stmt = $conn->prepare("INSERT INTO user_input(first_name1, last_name1, email1) 
VALUES (:first_name1, :last_name1, :email1)");
$stmt->bindParam(':first_name1', $first_name1);
$stmt->bindParam(':last_name1', $last_name1);
$stmt->bindParam(':email1', $email1);
$stmt->execute();

Notice the difference. I put the POST one before the query. When the bindParam get executed, it can get the values.

How to Insert Data Into MySQL Database Table Using PHP, In this tutorial you will learn how to insert the data into a MySQL database Now, we'll see how we can insert data into database obtained from an HTML form. The data which a user enters into a form, such as in the one below, will go straight into a MySQL database, so that we store a the user-entered information directly to a database. This could be useful whenever you want to store information directly to a database.

What @david said. Albeit a more compact approach is just skipping the manual binding, and passing params per PDO::execute right away:

$stmt->execute([
    ':first_name1' => $_POST["first_name1"],
    ':last_name1'  => $_POST["last_name1"],
    ':email1'      => $_POST["email1"]
]);

How to Use PHP to Insert Data Into MySQL Database, In this tutorial, you will learn how to INSERT data into your MySQL database from PHP scripts. User writes this in the username field of a login form; john"; DROP DATABASE How to (Safely) Make A PHP Redirect. 08 Apr •  Next a simple MySQL query is formed to insert the data into the table user. Using mysql_query() standard php function, the MySQL query is being processed. Using if else conditional statements , we check if the process was successful or failed.

try this. i hope it will help you.

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "dbname";

$conn = new mysqli($servername, $username, $password, $dbname);
 $stmt = $mysqli->prepare("INSERT INTO user_input (first_name1, last_name1,email1) VALUES (?, ?)");
$stmt->bind_param("si", $_POST['first_name1'], $_POST['last_name1'],$_POST['email1']);
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();

?> 

How to insert data into a MySQL table, Example of a MySQL insert query - the process of inserting information into a MySQL database table. Insert Data Into MySQL Using MySQLi and PDO. After a database and a table have been created, we can start adding data in them. Here are some syntax rules to follow: The SQL query must be quoted in PHP. String values inside the SQL query must be quoted. Numeric values must not be quoted. The word NULL must not be quoted.

MySQL - Insert Query, MySQL - Insert Query - To insert data into a MySQL table, you would need to use the SQL INSERT INTO You can insert data into the MySQL table by using the mysql> prompt or by. <form method = "post" action = "<?php $_PHP_SELF ?>  The INSERT INTO is a statement which adds data into the specified database table. In this example, we are adding data to the table Students . Going further, between the parenthesis, we have the table column names specified to where we want to add the values: (name, lastname, email) .

PHP MySQL: Insert Data Into a Table, This tutorial shows you how to use PHP to insert data into a MySQL table. To pass values from PHP to SQL statement dynamically and securely, you use the  In this tutorial we'll learn to insert data into tables using the INSERT INTO statement. We will insert single row into MySQL Table or we will learn how to insert multiple rows into MySQL table in

How to send Submissions to Your MySQL Database Using PHP, Assuming that you have set your form to post data to a custom URL page, Now that you have created your database, you can start creating  In This VB.Net Tutorial We Will See How To Get Data From TextBoxes And Date From DateTimePicker And Insert It Into MySQL DataBase Table Using MySqlCommand With Parameters In Visual Basic.Net

Comments
  • is there a reason not to use $stmt->bindParam(':first_name1', $_POST["first_name1"]); etc?
  • that's a great idea. it is more efficient. you may post your own answer.
  • No @IdontDownVote, people just like to make things "more readable". YMMV
  • seems like a very common approach, but objectively unnecessary, but i want to see if i was missing something on that.
  • Thanks everyone! I edited the code to the following and I am still receiving a 404 error which I can see dbhh.php at the end of the URL which brings the 404 error after the form is submitted
  • 404 is not a PHP error, not sufficient to diagnose anything (access/rewrite logs + webdir struct), and an entirely different question anyway.