PHP form doesn't insert into SQL database

Related searches

I am trying to test a very simple PHP form that inserts input into an SQL database. The connection works fine, but the data does not appear in the database when I refresh it. I have only two files, an index.html and a process.php.

index.html:

<html>
<head>Testing</head>
<body>
    <div id="frm">
        <form action="process.php" method=POST>
            <p>
                <label>Username</label>
                <input  type="text" id="stuff" name="stuff">
            </p>
            <p>
                <input type="submit" id="btn" value="Login">
            </p>
        </form>
    </div>
</body>
</html>

Process.php:

<?php
    $userinput = $_POST['stuff'];
    $servername = "localhost";
    $username = "root";
    $password = "";
    $database = "testing";

    $conn = new mysqli($servername, $username, $password, $database);

    if ($conn->connect_error)
    {
        die("connection failed: " . $conn->connect_error);
    }

    else
    {
        echo "Connected successfully "; 
        echo $userinput;
        $sql = "INSERT INTO `entries`(`input`) VALUES ('$userinput')";
    }
?>

The problem is that you're not actually running the query. You just assigned the query string to a variable, so it's not being executed in MySQL.

Your code is vulnerable to SQL injection, so I'm proposing a solution:

<?php
$userinput = $_POST['stuff'];
$servername = "localhost";
$username = "root";
$password = "";
$database = "testing";

$conn = new mysqli($servername, $username, $password, $database);

if ($conn->connect_error)
{
    die("connection failed: " . $conn->connect_error);
}
else
{
    echo "Connected successfully "; 
    echo $userinput;
    $sql = "INSERT INTO `entries` (`input`) VALUES (?)";
    if ($stmt = $conn->prepare($sql)) { // Prepare statement
        $stmt->bind_param("s", $userinput); //Bind the string (s), with the content from $userinput to the statement marker (?)
        $stmt->execute(); // Run (execute) the query
        $stmt->close(); //clean up
}

This code should work and also keep you secure from SQL injections.

How come my form doesn't work? - PHP, I've been trying to get this form to submit: synonyms.php <form action="synonyms -script.php" method="post"> <input type="text" value="<?php� Yet what I think you may be asking, now that I've re-read your comment, is that if you want the form to stay intact after the user filled in the form and pressed the submit button, then you'll need to put your PHP first, then your form/HTML code under that (not mixed together) and use action="" instead of what you have now, if that's what you

Haven't tested it fully but I fixed your query.

$sql = mysqli_query($conn, "INSERT INTO entries (input) VALUES ('$userinput')");

also change the post part to: <form action="process.php" method="POST">

That should fix the problem for you

Also make sure you use the function: mysqli_real_escape_string to escape malicious user input to prevent SQL injection.

Another thing: you could change localhost to 127.0.0.1. I think this is more reliable although it's the same in most cases.

Noob PHP Form is not working - PHP, The form has a name, email, phone, datePicker and message for the existing of a variable that your Ajax call doesn't pass into the PHP as� since it has php part, the file should be saved with .php extension, and the server should support php, also, please use <?php instead of <? just for ensuring that everything is correct. – dlyaza Apr 8 '14 at 13:58

Your code is not submitting the query to the database, it is opening the connection but not submitting the query, see below to the submit query request if you use mysqli in PHP

... else {
  # this submits the query
  $conn -> query ($sql);
}

Using the POST method in a PHP form, Most forms use the post method because it “hides” the form data away from the user and doesn't clutter up the URL in the address bar. Note that GET and POST � I am sending form data through POST, but the corresponding POST variables are not set, and do not. Also, when I store POST data into local PHP variables, I seem to be unable to use those variables.

you need to take function mysqli_query of mysqli that will take parameter as connection object like $conn and 2nd parameter will be sql query to execute. like this

$sql = mysqli_query($conn, "INSERT INTO entries (input) VALUES ('$userinput')");

to prevent from sql injection you must use PDO because PDO use paramBind to protect injection .

PHP form tutorial, It doesn't do much yet, and whatever you type in “goes away” when you submit. Let's add some PHP to process this form: <?php if($_POST['formSubmit� PHP forms with examples. PHP is one of the most popular means of processing HTML forms. This website will show you how to process PHP form and send form results to your e-mail address. » Process PHP forms the secure way! This tutorial has emphasis on processing PHP forms with security in mind!

Basic Form Handling in PHP < PHP, Basic instructions for setting up a form handler in PHP to verify user input It doesn't actually matter where on the page the JavaScript appears,� PHP - Keep The Values in The Form To show the values in the input fields after the user hits the submit button, we add a little PHP script inside the value attribute of the following input fields: name, email, and website. In the comment textarea field, we put the script between the <textarea> and </textarea> tags.

If the web server supports PHP, you should see a screen filled with information and a PHP logo at the top. If you don't see it, your server doesn't have PHP or PHP is not started properly. Email the web server to ask about your options.

Form PHP script is missing from web server, or PHP is not configured correctly on your web hosting provider. Check if the form PHP script has been uploaded correctly, then contact your hosting provider about PHP configuration. My Provider has the PHP 5.6 and 7.0 and 7.2. Can MUSE not the new PHP?

Comments
  • What part of the script if submitting the query? None there
  • Please read Should we ever check for mysqli_connect() errors manually?
  • @Dharman I'm proposing a solution that fits into OP's current code. If you want to propose a more extensive solution that also teaches OP not to reveal errors, please provide your own answer.
  • While this code block may answer the question, it would be best if you could provide a little explanation for why it does so.