Evening guys,
I’m trying to get data from my html form into my mysql database. Everything seems to work correctly, but the data shows up as zero’s rather than what the input fields have.
The form:
<form action="insert.php">
<label>Date:</label> <input class="inputs" type="date" name="date1"><br>
<label>Time:</label> <input class="inputs" type="time" name="time"><br>
<label>Blood Pressure:</label> <input class="inputbp" type="number" min="50" max="200" name="blood1">
<input class="inputbp" type="number" name="blood2"><br>
<label>Heart Rate:</label><input class="inputs" type="number" name="hr"><br>
<label>Other:</label><input class="inputs" type="textarea" name="other"><br><br>
<input class="submit" type="submit">
</form>
The php:
<?php
$con=mysqli_connect("Bodystats.xxxxxxxxxxx.com","xxxxxxxxx","xxxxxxxxxx!","xxxxxxxxxx");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO data (date1, time, blood1, blood2, hr, other)
VALUES
('$_POST[date1]','$_POST[time]','$_POST[blood1]','$_POST[blood2]','$_POST[hr]','$_POST[other]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
The database:
From reading about, it seems its a problem with the HTML side or users inputting data in the incorrect format; not sure how true this is as all the data is selected using the HTML form tags
Any help would be appreciated 
Many thanks
Hey,
Just thought I’d post back…couldn’t see the wood for the trees!
I added method=“post” to my form, and that seemed to do the trick
I think maybe you did something else too. A form by default is method=“get” , which should have worked ok.
I’m not TOO familiar with PHP, but I don’t think that GET data can be seen by $_POST. I think it requires $_GET. If I’m mis-speaking, somebody please advise.
Hi JohnoLFC,
You should modify the code such follows:
<form action="insert.php" method="POST">
In PHP code, you should change:
if(is_array($_POST) )
{
$sql="INSERT INTO data (date1, time, blood1, blood2, hr, other)
VALUES
('$_POST[date1]','$_POST[time]','$_POST[blood1]','$_POST[blood2]','$_POST[hr]','$_POST[other]')";
...
}
You will get undefined constant warnings if you don’t quote those post[keys]. If you are going post directly into the query (not recommended), I would wrap with brackets and single quote the keys, e.g.
'{$_POST['date1']}'
Using if(is_array($_POST) ) doesn’t stop code inside from being processed if not isset POST. Post will always be an array. Instead I would use a post[key] pair and check if isset.
At the very least I would use mysqli_real_escape_string on any values posted from your form if you are not going to bind the parameters. So based on this, I would go.
if(isset($_POST['date1']))
{
$date1 = mysqli_real_escape_string($con, $_POST['date1']);
$time = mysqli_real_escape_string($con, $_POST['time']);
$blood1 = mysqli_real_escape_string($con, $_POST['blood1']);
$blood2 = mysqli_real_escape_string($con, $_POST['blood2']);
$hr = mysqli_real_escape_string($con, $_POST['hr']);
$other = mysqli_real_escape_string($con, $_POST['other']);
$sql="INSERT INTO data (date1, time, blood1, blood2, hr, other)
VALUES
('$date1','$time','$blood1','$blood2','$hr','$other')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
}