Inserting data mysqli & php form

laflair13 · 2018-10-18 14:24:10 UTC

I am pulling my hair out over here (well whats left of it). I am trying to insert form fields into my database and I cannot seem to get this working, I have searched and tried every code I could find and nothing I have tried is working.

The php code for posting

<?php
        $servername = "localhost";
        $username = "root";
        $password = "root";
        $database = "valiant_laravel";

        $con = mysqli_connect($servername, $username, $password, $database);

        // Check connection

        if (!$con) {
              die("Connection failed: " . mysqli_connect_error());
        }
         
        echo "Connected successfully";
         
        $sql = "INSERT INTO customers (fname, lname, company, title, telephone, email, address, city, state, zip, notes )
                  VALUES ('$fname', '$lname', '$company', '$title', '$telephone', '$email', '$address', '$city', '$state', '$zip', '$notes')";
        if (mysqli_query($con, $sql)) {
              echo "New record created successfully";
        } else {
              echo "Error: " . $sql . "<br>" . mysqli_error($con);
        }
        mysqli_close($con);

      ?>

And the top of the form line looks like

<form enctype="multipart/form-data" action="" method="post" name="add_customer" id="add_customer" class="form-horizontal">

I know this has been asked 100 times, but I did search and like I mentioned, nothing I have tried has worked.

Thanks in advance.

Dormilich · 2018-10-18 14:37:10 UTC

You didn’t create the variables you use in the query.

Additionally, getting multipart/form-data from the request requires you to fetch and parse the data yourself. If you use the default enctype, you’ll find the data in $_GET/$_POST.

Make sure to protect yourself from SQL injection and use Prepared Statements!

ScallioXTX · 2018-10-18 19:08:17 UTC

No it doesn’t. PHP is perfectly capable of parsing multipart/form-data. I’ve never had a problem with it.

donboe · 2018-10-18 19:43:19 UTC

@laflair13. Are you using AJAX to submit the form? Because I don’t see a reference in your action attribute?

laflair13 · 2018-10-18 19:55:34 UTC

I have the php code on the same page. It is right above the form tag.

donboe · 2018-10-18 20:02:15 UTC

@laflair13. I am not sure what you mean but can you show that code as well? …and like @Dormilich explained allready you didn’t create the variables to use for the insert

droopsnoot · 2018-10-19 09:15:59 UTC

That seems to be a common thing - to stick the PHP form code in the top of the same page that draws the form, surrounded by a check on the server request method (or checking to see if one of the form variables is set) to see whether it’s drawing the initial form, or processing the data from it. Presumably the OP has missed this bit out of their post to keep things simple.

I always used to post to a PHP in a separate file until I saw lots of people doing it this way, although once it gets complex it seems easier to separate the code out. It also drums home the thought that there is nothing passed from one end of the script to the other, unless it is explicitly done.

I also see quite a few examples where people miss out the bit that parses the $_POST array into individual variables - I would not be surprised to see that the OPs form field names are the same as those variable names.

ScallioXTX · 2018-10-19 10:47:19 UTC

Actually the examples that use variables from the form directly might stem from the olden days where register_globals was still a thing. Basically it’s the same as extract($_REQUEST); at the top of every script so all POST values became available as variables. It was horrible practice and has been removed from PHP entirely now. But that’s probably what those scripts are based on.

droopsnoot · 2018-10-19 11:05:53 UTC

Oh, I hadn’t realised that used to be a thing, I’ve not been in PHP for all that long. I guess maybe that’s coming from outdated on-line tutorials somewhere.