Need help in submitting a contact form to a phpmyadmin database

hammer · September 25, 2016, 2:36am

I’ve checked the new php code twice over and i’m getting page is not working. Have you checked the code for any errors?

Mittineague · September 25, 2016, 2:41am

I have now. There was a typo after the else - a parentheses instead of a curly brace

Now fixed.

hammer · September 25, 2016, 2:45am

Now it’s back up and working here is the response:
array(5) { [0]=> string(1) “1” [1]=> string(4) “test” [2]=> string(13) “test@test.com” [3]=> string(4) “test” [4]=> string(7) “testing” }

If you are wondering i have already tested the mysql database only populating the database with one entry in phpmyadmin.

Mittineague · September 25, 2016, 3:11am

Well, that brings us to the (incomplete here) query as the suspect problem area.

$query   = "INSERT into tb_cform (u_name,u_email,subj,message) VALUES('" . $nam$

As felgall posted, “query” is fine for queries that don’t have any user supplied input involved, else prepared statements should be used.

Try running this as the thankyou.php code

<?php 
require 'connection.php';
$conn = Connect();

/* skip testing for the POST array for now */

/* Prepare an insert statement */
$query = "INSERT INTO tb_cform (u_name, u_email, subj, message) VALUES (?,?,?,?)";
$stmt = $conn->prepare($query);

$stmt->bind_param("ssss", $_POST['u_name'], $_POST['u_email'], $_POST['subj'], $_POST['message']);

/* Execute the statement */
$stmt->execute();

if ($stmt->affected_rows > 0) {
  echo "Thank You For Contacting Us <br>";
  printf("rows inserted: %d\n", $stmt->affected_rows);
} else {
  echo "Did not enter data";
}

/* close statement */
$stmt->close();

$conn->close();
?>

hammer · September 25, 2016, 3:20am

I mentioned above that the values didn’t copy and paste correctly here is the missing segment:
VALUES(‘" . $name . "’,‘" . $email . "’,‘" . $subj . "’,‘" . $message . "’)";

hammer · September 25, 2016, 3:23am

I got the page is not working on thankyou.php

hammer · September 25, 2016, 4:01am

I’m off to bed, I’ll be checking this thread tomorrow, if it’s ok with you continue tomorrow?

felgall · September 25, 2016, 7:33am

That part is still wrong - don’t jumble data with your SQL.

Mittineague showed you the correct way to code it (although the next step would be to validate the $_POST values before letting them anywhere near the database).

hammer · September 26, 2016, 2:26pm

Hey Mittineague, you still there?

Mittineague · September 26, 2016, 4:53pm

I’m back. Please post the code that you are using that has the problem as it is now.

hammer · September 26, 2016, 4:54pm

Yeah sure, just give me a minute

hammer · September 26, 2016, 4:55pm

connection.php:

<?php
 
 
function Connect()
{
 $dbhost = "localhost";
 $dbuser = "root";
 $dbpass = "";
 $dbname = "responses";
 
 // Create connection
 $conn = new mysqli(servername, username, password, dbname) or die($conn->connect_erro$
 
 return $conn;
}
 
?>

thankyou.php:
<?php 
require 'connection.php';
$conn = Connect();

/* skip testing for the POST array for now */

/* Prepare an insert statement */
$query = "INSERT INTO tb_cform (u_name, u_email, subj, message) VALUES (?,?,?,?)";
$stmt = $conn->prepare($query);

$stmt->bind_param("ssss", $_POST['u_name'], $_POST['u_email'], $_POST['subj'], $_POST['message']);

/* Execute the statement */
$stmt->execute();

if ($stmt->affected_rows > 0) {
  echo "Thank You For Contacting Us <br>";
  printf("rows inserted: %d\n", $stmt->affected_rows);
} else {
  echo "Did not enter data";
}

/* close statement */
$stmt->close();

$conn->close();
?>

spaceshiptrooper · September 26, 2016, 5:10pm

I don’t actually get the reason to insert data twice for the contact page and the thankyou page. It actually makes no total sense at all. Shouldn’t a thank you page just for telling the user that their data has already been submitted?

hammer · September 26, 2016, 5:15pm

Blame the tutorial i linked
Better yet click the tutorial link i posted at top and read the comments, apparently from the comments the php was even worse than the revised version being vulnerable to SQL injections etc.

Mittineague · September 26, 2016, 6:02pm

I just did the tutorial (except I used the CLI instead of phpMyAdmin and I put the table in my existing “testing” database)

It “worked”, such as it is with it’s remaining faults.

I have 3 files, all in the same folder (for security, “connection.php” should be outside of the root)

contactus.html

<html>
<head>
<title> Simple PHP contact form with MySQL and Form Validation </title>
</head>
<body>
<h3> Contact US</h3>
<form action="thankyou.php" method="post">
  Name:<br>
  <input type="text" name="u_name" required><br>
 
  Email:
  <input type="email" name="u_email" required><br>
 
Subject:<br>
  <input type="text" name="subj" required><br>
 
Message:<br>
  <input type="text" name="message" required><br>
<input type="submit" value="Submit"><br>
</form>
</body>
</html>

connection.php

<?php
function Connect()
{
 $dbhost = "localhost";
 $dbuser = "root";
 $dbpass = "my_password_for_the_database"
 $dbname = "testing";
 // Create connection
 $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname) or die($conn->connect_error);
 return $conn;
}
?>

thankyou.php

<?php
# thankyou.php:
require 'connection.php';

$conn = Connect();

/* skip testing for the POST array for now */

/* Prepare an insert statement */
$query = "INSERT INTO tb_cform (u_name, u_email, subj, message) VALUES (?,?,?,?)";
$stmt = $conn->prepare($query);

$stmt->bind_param("ssss", $_POST['u_name'], $_POST['u_email'], $_POST['subj'], $_POST['message']);

/* Execute the statement */
$stmt->execute();

if ($stmt->affected_rows > 0) {
  echo "Thank You For Contacting Us <br>";
  printf("rows inserted: %d\n", $stmt->affected_rows);
} else {
  echo "Did not enter data";
}

/* close statement */
$stmt->close();

$conn->close();
?>

Are you sure you are using the same spelling and case for names everywhere?
Also check the die line in your connection.php file, it looks messed up.

hammer · September 26, 2016, 6:05pm

Well the one thing that stands out is that,
($dbhost, $dbuser, $dbpass, $dbname) is not the same on my connection.php which is (servername, username, password, dbname) so i’ll change it and see what happens.

hammer · September 26, 2016, 6:08pm

Ok i changed it and got Thank You For Contacting Us
rows inserted: 1, so it looks like it now works, I’ll just log into phpmyadmin and check the database.

hammer · September 26, 2016, 6:11pm

It works! the data is name in the database feilds, thank you so much for your time i really appreciate it.

Mittineague · September 26, 2016, 6:17pm

Great!

IMHO when testing it is a good idea to make sure you get error messages.
Even though I have my localhost ini configured to show them I still usually put this at the beginning of my PHP files.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 'true');

And though having “die” show database error messages is good for development, it is a bad idea to use that on a live site.

But custom error handling is a different topic.

hammer · September 26, 2016, 6:26pm

What should I replace die with? My website is nearly ready to go live. (Not very experienced with PHP as you have probably guessed )

Topic		Replies	Views
Add simple captcha to contact form PHP	6	1226	February 25, 2010
PHP contact form - saving data (my first one) PHP	2	399	June 10, 2011
Need a secure PHP contact form, or a captcha PHP	5	1480	February 20, 2015
Form validation not working JavaScript	11	14288	October 8, 2014
Add captcha to php form I have PHP	2	660	March 2, 2010

Need help in submitting a contact form to a phpmyadmin database

Related topics