CODEWITHSUNDEEP
phpjavascripthtml
jorgeAChacon
jorgeAChacon

Reputation: 327

Storing input from user into database

I am fairly new to PHP and I am trying to save input from a user into a mysql database. I followed a tutorial online on how to do it, but every time I enter the user's info, the website tells me it failed. The only thing that I can think of is the host name(I copied and pasted it from phpadmin).Please let me know if there is something wrong.

contact.html

<section id="mid_section">
                <div id="boxes">
                    <h1>
                        Leave your information here for a quick reponse:
                    </h1>
                    <br/>
                    <form id="myform" action="userinfo.php" method="post">
                        Name:<input type="text" value="name">
                        Email:<input type="email" value="email">
                        Phone:<input type= "tel" value="phone(opt)">
                        <button id="sub">Submit</button>
                    </form>

db.php

<?php
    $conn = mysql_connect('custsql.eigbox.net','username','password');
    $db= mysql_select_db('visitors');
?>

userinfo.php

<?php
    include_once('db.php');

    $name =$_POST['name'];
    $email =$_POST['email'];
    $phone =$_POST['phone'];

    if(mysql_query("INSERT INTO users (name,email,phone) VALUES ('$name','$email','$phone')"))
    echo"successfully inserted";
    else
    echo "failed";
?>

myscript.js

$("#sub").click(function(){

    $.post($("#myform").attr("action"), $("#myform:input").serializeArray(), function(info){$("#result").html(info);});
    });

$("#myform").submit(function(){
    return false;
    });

Upvotes: 1

Views: 30887

Answers (2)

Debashis
Debashis

Reputation: 596

At first, use name on every attributes of the form. So, contact.html will be 

<form id="myform" action="userinfo.php" method="post">
                        Name:<input type="text" value="name" name='name'>
                        Email:<input type="email" value="email" name='email'>
                        Phone:<input type= "tel" value="phone(opt)" name='phone'>
                        <button id="sub">Submit</button>
</form>

Use mysqli_* instead of mysql_* as it is deprecated. You can also use PDO. More on mysqli_*

Filter the data before inserting them into database. So, userinfo.php will look like

include_once('db.php');

$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db,$_POST['email']);
$phone = mysqli_real_escape_string($db,$_POST['phone']);

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".$name."','".$email."','".$phone."')"))
echo"successfully inserted";
else
echo "failed";

Upvotes: 1

Davit
Davit

Reputation: 1373

As you might fairly be a newcomer to php, on one hand it is great to follow tutorials, however chosing a right source might be a frequent disasterous problem.

When you are using functions like mysql_select_db and mysql_query it basiaclly means that you are using a deprecated mysql style.

If you go to official php documentation and search for mysql method, it is going to tell you about its deprecation.

Problem here, though, is not a way you interact with database, your style of coding still works and many people still do it just like that.

I just tell you as a newcomer that instead of mysql_ functions, people tend to favor mysqli and or PDO. Consider them as your future friends.

What about your problem, I believe all is okay, except your mysql_query functions looks odd. Try following code instead of your query statement

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".$name."','".$email."','".$phone."')"))

or for security reasons even better

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".mysql_real_escape_string($name)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($phone)."')"))

If it is not a case and you still get a 'Fail' error statement, you will need to do a very little debugging and people here will be able to help you out

So, you will need to use following instead of what you have now

if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".mysql_real_escape_string($name)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($phone)."')")) {
    echo 'Success!'
} else {
    echo mysql_error();
    exit;
}

Let's see what happens

Upvotes: 4

Related Questions