PHP/MySQL error for a simple form i made for testing (i'm trying to teach myself some MySQL/PHP)

Question

OK, so, first of all, i'm new to PHP and MySQL so i'm sorry if i'm going to ask some stupid questions: The page i am trying to create has 4 forms, and a submit button, and i want to send all this info to the database when i click submit, but i have these errors:

Notice: Undefined index: submit in C:\XAMPP\htdocs\SQLtesting\index.php on line 37

Notice: Undefined variable: sql in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

Warning: mysqli_query(): Empty query in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

Here is the code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <meta name="author" content="abcde" />

    <title>Untitled 2</title>
</head>

<body>

<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="User">
    First Name:
    <input type="text" name="firstName" /> <br />
    Last Name: 
    <input type="text" name="lastName" /> <br />
    E-mail:
    <input type="text" name="email" /> <br />
    Phone Number:
    <input type="text" name="phoneNumber" /> <br />
    <input type="submit" name="submit" />
</form>
<?php
$con=mysqli_connect("localhost","root",'',"test_1");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
if(isset($_POST['submit'])){
    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $phoneNumber = $_POST['phoneNumber'];
}
if($_POST['submit'])
{
$sql="INSERT INTO test_1_1(id,firstName, lastName, email, phoneNumber)
VALUES
('','$_POST[firstName]','$_POST[lastName]','$_POST[email]', '$_POST[phoneNumber]')";
echo "1 record added";
}

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }

mysqli_close($con);
?>
</body>
</html>

I also noticed that if i write the

$sql="INSERT INTO test_1_1(id,firstName, lastName, email, phoneNumber)
VALUES
('','$_POST[firstName]','$_POST[lastName]','$_POST[email]', '$_POST[phoneNumber]')";

simply without an if conditional i won't get the

Warning: mysqli_query(): Empty query in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

error but the code would add an empty row at the beginning.

I am using XAMPP for running this on local machine.

Answer 1

• Notice: Undefined index: submit in C:\XAMPP\htdocs\SQLtesting\index.php on line 37

This means $_POST['submit'] does not exist. You should check if it exists using isset(...) instead of using it directly if you don't want to get the warning.

• Notice: Undefined variable: sql in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

Since $_POST['submit'] does not exist, the if clause is not executed and $sql is not filled, the error is self explanatory here.

• Warning: mysqli_query(): Empty query in C:\XAMPP\htdocs\SQLtesting\index.php on line 45

This means query string ($sql is not defined and therefore defaulted to an empty string) is empty.

Answer 2

Everything is related to everything. At first - use function such as var_dump to dump the content of $_POST.

I don't see the reason why $_POST['submit'] is empty, but I'd add some value to it:

<input type="submit" name="submit" value="Hey!" />

Check the condition and the brackets, it doesn't make sense. See Wayne Whitty's answer is correct.

Personally I'd recommend you using some php framework although you spend more time on it. They usually contain a lot of examples, documentation and they are very often aiming to learn you some good habits (coding style, ...).

Answer 3

You have to make sure that $_POST['submit'] is set before you attempt to run the query. Try:

if(isset($_POST['submit'])){

    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $phoneNumber = $_POST['phoneNumber'];

    $sql = "INSERT INTO test_1_1 (id,firstName, lastName, email, phoneNumber) 
          VALUES ('','$firstName','$lastName','$email', '$phoneNumber')";

    if (!mysqli_query($con,$sql)){
        die('Error: ' . mysqli_error($con));
    }

    echo "1 record added";
}

By the way, your code is open to SQL injection. You can solve this security flaw by getting yourself familiar with prepared statements.

Answer 4

Chances are high that the:

if($_POST['submit']) {}

return false and your $sql var isn't filled

Try to add

var_dump($sql);

right before the

if (!mysqli_query($con,$sql))