Form wont submit data to MySQL Database

Question

I have 1 file with my html form and another php file with the code below. I'm able to connect successfully when i click the submit button. But when I refresh my database in phpMyAdmin control panel. No data gets pushed to my database.

HTML FORM

<form class="well" id="contactForm" name="sendMsg" novalidate="" action="contact_form.php" method="post">
        <div class="control-group">
            <div class="controls">
                <input class="form-control" name="fullname" id="name" type="text" placeholder="Full Name" required="" data-validation-required-message="Please enter your name" />
            </div>
        </div>
        <div class="control-group">
            <div class="controls">
                <input class="form-control" name="phonenumber" id="phone" type="text" placeholder="Phone Number" required="" data-validation-required-message="Please enter your phone number" />
            </div>
        </div>
        <div class="control-group">
            <div class="controls">
                <input class="form-control" name="emailaddress" id="email-address" type="email" placeholder="Email Address" required="" data-validation-required-message="Please enter your email" />
            </div>
        </div>
        <div class="control-group">
            <div class="controls">
                <textarea rows="6" class="form-control" name="message" id="msg" type="msg" placeholder="Enter detailed question/concern, and we will get back to you." required="" data-validation-required-message="Please enter your question/concern"></textarea>
            </div>
        </div>
        <div class="control-group">
            <div class="controls submit-btn">
                <button class="btn btn-primary" type="submit" value="Submit">Submit</button>
            </div>
        </div>
    </form>

CONTACT_FORM.PHP

<?php

define('DB_NAME', 'xxx');
define('DB_USER', 'xxx');
define('DB_PASSWORD', 'xxx');
define('DB_HOST', 'xxx');

$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD);

if(!$connection){
die('Database connection failed: ' . mysqli_connect_error());
}

$db_selected = mysqli_select_db($connection, DB_NAME);

if(!$db_selected){
die('Can\'t use ' .DB_NAME . ' : ' . mysqli_connect_error());
}

echo 'Connected successfully';

$name = @$_POST ['fullname'];
$phone = @$_POST ['phonenumber'];
$email = @$_POST ['emailaddress'];
$msg = @$_POST ['message'];

$sql = "INSERT INTO contact_form (fullname, phonenumber, emailaddress, message) VALUES ('$name',   '$phone', '$email', '$msg')";

if (!mysqli_query($connection, $sql)){
die('Error: ' . mysqli_connect_error($connection));
}
?>

Answer 1

Remove the @ symbols from your $_POST variables, you also need to remove the space. I want to make you aware that you are very exposed to SQL injection without sanitizing/validating those values before inserting them, use ctype or filter_var. Finally, I would recommend changing your collation from latin1 to utf8 unless you have a specific reason for that character set.

You have some extra spaces in your insert values before $phone that is probably causing it to fail

VALUES ('$name',   '$phone', '$email', '$msg')

As stated in another answer, you always need to verify there is data in your variables before trying to use them. Also, if you are redirecting in `contact_form.php, it is very important to put an exit with your failure messages or you may never see them.

if($_POST['fullname']){
    $name = $_POST['fullname']
}else{
    echo "name not received";
    exit;
}
if($_POST['phonenumber']){
    $phone = $_POST['phonenumber']
}else{
    echo "phone not received";
    exit;
}
if($_POST['emailaddress']){
    $email = $_POST['emailaddress']
}else{
    echo "email not received";
    exit;
}
if($_POST['message']){
    $msg = $_POST['message']
}else{
    echo "message not received";
    exit;
}

$sql = "INSERT INTO contact_form (fullname, phonenumber, emailaddress, message) 
        VALUES ('$name', '$phone', '$email', '$msg')";

if (!mysqli_query($connection, $sql)){
die('Error: ' . mysqli_connect_error($connection));
}

Answer 2

It is clear that you are not passing value for the column ID, ether you alter the column AUTO_INCREMENT, Step 1: Click on change column ID Step 2: Check A_I (AUTO_INCREMENT)

Step 3: Click Save

Or another way also you can pass value for ID as below:

$name = @$_POST ['fullname'];
$phone = @$_POST ['phonenumber'];
$email = @$_POST ['emailaddress'];
$msg = @$_POST ['message'];
$id = 1 // Set value for ID

$sql = "INSERT INTO contact_form (ID, fullname, phonenumber, emailaddress, message) VALUES ($id, '$name',   '$phone', '$email', '$msg')";

Answer 3

$sql = "INSERT INTO contact_form 
        (fullname, phonenumber, emailaddress, message) 
        VALUES ('$name',   '$phone', '$email', '$msg')";

use " instead of '

Answer 4

First of all use that construction:

if (isset($_POST['fullname'])) {
    $name = $_POST['fullname'];
}

And so on for other values.

Or better still :-

$name = isset($_POST['fullname']) ? $_POST['fullname'] : '';

This way the field $name is always set to something so you dont get errors when you try and use it later in your code