Entering data from form into Database PDO

Question

I learned MySQL, created a form and had it working with the database. I was then told I should be doing it PDO with prepared statements, so I did some research on that and changed my code.

I now have the code right (I think) but I can't figure out how data gets input. As you can see on my code, I have the database creating the rows as the user submits the form. However the database just picks up on whatever is within the speech marks under //insert a row and //insert another row.

For example, right now if the user completes and submits the form, no matter what information they enter, I just get 'Joe' and 'joe@example.com' etc showing in my database. Obviously I need their answers, otherwise my form would be irrelavant (as would the data submission). Have I totally missed the mark or am I missing something silly? I've tried changing and researching but am struggling. Really new to all this.

FORM:

<form action="testsubmit-pdo.php" method="post">
<label>Student Name :</label>
<input type="text" name="stu_name" id="name" required="required"       placeholder="Please Enter Name"/><br /><br />
<label>Student Email :</label>
<input type="email" name="stu_email" id="email" required="required" placeholder="john123@gmail.com"/><br/><br />
<label>Student City :</label>
<input type="text" name="stu_city" id="city" required="required" placeholder="Please Enter Your City"/><br/><br />
<input type="submit" value=" Submit " name="submit"/><br />
</form>

PHP:

try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);

// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO demo (stu_name, stu_email, stu_city)
VALUES (:stu_name, :stu_email, :stu_city)");
$stmt->bindParam(':stu_name', $stu_name);
$stmt->bindParam(':stu_email', $stu_email);
$stmt->bindParam(':stu_city', $stu_city);

// insert a row
$stu_name = "Joe";
$stu_email = "joe@example.com";
$stu_city = "Joeland";
$stmt->execute();

// insert another row
$stu_name = "Mary";
$stu_email = "mary@example.com";
$stu_city = "Maryland";
$stmt->execute();

echo "New records created successfully";
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
$conn = null;

Answer 1

You post the data entered by the user to your php file

<form action="some_php_file.php" method="post">
  <input type="text" name="stu_name">
   <input type="email" name="stu_email">
  <input type="text" name="stu_city">
  <input type="submit" name="submit" value="submit">
</form>

and in php code, first you need to check if the submit button is clicked

   //check if submit button is clicked
  If(isset($_POST['submit'])){
    try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);

  // set the PDO error mode to exception
   $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

   // prepare sql and bind parameters
   $stmt = $conn->prepare("INSERT INTO demo (stu_name, stu_email, stu_city)
    VALUES (:stu_name, :stu_email, :stu_city)");
    $stmt->bindParam(':stu_name', $stu_name);
   $stmt->bindParam(':stu_email', $stu_email);
   $stmt->bindParam(':stu_city', $stu_city);

    $stu_name = $_POST['stu_name'];
    $stu_email = $_POST['stu_email'];
    $stu_city = $_POST['stu_city'];
    $stmt->execute();
    echo "New records created successfully";
}catch(PDOException $e){
  echo "Error: " . $e->getMessage();
}
$conn = null;
}

Answer 2

Change this -

// insert a row
$stu_name = "Joe";
$stu_email = "joe@example.com";
$stu_city = "Joeland";
$stmt->execute();

// insert another row
$stu_name = "Mary";
$stu_email = "mary@example.com";
$stu_city = "Maryland";
$stmt->execute();

to this -

// insert a row
$stu_name = $_POST['stu_name'];
$stu_email = $_POST['stu_email'];
$stu_city = $_POST['stu_city'];
$stmt->execute();

Your form will place the values in PHP's POST array and you can access them by the name property from the form.