An empty row getting inserted in database

Question

Hey I am trying to get this code running for the past few days now. I do not know what is the problem. Whenever I run the code I can see it running but an empty row gets inserted. Basically I ave tried to hard code the data and the data gets inserted. Here is the HTML form:

                        <form action="register.php" id="contactForm" type="post">
                            <div class="row">
                                <div class="form-group">
                                    <div class="col-md-6">
                                        <label>First name *</label>
                                        <input type="text" class="form-control" name="fname" >
                                    </div>
                                    <div class="col-md-6">
                                        <label>Last name *</label>
                                        <input type="text" class="form-control" name="lname" >
                                    </div>
                                </div>
                            </div>
                            <div class="row">
                                <div class="form-group">
                                    <div class="col-md-6">
                                        <label>Gender *</label><br>
                                        <select name="gender">
                                            <option> Male </option>
                                            <option> Female </option>
                                        </select>

                                    </div>

                                    <div class="col-md-6">
                                        <label>Stream *</label><br>
                                        <select name="stream">
                                            <option> B-Tech </option>
                                            <option> M-Tech </option>
                                        </select>

                                    </div>
                                </div>
                            </div>
                            <div class="row">
                                <div class="form-group">
                                    <div class="col-md-6">
                                        <label>Email *</label>
                                        <input type="text"  class="form-control" name="email" >
                                    </div>
                                    <div class="col-md-6">
                                        <label>Mobile *</label>
                                        <input type="text"  class="form-control" name="mobile">
                                    </div>
                                </div>
                            </div>
                            <div class="row">
                                <div class="form-group">
                                    <div class="col-md-6">
                                        <label>College *</label>
                                        <input type="text"  class="form-control" name="college" >
                                    </div>
                                    <div class="col-md-6">
                                        <label>Job Kind *</label>
                                        <input type="text" class="form-control" name="job" >
                                    </div>

                                </div>
                            </div>
                            <div class="row">
                                <div class="col-md-12">
                                    &nbsp&nbsp&nbsp&nbsp

                                    <input type="submit" value="Register" class="btn btn-primary btn-lg" 
                                    data-loading-text="Loading..." name="submit">

                                </div>
                            </div>
                        </form>

Here is the registration.php

<?php
$connection = mysql_connect("EDITED by billy, was an I.P and port number", "user", "password"); // Establishing Connection with Server
$db = mysql_select_db("Registrations_connect", $connection); // Selecting Database from Server

            $first_name = $_POST["fname"];
            $last_name = $_POST["lname"];
            $sex = $_POST["gender"];
            $field = $_POST["stream"];
            $contact = $_POST["mobile"];
            $eaddress = $_POST["email"];
            $institute = $_POST["college"];
            $naukri = $_POST["job"];

            $query = mysql_query("insert into students(fname, lname, gender, stream, mobile, email, college, job) 
            values ('$name', '$last_name', '$sex', '$field','$contact', '$eaddress', '$intitute', '$naukri')");

            echo "<br/><br/><span>Data Inserted successfully...!!</span>";


mysql_close($connection); // Closing Connection with Server
?>

After running; In the inspect element I checked the response:- It shows Data Inserted successfully but actually an empty row is getting inserted. Basically what i think I am not able to correctly grab the data properly from form. Can somebody please check what is the problem. It will be a great help.

Answer 1

The attribute is method, not type. This typo is causing your form to process a GET rather than a POST. So all your variable assignments are wrong.

$first_name = $_POST["fname"];

would be

$first_name = $_GET["fname"];

or you could use the $_REQUEST; or you can just correct the attribute,

<form action="register.php" id="contactForm" method="post">

Your code also is wide open to SQL injections and is using the deprecated mysql_ functions. You should update to mysqli or pdo and be using prepared statements with parameterized queries.

More on SQL injections:
http://php.net/manual/en/security.database.sql-injection.php
How can I prevent SQL injection in PHP?
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29