Insert Text Fields into a Database with PHP and HTML

Question

Im trying to add text to a database with a text entry, heres the part of the text entry of index.php:

Now heres the steamauth/senddb.php code:

 $value1 = $_POST['username'];
$value2 = $_POST['steamid'];
$value3 = $_POST['server'];
$sql = "INSERT INTO StaffTeam (username, steamid, server) VALUES('".$value1."', '".$value2."', '".$value3."')"; 
if ($conn->query($sql) === TRUE) {
echo "Admin added succesfully, redirecting in 3 seconds...";
header( "refresh:3;url=http://vanityrp.site.nfoservers.com/index.php" );
} else {
echo "Error: " . $sql . "
" . $conn->error;
}

So, now, the problem is, im getting empty records on the database, how can i fix that

Funk Forty Niner · Accepted Answer

There are 2 things wrong here.

First, you're using a GET method in your form, but then using POST arrays.

Both need to match. POST/POST and not GET/POST.

Then you're outputting before header with echo on top of headers.

How to fix "Headers already sent" error in PHP

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

If you are trying to pass data that MySQL will complain about, such as John's Bar & Grill (apostrophes), then you will need to escape your data; something you should be doing anyway.

I.e.:

$var = mysqli_real_escape_string($conn, $_POST['var']);

Your column types and lengths should also be correct and able to accomodate the data.

Add error reporting to the top of your file(s) which will help find errors.



Sidenote: Displaying errors should only be done in staging, and never production.

Plus, make sure you are successfully connected to your database with mysqli_.


Different MySQL APIs do not intermix. (sidenote).

Insert Text Fields into a Database with PHP and HTML

Answers (1)

Related Questions