Reputation: 9
FORM CODE -
<form method="POST" action="shareexperience.php" id="contactForm" name="sentMessage" target="formsaved">
<br/><textarea rows="5" cols="40" name="views" id="views" placeholder="Views About Your Profession">
</textarea> <br/>
<textarea rows="5" cols="40" name="advice" id="advice" placeholder="Advice 4 Students">
</textarea> <br/>
Wanna Be A Guide 4 Child
<input type="radio" id="yes" name="guide" value="Yes" checked> Yes </input>
<input type="radio" id="No" name="guide" value="No" > No </input>
<br/><input type="text" name="name" id="professionalname" placeholder="Name">
<input type="text" name="email" id="professionalemail" placeholder="Email Id"> <br/>
<br/><input type="submit" value="Share & Nominate" onclick="saveexperience()">
</form>
PHP CODE-
<? php
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " .mysql_error());
//inserting Record to the database
$name = $_POST['name'];
$email = $_POST['email'];
$views = $_POST['views'];
$advice = $_POST['advice'];
$guide=$_POST['guide'];
$query = "INSERT INTO professionals(name,email,views,advice,guide)VALUES('$name','$email', '$views','$advice','$guide')";
$result = mysql_query($query);
mysql_close($con);
?>
Target formsaved has been used to avoid redirection by using html tag iframe as followed below-
<iframe name="formsaved" height="30px" width="300px" scrolling="no" frameborder="0"> </iframe>
Sometimes data enter fines but sometimes it doesn't work You can check my website as well - guidance4future.in/nominate
Note:- onclick has been used to disable one of the html tags in the page further...
Thanks in advance...
Upvotes: 0
Views: 119
Reputation: 2022
You should check the data before it is submitted to the database to make sure that all the fields were filled out properly.
if (!(empty($_POST['name']) || empty($_POST['email']) || empty($_POST['views']) || empty($_POST['advice']) || empty($_POST['guide']))){
// do your stuff here
} else {
// error stuff
}
Additionally, as mentioned in this comment, you should look into using PDO for your database operations.
Upvotes: 0
Reputation: 3031
Firstly, please do some sanity checks on your code! Someone could come along and delete your entire database right now...
I suspect that what's happening is that someone is clicking submit without entering anything in the form: in which case your code will just insert a blank row.
Do some checks first:
$mysqli = new mysqli("localhost", "my_user", "my_password", "database");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connection failed: %s\n", mysqli_connect_error());
exit();
}
$name = $mysqli->real_escape_string($_POST['name']);
$email = $mysqli->real_escape_string($_POST['email']);
$views = $mysqli->real_escape_string($_POST['views']);
$advice = $mysqli->real_escape_string($_POST['advice']);
$guide = $mysqli->real_escape_string$_POST['guide']);
// Check for null fields
if( empty($name) || empty($email) || empty($views) || empty($advice) || empty($guide))
{
print "Please fill in all fields!";
// Show the form again here
}
else
{
$query = "INSERT INTO professionals(name,email,views,advice,guide)VALUES('$name','$email', '$views','$advice','$guide')";
$mysqli->query($query);
}
Upvotes: 2