CODEWITHSUNDEEP
phphtmlsql
Aiden Teran Gaming
Aiden Teran Gaming

Reputation: 1

Adding PHP Form to SQL Database

I am trying to create a form through HTML that will will send information imputed by the user to a sql database, However, When we refresh the screen it will send a blank version of the data and if we send then form with data in it will wipe the information and send a old form.

// THis is the form in HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Add Record Form</title>
</head>
<body>
<form action="civilian_whitelist.php" method="post">
    <p>
        <label for="roleplayName">Role Play Name:</label>
        <input type="text" name="roleplayname" id="roleplayName">
    </p>
    <p>
        <label for="playerID">Player ID:</label>
        <input type="text" name="playerid" id="playerID">
    </p>
    <input type="submit" value="Submit">
</form>
</body>
</html>

//This is the PHP for the sending of the code to the sql database

 <?php

    if (iaView::REQUEST_HTML == $iaView->getRequestType())
    {
        $iaView->display('civilian_whitelist');
    }

    /* Attempt MySQL server connection. Assuming you are running MySQL
    server with default setting (user 'root' with no password) */
    $link = mysqli_connect("HIDDEN", "ericmcho_pro", "HIDDEN", "ericmcho_pro");

    // Check connection
    if($link === false){
        die("ERROR: Could not connect. " . mysqli_connect_error());
    }

    // Escape user inputs for security
    $roleplayName = mysqli_real_escape_string($link, $_POST['roleplayname']);
    $playerID = mysqli_real_escape_string($link, $_POST['playerid']);

    // attempt insert query execution
    $sql = "INSERT INTO whitelist (Name, UID) VALUES ('$roleplayName', '$playerID')";
    if(mysqli_query($link, $sql)){
        echo "Records added successfully.";
    } else{
        echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
    }

    // close connection
    mysqli_close($link);
    ?>

Upvotes: 0

Views: 59

Answers (1)

meda
meda

Reputation: 45490

At least you should check if the fields are set before running the rest of the code.

if(isset($_POST['roleplayname'], $_POST['playerid'])){
  //code here
}

or

if(isset($_POST['submit'])){
  //code here
}

Also you should use about prepared statement:

http://php.net/manual/en/mysqli.prepare.php

Upvotes: 3

Related Questions