Reputation: 2454
HTML Form Data to SQL Database
Information
I made a PHP script that connects to my database and creates a record in my database. This works. Now, I added a simple form to this page and I want to make a record in my database based on the input that a user gives.
The PHP script without the form:
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "detachering";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau)
VALUES ('test', 'user', '20', '192', 'HBO')";
if ($conn->query($sql) === TRUE) {
echo "Medewerker is aangemaakt";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
This is the form that I want to add to it:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title></title>
</head>
<body>
<form class="" action="index.html" method="post">
<input type="text" name="voornaam" placeholder="Voornaam">
<input type="text" name="achternaam" placeholder="Achternaam">
<input type="text" name="leeftijd" placeholder="Leeftijd">
<input type="text" name="uurloon" placeholder="Uurloon">
<input type="text" name="opleidingsniveau" placeholder="Opleidingsniveau">
<button type="submit" name="button">Save</button>
</form>
</body>
</html>
I personally think that it should be something like:
INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau)
VALUES ('POST_['voornaam']', 'POST_['achternaam']', 'POST_['leeftijd']', 'POST_['uurloon']', 'POST_['opleidingsniveau']');
I haven't done much in PHP, so any help is greatly appreciated!
Upvotes: 0
Views: 604
Answers (1)
Reputation: 2488
Use prepared statements for this. Unfortunately, with mysqli you'll have to use references and cannot just use the POST array directly.
$stmt = $conn->prepare('INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau) VALUES(?, ?, ?, ?, ?)');
if ($stmt) {
$voornaam = $_POST['voornaam'];
$achternaam = $_POST['achternaam'];
$leeftijd = $_POST['leeftijd']
$uurloon = $_POST['uurloon'];
$opleidingsniveau = $_POST['opleidingsniveau'];
$stmt->bind_param('sssss', $voornaam, $achternaam, $leeftijd, $uurloon, $opleidingsniveau);
$stmt->execute();
}
edit: Since we are talking about it, here is the PDO example (with connection):
try {
$dsn = 'mysql:host=localhost;dbname=test';
$pdo = new PDO($dsn, 'root', 'passwd');
$pdo->exec('SET CHARACTER SET UTF8');
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau) VALUES(?, ?, ?, ?, ?)";
$stmt = $pdo->prepare($sql);
if ($stmt) {
$params = [$_POST['voornaam'], $_POST['achternaam'], $_POST['leeftijd'], $_POST['uurloon'], $_POST['opleidingsniveau']];
$stmt->execute($params);
}
} catch(Exception $e) {
echo $e->getMessage();
}
Note that I'm creating a new array for the parameters since I'm not sure if there are more values in the POST.
Upvotes: 1
Related Questions
- Entering HTML form data to database using SQL?
- Adding PHP Form to SQL Database
- html forms to sql table
- Send html form data to sql database via php
- Form Data to a Table With a Database
- html form into mysql database then onto a table
- html form to mysql database
- HTML Form -> Mysql
- How to use PHP to pass HTML form data to a MYSQL db and return the data to the browser