CODEWITHSUNDEEP
phpmysql
nixrul
nixrul

Reputation: 9

Adding data from PHP to MYSQL database

First of all i'm sorry if this duplicate topics. However i've tried many solution but still failed. Basically i want to add input data to mysql table. At first, all the input is blank when click submit. After few round of try and error, i manage to have input data key in to the db table but certain column still empty. need you guys help how can i fix this.

<?php
$servername = "localhost";
$username = "test";
$password = "alltest123";
$dbname = "test";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

// Get values from form 
$ixname=($_POST['ixp']);
$peername=($_POST['test2']);
$asname=($_POST['asname']);
$ipv4=($_POST['ipv4']);
$ipv6=($_POST['ipv6']);
$descr=($_POST['test3']);
$node=($_POST['node']);
$category=($_POST['category']);

$sql = "INSERT INTO tbl_peer (ixname, peername, asname, ipv4, ipv6, descr, node, category)
VALUES ('$ixp', '$test2', '$asname', '$ipv4', '$ipv6', '$test3', '$node', '$category')";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

form.php

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form name="form1" method="post" action="insert_ac.php">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Test Form </strong></td>
</tr>
<tr>
<td width="71">IX Name</td>
<td width="6">:</td>
<td width="301"><input name="ixp" type="text" id="ixp"></td>
</tr>
<tr>
<td>Peer Name</td>
<td>:</td>
<td><input name="test2" type="text" id="test2"></td>
</tr>
<tr>
<td>ASN</td>
<td>:</td>
<td><input name="asname" type="text" id="asname"></td>
</tr>
<tr>
<td>Ipv4 Address</td>
<td>:</td>
<td><input name="ipv4" type="text" id="ipv4"></td>
</tr>
<tr>
<td>Ipv6 Address</td>
<td>:</td>
<td><input name="ipv6" type="text" id="ipv6"></td>
</tr>
<tr>
<td>Description</td>
<td>:</td>
<td><input name="test3" type="text" id="test3"></td>
</tr>
<tr>
<td>Node</td>
<td>:</td>
<td><input name="node" type="text" id="node"></td>
</tr>
<tr>
<td>Category</td>
<td>:</td>
<td><input name="category" type="text" id="category"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>

PHP and MYSQL version

PHP 7.0.33-0+deb9u1 (cli) (built: Dec  7 2018 11:36:49) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.33-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies
    with Xdebug v2.5.0, Copyright (c) 2002-2016, by Derick Rethans

mysql  Ver 15.1 Distrib 10.1.37-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Error Logs

PHP Notice:  Undefined variable: ixp in /var/www/insert_ac.php on line 25, referer: testb.php
PHP Stack trace:, referer:testb.php
PHP   1. {main}() /var/www/insert_ac.php:0, referer: testb.php
PHP Notice:  Undefined variable: test2 in /var/www/insert_ac.php on line 25, referer: testb.php
PHP Stack trace:, referer: testb.php
PHP   1. {main}() /var/www/insert_ac.php:0, referer: testb.php
PHP Notice:  Undefined variable: test3 in /var/www/insert_ac.php on line 25, referer:testb.php
PHP Stack trace:, referer: testb.php
PHP   1. {main}() /var/www/insert_ac.php:0, referer: testb.php

Upvotes: 0

Views: 42

Answers (3)

Rohit Mittal
Rohit Mittal

Reputation: 2104

You are not using correct variables. You should change your SQL query like below:

$sql = "INSERT INTO tbl_peer (ixname, peername, asname, ipv4, ipv6, descr, node, category)
    VALUES ('$ixname', '$peername', '$asname', '$ipv4', '$ipv6', '$descr', '$node', '$category')";

Also, you should bind your variables in SQL query to avoid SQL injection. Check link for more information: https://www.w3schools.com/php/php_mysql_prepared_statements.asp

Hope it can help you.

Upvotes: 1

Gajanan Kolpuke
Gajanan Kolpuke

Reputation: 155

Hey instead of storing all values in a respective variable just use extract() method which will give your result.

// Get values from form 
extract($_POST);

$sql = "INSERT INTO tbl_peer (ixname, peername, asname, ipv4, ipv6, descr, node, category)
VALUES ('$ixp', '$test2', '$asname', '$ipv4', '$ipv6', '$test3', '$node', '$category')";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

For more reference http://php.net/manual/en/function.extract.php

Upvotes: 0

RiggsFolly
RiggsFolly

Reputation: 94682

Simple typo's really. You have moved data from the POST array into scalar variables, but then used the wrong variable names in the INSERT query

$ixname=($_POST['ixp']);
$peername=($_POST['test2']);
$descr=($_POST['test3']);

query 

VALUES ('$ixp', '$test2', '$asname', '$ipv4', '$ipv6', '$test3', '$node', '$category')";
         ^^^     ^^^^^^                                 ^^^^^^^

I have to warn you that Your script is wide open to SQL Injection Attack Even if you are escaping inputs, its not safe! Use prepared parameterized statements in either the MYSQLI_ or PDO API's

Upvotes: 1

Related Questions