POST to MySQL database from HTML form using PHP, form reloads with no data posted

Question

I am trying to write code that will allow users to add a free public toilet to my database. This requires adding data to 3 separate tables in my database: borough, location, and rooms. I am using insert_id to link the queries to each parent/child table.

As my code is written now, the form just reloads on the page with nothing added to the database. Is the problem because some of my form input types are a dropdown select menu and a few checkboxes (one of which is an array)? This is my first semester learning php and MySQL, so I'd appreciate helpful pointers or other answers to look at. Thanks!

I've looked at several answers on this site already, but haven't found any with forms that include all of my input types.

#Add a toilet to the database
if (isset($_POST['submit'])) { //check if the form has been submitted
    if ((empty($_POST['name'])) || (empty($_POST['location'])) || (empty($_POST['hours'])) || (empty($_POST['boro_id'])) || 
        (empty($_POST['boro_name'])) || (empty($_POST['gender'])) || (empty($_POST['handicap_access'])) || 
        (empty($_POST['change_table'])) || (empty($_POST['stalls'])) ) {
        $message = '<p class="error">Please fill out all of the form fields!</p>';
        } else {
        $conn = new mysqli($hn, $un, $pw, $db);
        if ($conn->connect_error) die($conn->connect_error);

        $name = sanitizeMySQL($conn, $_POST['name']);
        $location = sanitizeMySQL($conn, $_POST['location']);           
        $hours = sanitizeMySQL($conn, $_POST['hours']);
        $boro_id = sanitizeMySQL($conn, $_POST['boro_id']);
        $boro_name = sanitizeMySQL($conn, $_POST['boro_name']);
        $gender = sanitizeMySQL($conn, $_POST['gender']);
        $h_a = sanitizeMySQL($conn, $_POST['handicap_access']);
        $c_t = sanitizeMySQL($conn, $_POST['change_table']);
        $stalls = sanitizeMySQL($conn, $_POST['stalls']);


        $query = 'INSERT INTO `borough` VALUES(NULL, \"$boro_name\")';
        $result = $conn->query($query);
        $insertID = $conn->insert_id;

        $query = 'INSERT INTO `location` VALUES(NULL, \"$name\", \"$location\", \"$hours\", NULL, \"$insertID\" )';
        $result = $conn->query($query);
        $insertID = $conn->insert_id;

        $query = 'INSERT INTO `rooms` VALUES(NULL, \"$insertID\", \"$gender\", \"$h_a\", \"$c_t\", \"$stalls\" )';
        $result = $conn->query($query);

        if (!$result) {
            die ("Database access failed: " . $conn->error);
        } else {
            $message = "<p class=\"message\">Successfully added new toilet! <a href=\"index.php\">Return to home</a></p>";
        }
    }
}

if (isset($message)) echo $message;

function sanitizeString($var)
{
    $var = stripslashes($var);
    $var = strip_tags($var);
    $var = htmlentities($var);
    return $var;
}
function sanitizeMySQL($connection, $var)
{
    $var = sanitizeString($var);
    $var = $connection->real_escape_string($var);
    return $var;
}
?>

<h1>Add a public toilet</h1>
<div class="form">
    <form method="POST" action="">
        Borough<br>
        <select name="boro_name" size="1">
        <option value="Bronx">Bronx</option>
        <option value="Brooklyn">Brooklyn</option>
        <option value="Manhattan">Manhattan</option>
        <option value="Queens">Queens</option>
        <option value="Staten Island">Staten Island</option>
        </select><br><br>
        <div>Name <input type="text" name="name"></div><br>
        <div>Location <input type="text" name="location"></div><br>
        <div>Hours <input type="text" name="hours"></div><br>
        Gender<br>
        <input type="checkbox" name="gender[]" value="men">Men<br>
        <input type="checkbox" name="gender[]" value="women">Women<br>
        <input type="checkbox" name="gender[]" value="neutral">Neutral<br><br>
        Handicap Accessible
        <input type="checkbox" name="handicap_access"><br><br>
        Changing Tables
        <input type="checkbox" name="change_table"><br><br>
        <div>Number of Stalls <input type="text" name="stalls"></div><br><br>
        <input type="submit" name="submit" value="Submit">
    </form>
</div>    

I expect the form to submit to my database, and tell the user they were successful.

Answer 1

Your concern about so many input types is fair enough but you will find that it all looks pretty similar to the back end. What you need to do is see what is going on with the data and your if/then logic.

Let us debug

Rather than just debugging your code, which someone may well be willing to do, I'm going to teach you how to debug it yourself. Because, honestly, this should be fairly easy for you with the right pointers.

First, you know that you have a form and something that should process things. What you do not know is what the data looks like.

This little snippet will let you see the data you are sending up. For goodness sake, please do not leave this code in when you set the site live.

  echo '<pre>';
  print_r($_POST);
  echo '</pre>';

If anything is not quite what you were expecting, then you will know how to make changes. That should put to rest any worries you might have about input types etc.. But if you find something odd, you can do something about it.

Watching your code

You can also follow your code through by adding "watchers". Temporary extra lines that show you the order that things are happening in.

For example:

if (isset($_POST['submit'])) { //check if the form has been submitted
    echo "1. Post contains submit";
    // ...
    echo "2.a. Something was empty ";
    } else {
    echo "2.b. Form was good ";
    

This will show you how PHP is following the logic you have given it. Pop them in all along and they will tell you what code is running and in which order. Look for watchers that are missing as well as the ones that show up.

Be sure things are working

Now you might find a problem here:

    $query = 'INSERT INTO `borough` VALUES(NULL, \"$boro_name\")';
    $result = $conn->query($query);
    $insertID = $conn->insert_id;

How do you know the insert worked? You don't because you never tested it. I'm going to assume your last watcher was 6. Lets make some tests here too.

    $query = 'INSERT INTO `borough` VALUES(NULL, \"$boro_name\")';
    $result = $conn->query($query);
    if (!$result) {
        die ("Database insert failed at stage one " . $conn->error);
    } else {
        echo "7. Stage one success";
    }
    $insertID = $conn->insert_id;

Now you know if that one works. Did the second insert work? Again, you do not know because you only test the last one. You could be three errors in before you even checked. Do likewise and check the second stage insert.

What now?

Put all that together and you should be able to see exactly where this script is failing. Which should tell you exactly what you need to do to get it working. If you are still stuck or things are still refusing to get with the program you will have a much more specific question to ask.

Keep testing, keep improving, and keep asking questions. Your code is reasonably structured so debugging it should be simple.

Bonus material:

If you make a small change, you could do less work passing out messages. Why put HTML in messages? That seems like more work than you want.

if (isset($message)) echo "<p class=\"message\">$message</p>";