CODEWITHSUNDEEP
php
Jason
Jason

Reputation: 15

PHP - Add form input into database

I'm trying to add revived form input into database.

<form action="index.php" method="post">
<input type="text" name="firstname" id="firstname">
<br>
<input type="text" name="lastname" id="lastname">
<br>
<input type="submit" name="submit" value="Submit">

if(isset($_POST['submit'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];

$query = "INSERT INTO users (firstname, lastname) VALUES ($firstname, $lastname)";
if($conn->query($query) === true) {
    echo "added";
}else {
    echo $con->error;
}

Example : Firstname = Jason / Lastname = Haw

After clicking on submit button, i see error message : Unknown column 'Jason' in 'field list'

Where is the wrong thing to do?

Upvotes: 0

Views: 42

Answers (1)

YGYG
YGYG

Reputation: 136

$query = "INSERT INTO users (firstname, lastname) VALUES ('$firstname', '$lastname')";

put single quote for $firstname.

but this is not a proper approach, you should use prepared statement. your query is risk of sql injection, because no escaping the input.

Upvotes: 1

Related Questions