Form saying its sent but there is no data is showing up in the database

I’m new to PHP and still trying to get my head round it. this form says that the data has been sent to the database but when I look the database is empty, no errors are showing up? is there a problem with my code.

Note: I understand that this form is not protected from SQL Injection.


HTML


<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
    <head>
        <title>Page Form</title>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        <div class="container">
            <div class="main">
                <h2>PHP Page 3 Form</h2><hr/>
                <span id="error">

                </span>
                <form action="page4_insertdata.php" method="post">

                    <label>Company Name :<span>*</span></label><br />
                    <input name="company_name" type="text" placeholder="Joes Cleaner" required>
                    <br />

                    <label>Ref :<span>*</span></label><br />
                    <input name="ref" type="text" placeholder="H123" required>
                    <br />

                    <label>Website :<span>*</span></label><br />
                    <input name="website" type="text" placeholder="www.google.com" required>
                    <br />

                    <label>Email :<span>*</span></label><br />
                    <input name="email" type="email" placeholder="[email protected]" required>
                    <br />

                    <label>Telephone :<span>*</span></label><br />
                    <input name="tel" type="text" placeholder="07123456789" required>
                    <br />

                    <label>Message :<span>*</span></label><br />
                    <input name="message" id="message" type="text" size="500" required>
                    <br />



                    <input  type="reset" value="Reset" />
                    <input name="submit" type="submit" value="Submit" />

                </form>
            </div>

        </div>
    </body>
</html>

PHP


<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
    <head>
        <title>PHP Multi Page Form</title>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        <div class="container">
            <div class="main">
                <h2>PHP Multi Page Form</h2><hr/>

                <?php

                            $servername = "localhost";
                            $db_database = 'form';
                            $username = "root";
                            $password = "";

                            // Create connection
                            $conn = new mysqli($servername, $username, $password);

                            // Check connection
                            if ($conn->connect_error) {
                                die("Connection failed: " . $conn->connect_error);
                            } 
                            echo "DB Connected successfully. ";


                            $company_name = $_POST['company_name'];
                            $ref = $_POST['ref'];
                            $website = $_POST['website'];
                            $email = $_POST['email'];
                            $tel = $_POST['tel'];
                            $message = $_POST['message'];


                            $sql = "INSERT INTO detail (company_name,ref,website,email,tel,message) 
                            VALUES ('$company_name','$ref','$website','$email','$tel','$message')";

                            if($sql){
                            echo " Database Sent.";
                            }
                            else {
                            echo "ERROR to insert into database";
                            };
                ?>
            </div>

        </div>
    </body>
</html>

Answer

Change the following code:

if($sql){
echo " Database Sent.";
}
else {
echo "ERROR to insert into database";
};

To:

$result = $conn->query($sql);
if($result){
    echo " Database Sent.";
}
else {
    echo "ERROR to insert into database";
};

This way you are actually performing the query and checking on failure of query…

To make your query a bit safer, try the following:

$sql = "
    INSERT INTO detail (
        company_name,
        ref,
        website,
        email,
        tel,
        message
    ) 
    VALUES (
        '" . mysqli_real_escape_string($company_name) . "',
        '" . mysqli_real_escape_string($ref) . "',
        '" . mysqli_real_escape_string($website) . "',
        '" . mysqli_real_escape_string($email) . "',
        '" . mysqli_real_escape_string($tel) . "',
        '" . mysqli_real_escape_string($message) . "'
    )";

Better yet, use binding of params by replace the $sql instantiation and query execution ($conn->query()) with the following:

$stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param('ssssss', $company_name, $ref, $website, $email, $tel, $message);
$stmt->execute();

You can read up on binding parameters with mysqli by visiting PHP: mysqli_stmt::bind_param – Manual

Complete code:

<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
    <head>
        <title>PHP Multi Page Form</title>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        <div class="container">
            <div class="main">
                <h2>PHP Multi Page Form</h2><hr/>

                <?php

                            $servername = "localhost";
                            $db_database = 'form';
                            $username = "root";
                            $password = "";

                            // Create connection
                            $conn = new mysqli($servername, $username, $password, $db_database);

                            // Check connection
                            if ($conn->connect_error) {
                                die("Connection failed: " . $conn->connect_error);
                            } 
                            echo "DB Connected successfully. ";

                            $stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)");
                            $stmt->bind_param('ssssss', 
                                $_REQUEST['company_name'],
                                $_REQUEST['ref'],
                                $_REQUEST['website'],
                                $_REQUEST['email'],
                                $_REQUEST['tel'],
                                $_REQUEST['message']
                            );

                            if($stmt->execute()) {
                                echo " Database Sent.";
                            } else {
                                echo "ERROR to insert into database: " . $stmt->error;
                            };
                ?>
            </div>

        </div>
    </body>
</html>

Leave a Reply

Your email address will not be published. Required fields are marked *