Jump to content
Larry Ullman's Book Forums

Form Submit Info Not Making It To Database


Recommended Posts

Hey everyone,

 

I am in need of that high quality help I receive when visiting this website. In short, I have a php script that is supposed to automatically submit data to a MySQL database but the data doesn't seem to make it to the database. I am not good at debugging and I am not getting any errors on the pages when I submit an entry.

 

Basically I have this code which takes in the information and as you know/can tell it calls on another php script to do the auto submit to the database. Here is this code:



</head>


<?php
include('../templates/bodyandlogo.htm');
?>


<?php
include('../templates/navmenu.htm');
?>
<br />
<br />


<h1>PoemScribe: Order Form</h1>
<br />
<br />
<p>Please complete the form below and click submit to order your personalized poem.</p>
<br />
<br />

<div id="form">
   <form action="../php_scripts/orderform.php" method="post">

<label for="firstname">First Name:</label>
<div class="input"><input type="text" id="firstname" name="firstname" /></div><br />

<label for="lastname">Last Name:</label>
<div class="input"><input type="text" id="lastname" name="lastname" /></div><br />

<label for="email">Email:</label>
<div class="input"><input type="text" id="email" name="email" /></div><br />

<label for="selectpoemtype">Select Poem Type:<br />
	4-Line Poem: $15
	8-Line Poem: $25
	12-Line Poem: $40
	16-Line Poem: $50
	20-Line Poem: $75
	Please type in your desired poem length. Example: "4line".
</label><br />
<div class="input"><input type="text" id="selectpoemtype" name="selectpoemtype" /><br />

<br />
<br />

<label for="keynames">"Key names to include?"</label>
<div class="input"><input type="text" id="keynames" name="keynames"/></div><br />

<label for="specificwords">Any specific words you would like to include in your poem?</label>
<div class="input"><input type="text" id="specificwords" name="specificwords" /></div><br />

<label for="poemisfor">Who is the poem for?</label>
<div class="input"><input type="text" id="poemisfor" name="poemisfor" /></div><br />

<label for="relationship">Relationship to you?</label>
<div class="input"><input type="text" id="relationship" name="relationship" /></div><br />

<label for="occasion">What is the occasion for this poem?</label>
<div class="input"><input type="text" id="occasion" name="occasion" /></div><br />

<label for="overallmessage">What do you want the overall message of this poem to be?</label>
<div class="input"><input type="text" id="overallmessage" name="overallmessage" /></div><br />

<label for="anythingelse">Any other information you would like for me to know?</label>
<div class="input"><input type="text" id="anythingelse" name="anythingelse" /></div><br />

<div class="input"><input type="submit" value="Submit" name="submit"</div>
</form>
</div><!--form-->

<br />
<br />

<?php
include('../templates/footer.htm');

 

 

 

And then the code that is called on (the script called orderform.php):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>PoemScribe Order Form</title>
</head>
<body>

<h2>PoemScribe</h2>

<?php
	$email = "myemail@gmail.com"; // Email to notify on error
               $first_name = $_POST['firstname'];
               $last_name = $_POST['lastname'];
	$email = $_POST['email'];
	$select_poem_type = $_POST['selectpoemtype'];
	$key_names = $_POST['keynames'];
               $specific_words = $_POST['specificwords'];
	$poem_is_for = $_POST['poemisfor'];
	$relationship = $_POST['relationship'];
               $occasion  = $_POST['occasion'];
	$over_all_message = $_POST['overallmessage'];
	$anything_else = $_POST['anythingelse'];


$dbc = mysqli_connect('localhost', 'login', 'password', 'database'); " .
or die('Error connecting to MySQL server.');

$query = INSERT INTO poem_orders '(firstname, lastname, email, selectpoemtype, keynames, specificwords, poemisfor, " .
"relationship, occasion, overallmessage, anythingelse)" .

"VALUES ('$first_name', '$last_name', '$email', '$select_poem_type' '$key_names', '$specific_words', '$poem_is_for', " .
"'$relationship', '$occasion', '$over_all_message', '$anything_else')";


        echo 'Thank you, ' . $firstname . $lastname;
	echo 'Thanks for submitting the form.<br />';
	echo ' Poem Type: ' . $selectpoemtype;
	echo ' Key names to include: ' . $keynames . '<br />';
               echo 'Specific Words To Include: '. $specificwords . '<br />';
               echo 'Poem is for: ' . $poemisfor . '<br />';
	echo 'Relationship: ' . $relationship . '<br />';
	echo 'Occasion: ' . $occasion . '<br />';
               echo 'Overall Message: ' . $overallmessage . '<br />';
	echo 'You also added: ' . $anything_else;



mysqli_close($dbc);
?>
</body>
</html>

 

Again, I am trying to figure out why my database isn't being populated when someone clicks on the submit button. I tried the code Larry shows on pages 352-354 of this book, but I couldn't get it to work, so I am now trying the code posted above. Any help is appreciated.

 

Thanks in advance,

Randy

Link to comment
Share on other sites

$dbc = mysqli_connect('localhost', 'login', 'password', 'database'); " .
       or die('Error connecting to MySQL server.');

 

It seems you've left the ;" . after mysqli_connect() which is causing your whole sql definition to mess up.

Take out the semicolon, quotation, and the period and see if it works:

 

$dbc = mysqli_connect('localhost', 'login', 'password', 'database')
       or die('Error connecting to MySQL server.');

Link to comment
Share on other sites

Thanks for the help. I tried your suggestion and without success. Also, now I end up with my ide telling me I have an error. I have attached a picture to show what I mean.

 

 

$dbc = mysqli_connect('localhost', 'login', 'password', 'database'); " .
       or die('Error connecting to MySQL server.');

 

It seems you've left the ;" . after mysqli_connect() which is causing your whole sql definition to mess up.

Take out the semicolon, quotation, and the period and see if it works:

 

$dbc = mysqli_connect('localhost', 'login', 'password', 'database')
       or die('Error connecting to MySQL server.');

error.png

Link to comment
Share on other sites

Thanks for the help. I tried your suggestion and without success. Also, now I end up with my ide telling me I have an error. I have attached a picture to show what I mean.

 

 

 

error.png

 

 

The quotes for your query seem all messed up and mismatched. You also don't need to concatenate anything. Here it is fixed:

 

$query = "INSERT INTO poem_orders (firstname, lastname, email, selectpoemtype, keynames, specificwords, poemisfor, relationship, occasion, overallmessage, anythingelse) VALUES ('$first_name', '$last_name', '$email', '$select_poem_type' '$key_names', '$specific_words', '$poem_is_for', '$relationship', '$occasion', '$over_all_message', '$anything_else')";

 

It seems you are also not executing your query. You are defining your query, but I see nothing that executes it.

I'm not familiar with mysqli as I mainly use PDO, but try adding this just after your query definition:

 

$success = mysqli_query($dbc, $query);

// if query was successful, display message to user:
if($success)
{
    echo 'Thank you, ' . $firstname . $lastname;
    echo 'Thanks for submitting the form.<br />';
    echo ' Poem Type: ' . $selectpoemtype;
    echo ' Key names to include: ' . $keynames . '<br />';
    echo 'Specific Words To Include: '. $specificwords . '<br />';
    echo 'Poem is for: ' . $poemisfor . '<br />';
    echo 'Relationship: ' . $relationship . '<br />';
    echo 'Occasion: ' . $occasion . '<br />';
    echo 'Overall Message: ' . $overallmessage . '<br />';
    echo 'You also added: ' . $anything_else;
}
else
{
    echo 'Error: Query failed.';
}

 

Also note that your query is wide open to SQL injection. While it's best to use prepared statements, you can just do this to prevent SQL injection:

 

$email               = "myemail@gmail.com"; // Email to notify on error
$first_name          = mysqli_real_escape_string($_POST['firstname']);
$last_name           = mysqli_real_escape_string($_POST['lastname']);
$email               = mysqli_real_escape_string($_POST['email']);
$select_poem_type    = mysqli_real_escape_string($_POST['selectpoemtype']);
$key_names           = mysqli_real_escape_string($_POST['keynames']);
$specific_words      = mysqli_real_escape_string($_POST['specificwords']);
$poem_is_for         = mysqli_real_escape_string($_POST['poemisfor']);
$relationship        = mysqli_real_escape_string($_POST['relationship']);
$occasion            = mysqli_real_escape_string($_POST['occasion']);
$over_all_message    = mysqli_real_escape_string($_POST['overallmessage']);
$anything_else       = mysqli_real_escape_string($_POST['anythingelse']);

 

http://www.php.net/manual/en/mysqli.real-escape-string.php

 

Zane

Link to comment
Share on other sites

Thank you for taking the time to correct me. I will give this a try tonight.

Randy

 

 

 

The quotes for your query seem all messed up and mismatched. You also don't need to concatenate anything. Here it is fixed:

 

$query = "INSERT INTO poem_orders (firstname, lastname, email, selectpoemtype, keynames, specificwords, poemisfor, relationship, occasion, overallmessage, anythingelse) VALUES ('$first_name', '$last_name', '$email', '$select_poem_type' '$key_names', '$specific_words', '$poem_is_for', '$relationship', '$occasion', '$over_all_message', '$anything_else')";

 

Also note that your query is wide open to SQL injection.

 

It seems you are also not executing your query. You are defining your query, but I see nothing that executes it.

 

I'm not familiar with mysqli as I mainly use PDO, but try adding this just before your query definition:

 

mysqli_select_db($dbc, 'database');

 

and add this just after your query definition:

 

$success = mysqli_query($query);

// if query was successful, display message to user:
if($success)
{
    echo 'Thank you, ' . $firstname . $lastname;
    echo 'Thanks for submitting the form.<br />';
    echo ' Poem Type: ' . $selectpoemtype;
    echo ' Key names to include: ' . $keynames . '<br />';
    echo 'Specific Words To Include: '. $specificwords . '<br />';
    echo 'Poem is for: ' . $poemisfor . '<br />';
    echo 'Relationship: ' . $relationship . '<br />';
    echo 'Occasion: ' . $occasion . '<br />';
    echo 'Overall Message: ' . $overallmessage . '<br />';
    echo 'You also added: ' . $anything_else;
}
else
{
    echo 'Error: Query failed.';
}

 

While it's best to use prepared statements, you can just do this to prevent SQL injection:

 

$email               = "myemail@gmail.com"; // Email to notify on error
$first_name          = mysqli_real_escape_string($_POST['firstname']);
$last_name           = mysqli_real_escape_string($_POST['lastname']);
$email               = mysqli_real_escape_string($_POST['email']);
$select_poem_type    = mysqli_real_escape_string($_POST['selectpoemtype']);
$key_names           = mysqli_real_escape_string($_POST['keynames']);
$specific_words      = mysqli_real_escape_string($_POST['specificwords']);
$poem_is_for         = mysqli_real_escape_string($_POST['poemisfor']);
$relationship        = mysqli_real_escape_string($_POST['relationship']);
$occasion            = mysqli_real_escape_string($_POST['occasion']);
$over_all_message    = mysqli_real_escape_string($_POST['overallmessage']);
$anything_else       = mysqli_real_escape_string($_POST['anythingelse']);

 

 

 

Zane

Link to comment
Share on other sites

You need to actually execute the query.

 

$insert = mysqli_query($dbc, $query);

 

Your query is not correct though. Follow the previous person's advice and fix that query. I like to run my queries through the mysql monitor or phpmyadmin before trying it in php code. That may help you out.

 

You also don't have to run that mysqli_select_db function, you already selected the database in your mysqli_connect function.

  • Upvote 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...