Skip to main content
Participant
February 24, 2017
Answered

Mysql database doesn't receive form content

  • February 24, 2017
  • 2 replies
  • 320 views

Hi! I just started working with PHP and I followed a simple tutorial online to create a form but it isn't working.I have an account on 1&1, i created the database there and the table.When I submit the form it works with no errors but when i check the table online nothing is there.

I double checked my table and my row has the same name so it is ok.

Any help would be greatly appreciated!

My form:

<form action="demo.php" method="post"/>

<p>Input 1: <input type="text" name="input1"/></p>

<input type="submit" value="Submit"/>

</form>

demo.php:

<?php

    $host_name  = "blablabla";

    $database   = "blablabla";

    $user_name  = "blablabla";

    $password   = "blablabla";

    $connect = mysqli_connect($host_name, $user_name, $password, $database);

   

    if(mysqli_connect_errno())

    {

    echo '<p>Verbindung zum MySQL Server fehlgeschlagen: '.mysqli_connect_error().'</p>';

    }

    else

    {

    echo '<p>Verbindung zum MySQL Server erfolgreich aufgebaut.</p>';

    }

    $value=$_POST['input1'];

    $sql = "INSERT INTO demo (input1) VALUES ('$value')";

    mysqli_close();

?>

    This topic has been closed for replies.
    Correct answer osgood_

    I dont use the mysqli_connect method BUT if you do it seems you need to use the mysqli_query format like below:

    Change this line:

    $sql = "INSERT INTO demo (input1) VALUES ('$value')";

    to this:

    mysqli_query($connect, "INSERT INTO demo (input1) VALUES ('$value')");

    I know you're only experimenting at the moment but if you are inserting any data from a form into your database you should use some kind of sanitation method to protect against injection attacks.

    See the link below where mysqli_real_escape_string is used (its not the best method, prepared statements are) but its quick and easy and affords decent protection.

    PHP mysqli_real_escape_string() Function

    2 replies

    osgood_Correct answer
    Legend
    February 24, 2017

    I dont use the mysqli_connect method BUT if you do it seems you need to use the mysqli_query format like below:

    Change this line:

    $sql = "INSERT INTO demo (input1) VALUES ('$value')";

    to this:

    mysqli_query($connect, "INSERT INTO demo (input1) VALUES ('$value')");

    I know you're only experimenting at the moment but if you are inserting any data from a form into your database you should use some kind of sanitation method to protect against injection attacks.

    See the link below where mysqli_real_escape_string is used (its not the best method, prepared statements are) but its quick and easy and affords decent protection.

    PHP mysqli_real_escape_string() Function

    Rob Hecker2
    Legend
    February 24, 2017

    I don't use mysqli, but. . .you define your $SQL statement ($sql), but you don't actually run it.

    You are not using object oriented PHP, so you need to use the procedural method in your tutorial for running the statement.