0

I am trying to submit a form with php to submit the data to a table that I have already created in the database. All of the mysql_connect information is correct. Is there something in my code that I am not doing correctly?

PHP: 

if (isset($_POST['submit']) && strlen($_POST['firstName'])>0 && strlen($_POST['lastName'])>0 && strlen($_POST['email'])>0)
{
    $first_name=$_POST['firstName']; 
    $last_name=$_POST['lastName']; 
    $email=$_POST['email'];
    $phone=$_POST['phone'];
    $city=$_POST['city'];
    $make=$_POST['make'];
    $model=$_POST['model'];
    $year=$_POST['year']; 
    mysql_connect("******", "*****", "****") or die(mysql_error()); 
    mysql_select_db("buddyTruk") or die(mysql_error());
    mysql_query("ALTER TABLE drivers ADD PRIMARY KEY (email)");
    mysql_query("REPLACE INTO `drivers` VALUES ('$first_name', '$last_name', '$email', '$phone', '$city', '$make', '$model', '$year')"); 

 } 


 ?>

HTML: 

<form id="drivers-form" class="form-horizontal" method="get" action="index.php">
                <input type="text" name="firstName" class="form-control input-lg" placeholder="First Name" required/> 
                <input type="text" name="lastName" class="form-control input-lg" placeholder="Last Name" required/>
                <input type="email" name="email" class="form-control input-lg" placeholder="Email" required/>
                <input type="tel" name="phone" class="form-control input-lg" placeholder="Phone" required/>
                <input type="text" name="city" class="form-control input-lg" placeholder="City" required/>
                <input type="text" name="make" class="form-control input-lg" placeholder="Make" required/>
                <input type="text" name="model" class="form-control input-lg" placeholder="Model" required/> 
                <input type="text" name="year" class="form-control input-lg" placeholder="Year" required/> 
                <button class="btn btn-success btn-lg" name="submit" type="submit" value="submit">Submit</button>
            </form>
Improve this question
1
  • 1
    Hi, my name is Rob'); DROP TABLE drivers; -- Commented Feb 1, 2014 at 19:11

1 Answer 1

Reset to default
2

You have the wrong method on your form. Change the form method to "post":

<form id="drivers-form" class="form-horizontal" method="post" action="index.php">

If you want to use "get" as the form method, you would access the values with $_GET, however, get is not recommended.

Please stop using mysql as it is long deprecated. Use mysqli or PDO instead. Most importantly, use prepared statements. Anyone could easily steal and erase all of your data with your current code.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

But "GET" is not recommended for forms like that
@Max Would 'replace ' work for my initial entry into the table?
@RyanSalmons I have no idea what you're trying to do with mysql.... If you have another question, post it rather than asking in the comments.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.