12

I am trying to insert data into Wordpress database by creating a table. I have created the table but when I try to insert the data from form, it does not insert the data. I have checked that database connection works, but the insertion does not happen. Can someone help me on this? Here is my code:-

<?php
    require_once('/wp-config.php');
    global $wpdb;

    if(isset($_POST['submit'])){
        $wpdb->insert( 'wp_post_job', array( 'organizationname' =>
        $_POST['organizationname'], 'post' => $_POST['post'], 'publishfrom' =>
        $_POST['publishfrom'], 'publishupto' => $_POST['publishupto'],
        'qualification1' => $_POST['qualification1'], 'qualification2' =>
        $_POST['qualification2'], 'qualification3' => $_POST['qualification3'],
       'qualification4' => $_POST['qualification4'], 'experience1' =>
        $_POST['experience1'], 'experience2' => $_POST['experience2'],
       'experience3' => $_POST['experience3'], 'training1' => $_POST['training1'], 'training2' => $_POST['training2'], 'training3' => $_POST['training3'],
       'training4' => $_POST['training4'], 'training5' => $_POST['training5'] ),
        array( '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s' ) );
    }
?>

<?php
/*
Template Name: Form
*/
?>
<?php global $pc_theme_object; /* Reference theme framework class */ ?>
<?php get_header(); ?>

<form action="" id="postjob" method="post">
    <table>
        <tr>
            <td><label for="organizationname">Organization Name:</label></td>
            <td><input type="text" name="organizationname" id="organizationname" value="/></td>
        </tr>
        <tr>
            <td><label for="post">Post:</label></td>
            <td><input type="text" name="post" id="post" value="" /></td>
        </tr>
        <tr>
            <td><label for="publishfrom">Publish From:</label></td>
            <td><input type="text" name="publishfrom" id="publishfrom" /></td>
        </tr>
        <tr>
            <td><label for="publishupto">Publish Upto:</label></td>
            <td><input type="text" name="publishupto" id="publishupto" /></td>
        </tr>
        <tr>
            <td><label for="qualification">Qualification:</label></td>
            <td><input type="text" name="qualification1" id="qualification1" /></td>
            <td><input type="text" name="qualification2" id="qualification2" /></td>
            <td><input type="text" name="qualification3" id="qualification3" /></td>
            <td><input type="text" name="qualification4" id="qualification4" /></td>
        </tr>
        <tr>
            <td><label for="experience">Experience:</label></td>
            <td><input type="text" name="experience1" id="experience1"/></td>
            <td><input type="text" name="experience2" id="experience2"/></td>
            <td><input type="text" name="experience3" id="experience3"/></td>
        </tr>
        <tr>
            <td><label for="training">Training:</label></td>
            <td><input type="text" name="training1" id="training1" />></td>
            <td><input type="text" name="training2" id="training2" /></td>
            <td><input type="text" name="training3" id="training3" /></td>
            <td><input type="text" name="training4" id="training4" /></td>
            <td><input type="text" name="training5" id="training5" /></td>
        </tr>
        <tr>
            <td><button type="submit" name="submit">Submit</button></td>
        </tr>
    </table>
</form>

<?php get_footer(); ?>
Improve this question

3 Answers 3

Reset to default
20

Replace '$s' with '%s'

Use This Code

if ( isset( $_POST['submit'] ) ){

         global $wpdb;
         $tablename = $wpdb->prefix.'post_job';

        $wpdb->insert( $tablename, array(
            'organizationname' => $_POST['organizationname'], 
            'post' => $_POST['post'],
            'publishfrom' => $_POST['publishfrom'], 
            'publishupto' => $_POST['publishupto'],
            'qualification1' => $_POST['qualification1'], 
            'qualification2' => $_POST['qualification2'], 
            'qualification3' => $_POST['qualification3'],
            'qualification4' => $_POST['qualification4'], 
            'experience1' => $_POST['experience1'], 
            'experience2' => $_POST['experience2'],
            'experience3' => $_POST['experience3'], 
            'training1' => $_POST['training1'], 
            'training2' => $_POST['training2'], 
            'training3' => $_POST['training3'],
            'training4' => $_POST['training4'], 
            'training5' => $_POST['training5'] ),
            array( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) 
        );
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The Wordpress codex says about the format argument "If omitted, all values in $data will be treated as strings unless otherwise specified in wpdb::$field_types". It seems that this would be the sensible thing to do in this case. codex.wordpress.org/Class_Reference/wpdb#INSERT_row
16

You can use this 

<?php

if ( isset( $_POST['submit'] ) ){

    global $wpdb;


    $tablename=$wpdb->prefix.'post_job';

    $data=array(
        'organizationname' => $_POST['organizationname'], 
        'post' => $_POST['post'],
        'publishfrom' => $_POST['publishfrom'], 
        'publishupto' => $_POST['publishupto'],
        'qualification1' => $_POST['qualification1'], 
        'qualification2' => $_POST['qualification2'], 
        'qualification3' => $_POST['qualification3'],
        'qualification4' => $_POST['qualification4'], 
        'experience1' => $_POST['experience1'], 
        'experience2' => $_POST['experience2'],
        'experience3' => $_POST['experience3'], 
        'training1' => $_POST['training1'], 
        'training2' => $_POST['training2'], 
        'training3' => $_POST['training3'],
        'training4' => $_POST['training4'], 
        'training5' => $_POST['training5'] );


     $wpdb->insert( $tablename, $data);
}

?>
Improve this answer

1 Comment

Glad you got the code working. I don't see anything to sanitize your input though. Given that you're using $_POST variables for direct submission, sanitization is something you may wish to consider, otherwise the security risk is rather high.
7

Everyone has given the right answer. But there's something more. If you want more security, then better to use WordPress pdo for better protection against SQL attacks.

global $wpdb;

$table_name = $wpdb->prefix."table_name_after_the_prefix";

$sql = $wpdb->prepare( "INSERT INTO ".$table_name." (name, email, contact ) VALUES ( %s, %s, %d )", $name, $email, $contact );
$wpdb->query($sql);

// get the inserted record id.

$id = $wpdb->insert_id;

REFERENCES

https://developer.wordpress.org/reference/classes/wpdb/#protect-queries-against-sql-injection-attacks

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.