1

So it's been awhile since I used PHP so I am asking for some help. I gave it a good shot but for whatever reason my form is not posting to my database. I hit submit and form clears. I do not receive any errors but database remains empty.

Any help or suggestions are appreciated.

Here is my HTML

                <form id="contact-form" method="post"> 

            <div>
            <label> <span>Name: *</span>
            <input type="text" tabindex="1" name="postName" required autofocus />
            </label>
            </div>
            <div>
            <label> <span>Email: *</span>
            <input type="email" tabindex="2" name="postEmail" required />
            </label>
            </div>
            <div>
            <label> <span>Telephone:</span>
            <input  type="tel" tabindex="3" name="postPhone"/>
            </label>
            </div>
            <div>
            <label> <span>Message: *</span>
            <textarea placeholder="Include all the details    you can" tabindex="5" name="postMessage" required></textarea>
            </label>
            </div>
            <div>
            <input name="formSubmit" type="submit" id="contact-submit" value="Submit" />
            </div>
            </form>

Here is my PHP

<?php
//show all possible errors. should be ALWAYS set to that level
error_reporting(E_ALL); 
echo "landed at form handler<br>";

// sometimes buttons not being sent or gets misspelled
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
echo "here goes POST processing<br>";
$host = 'localhost';
$username = 'name';
$pass = 'password';
$dbname = 'dbname';

mysql_connect($host,$username,$pass);
mysql_select_db($dbname);

// all strings should be escaped
// and it should be done after connecting to DB
$name    = mysql_real_escape_string($_POST['postName']);
$email = mysql_real_escape_string($_POST['postEmail']);
$phone  = mysql_real_escape_string($_POST['postPhone']);
$message     = mysql_real_escape_string($_POST['postMessage']);

$query = "INSERT INTO ContactUs 
         (NAME, EMAIL, PHONE, MESSAGE)
          VALUES ('$name','$email','$phone','$message')";

echo $query;
// always run your queries this way to be notified in case of error
$result = mysql_query($query) or trigger_error(mysql_error().".        Query: ".$query);
var_dump($result);
}
?>
Improve this question
9
  • What's your error? What is your PHP version_ Commented Jan 19, 2015 at 2:15
  • 1
    If your form and SQL are in two seperate files, then it's normal that your form clears and nothing is added, since you have no action to file in your form. Commented Jan 19, 2015 at 2:23
  • PHP version is 5.4.36 Commented Jan 19, 2015 at 2:30
  • @Fred-ii- even when I add: action="php/send_post.php" it still fails. I have tried everything Commented Jan 19, 2015 at 2:31
  • The only thing I can think of at this point are the types you've given for all your inputs. Try type="text" instead, not for textarea though, just the inputs. Many a times, that's what it is, and I have seen it happen before. Another thing error_reporting(E_ALL); try adding ini_set('display_errors', 1); below that. Commented Jan 19, 2015 at 2:41

3 Answers 3

Reset to default
2

Try this instead. I re-wrote your code using MySQLi and used a prepared statement. You probably should use PDO, but for now, this is way better than what you've got currently. 

$link = new MySQLi('localhost','username','password','database');

    if(isset($_POST['postName'],$_POST['postEmail'],$_POST['postPhone'],$_POST['postMessage'])&& $_POST['postName'] !="" && $_POST['postEmail'] !="" && $_POST['postPhone'] !="" && $_POST['message'] !=""){
        $name = $_POST['postName'];
        $email = $_POST['postEmail'];
        $phone = $_POST['postPhone'];
        $message = $_POST['postMessage'];
        if($query = $link->prepare("INSERT INTO ContactUs (name,email,phone,message) VALUES(?,?,?,?)")){
            $query->bind_param('ssss',$name,$email,$phone,$message);
            $query->execute();
            $query->close();
            return true;
        }else{
            return false;
        }
    }else{
       return false;
    }

This script returns true if successful.

Returns false if failure.

Returns false if any of the inputs are left blank.

You can change them from return_true/false to echo 'Success'; or echo 'Failure'; if you prefer.

I hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

This is amazing, thank you! Questions, what does ?,?,?,? do and is the 'ssss' necessary? I haven't gotten this to work yet but am still working. Thanks for doing this for me.
The question marks are placeholders for the fields you are inserting data into. The reason we use question makes in prepared statements is to prevent the risk of injection. The 'ssss' that you see is telling php that your variable is a string type. Since we're passing 4 post variables, we define 4 string types there. Same goes for the question marks. They have to match the number of variables you're inserting into the database. @user3758073
You can read the documentation on MySQLi prepared statements over here => http://php.net/manual/en/mysqli.prepare.php @user3758073
Got it, thanks. So I didn't get it to work yet but will not give up. Not sure what it is but thanks for the help! @Jason Bassett
So I tested everything by just passing strings into my table and it worked fine. For some reason its failing to post the form data. Not sure what it is. @JasonBassett
2

MySQL has been deprecated, use MySQLi instead.

$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

$conn = new mysqli($servername, $username, $password, $dbname);

$sql = "INSERT INTO ContactUs(NAME, EMAIL, PHONE, MESSAGE)
VALUES ('".$name."','".$email."','".$phone."','".$message."')";

$conn->query($sql)

$conn->close();

More on inserting with MySQLi here.

Note: There is also a procedural MySQLi, more similar to what you are used to, instead of the object oriented counterpart in my example.

Note2: Also, as fred-ii pointed out, if you have no action attribute in your <form> your php must be in the same page however judging by the fact that you have this line:

if($_SERVER['REQUEST_METHOD'] == 'POST')

at the beggining of the file I just assumed it was.

Note3: Also, as Spencer pointed out, mysql is deprecated but it may still work. Anyway, I would really urge you to update to MySQLi or PDO.

Hope it helps!

Improve this answer

3 Comments

Yes mysqli is a good idea to use, but this doesn't answer the users question.
@Spencer Wieczorek Yes, sorry, well the explanation would be that if mysql is deprecated, it won't work. That's why he should use MySQLi or PDO and give it a try! It's a first approach to a fix a code with no apparent errors :)
mysql still works, yes it's deprecated, that does not mean it doesn't work.
0

better use

if(isset($_POST['formSubmit'])
{ 
//your code goes here
}

this will make sure that your code will run as soon as yout submit button was clicked and your form's data was submitted on your page

make sure there all on the same page since your not having any action attribute on your form

next is you must familiarize yourself by using mysqli_* since mysql_* is deppreciated

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.