0

I'm trying to connect my website to a database, by adding whatever someone writes from the form to a table in my database, but so far I've only gotten errors and nothing appears on my MySQL database.

The error that I keep getting are these two:

Notice: Undefined index: fill

Warning: mysql_close() expects parameter 1 to be resource, object given in (folder)

How do I proceed to solve this problem?

<form action="insert.php" method="post">
        <label for="fill">Add:</label>
        <input type="text" name="fill">
    
    <input type="submit" value="Insert!">
</form>



<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "database";

$conn = mysqli_connect($servername,$username,$password,$dbname);


if ($conn->connect_error) {
    die ("connection failed: " . $conn->connect_error);
}

else
{
    echo 'Connected to database';
}

mysql_select_db($dbname);


$sql = "INSERT INTO card_refill ('refill') VALUES ('$_POST[fill]')";


mysql_close($conn)

?>
Improve this question
5
  • 1
    You're mixing mysql_* and mysqli_* functions. That won't work. Commented Oct 12, 2015 at 16:32
  • $conn is mysqli object. You are trying to close as mysql object Commented Oct 12, 2015 at 16:35
  • How do I change it so that It'll work? I tried changing the mysql functions over to mysqli functions and it didnt work. Commented Oct 12, 2015 at 16:42
  • You need to wrap the word 'fill' in your $_POST with single quotes. Commented Oct 12, 2015 at 17:24
  • @Filthy_Rich Ive already done that but i keep getting the error: Notice: Undefined index: fill Commented Oct 12, 2015 at 18:15

2 Answers 2

Reset to default
1

Since the dbname is already provided in mysqli_connect function, mysql_select_db($dbname) is not necessary. As for the execution of the query, SQL string should be run via mysqli_query function. However before running SQL queries, the variables need to be sanitised to prevent SQL injections and XSS attacks.

Try something like this:

$conn = mysqli_connect($servername,$username,$password,$dbname);


if ($conn->connect_error) {
    die ("connection failed: " . $conn->connect_error);
}else{
    echo 'Connected to database';
}

$sql = "INSERT INTO card_refill ('refill') VALUES ({$_POST['fill']})";

$result = mysqli_query($conn,$sql);
//do whatever you need to do with the result

mysqli_close($conn);
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

by the way you should never use post data directly in your queries.
Why should the OP "try this"? A good answer will always have an explanation of what was done and why it was done that way, not only for the OP but for future visitors to SO.
Ok, I'll clarify. Since the dbname is already provided in mysqli_connect function, mysql_select_db($dbname) is not necessary. As for the execution of the query, sql string should be run via mysqli_query function. However before running sql queries, the variables need to be sanitized to prevent sql injections.
One more thing, you should use quotation marks around the key string to access array members. ex: $_POST['fill'] rather than $_POST[fill]
I'll edit my post but please try not to "dictate" next time.
|
1

This database insert part should be done only if you press the submit of form. So use isset to detect submit.

Put all the php code inside a if loop.

if(isset($_POST['fill']))   //execute only if fill is set
{
$conn = mysqli_connect......;
// all your codes here
mysqli_close($conn);
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.