0

I am trying to figure out why my php form doesn't put in the data from the fields into mySQL database. I have been trying to figure this out but have come to a dead end.

My insert $sql works fine when hard coded with values for each field but not when I try to use the fields entered from the php form.

I dont't get any error when I click on submit but when I check mySQL to see if it added another Owner, nothing displays.

If anyone can help me fix this, I would really appreciate it.

By the way is my $sql insert statement correct with the quotes?

    <head>
<style>
table, th, td {
    border: 1px solid black;
    border-collapse: collapse;
}
th, td {
    padding: 5px;
}
</style>
</head>
<body>
<?php  #index.php for Assignment 10
$page_title = 'Assignment 10 for Marina Database';
include('header.html');
require('dbConn.php');
echo '<h1> Please enter the following fields:</h1>';


if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$OwnerNum=$_POST['OwnerNum'];
$LastName=$_POST['LastName'];
$FirstName=$_POST['FirstName'];
$Address=$_POST['Address'];
$City=$_POST['City'];
$State=$_POST['State'];
$Zip=$_POST['Zip'];

//echo test;
try {
$sql = "INSERT INTO Owner (OwnerNum, LastName, FirstName, Address, City, State, Zip) VALUES 
('".$OwnerNum."', '".$LastName."', '".$FirstName."', '".$Address."', '".$City."', '".$State."', '".$Zip."')";

//this works when hard coded
/*$sql = "INSERT INTO Owner (OwnerNum, LastName, FirstName, Address, City, `State, Zip) VALUES ('XR34', 'Patel', 'John', '342 Picardy lane', 'Wheeling', 'IL', '60018')"; */`
$conn->exec($sql);

//echo $OwnerNum, $LastName, $FirstName, $Address, $City, $State, $Zip;
}
catch (PDOException $e)
{
echo 'Error: '.$e->getMessage();
} //end catch



}



if (isset($_POST['submit']))
{
    $stmt = $conn->prepare("select* from Owner");
    $stmt->execute();

    $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 

    echo "<table style='border: solid 1px black;'>";
    echo "<tr><th>OwnerNum</th><th>LastName</th><th>FirstName</th><th>Address</th><th>City</th><th>State</th><th>Zip</th></tr>";


class TableRows extends RecursiveIteratorIterator 
{ 
    function __construct($it) { 
        parent::__construct($it, self::LEAVES_ONLY); 
    }

    function current() {
        return "<td style='width:150px;border:1px solid black;'>" . parent::current(). "</td>";
    }

    function beginChildren() { 
        echo "<tr>"; 
    } 

    function endChildren() { 
        echo "</tr>" . "\n";
    } 

} 

    foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) 
    { 
         echo $v;

    }

    $conn = null;
    echo "</table>";
}

?>
<form name="createOwner" action="Assignment10newowner.php" method="POST">
  <table style="width:100%">
    <tr>
      <td>Owner Number:</td>
      <td><input type="text" name="OwnerNum"></td>
    </tr>

      <td>Last Name:</td>
      <td><input type="text" name="LastName"></td


    </tr>
    <tr>
      <td>First Name:</td>
      <td><input type="text" name="FirstName"></td


    </tr>
    <tr>
      <td>Address:</td>
      <td><input type="text" name="Address"></td


    </tr>
    <tr>
      <td>City:</td>
      <td><input type="text" name="City"></td


    </tr>
    <tr>
      <td>State:</td>
      <td><input type="text" name="State"></td


    </tr>
    <tr>
      <td>Zip:</td>
      <td><input type="text" name="Zip"></td


    </tr>
  </table>
  <br>
  <br>
  <input type="submit" value="Submit">
</form>
</body>
Improve this question
5
  • where is these variables '".$OwnerNum."', '".$LastName."', '".$FirstName."', '".$Address."', '".$City." Commented Apr 19, 2016 at 6:01
  • It's because none of those variables are defined. You're looking for $_POST['OwnerNum'] not $OwnerNum. Also, it's bad practice to put variables directly into a query. Commented Apr 19, 2016 at 6:01
  • Also please check your database connection Commented Apr 19, 2016 at 6:12
  • Please please please, as early as now, learn to use parameterized queries. Commented Apr 19, 2016 at 20:11
  • WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use string interpolation or concatenation to accomplish this because you have created a severe SQL injection bug. NEVER put $_POST or $_GET data directly into a query. Using prepared statements means your quoting will always be correct. Commented Apr 20, 2016 at 5:28

2 Answers 2

Reset to default
1

Assign $_POST values to variable something like this

if (isset($_POST['OwnerNum]))
{

    $OwnerNum=$_POST['OwnerNum'];
    $LastName=$_POST['LastName'];
    $FirstName=$_POST['FirstName'];
    $Address=$_POST['Address'];
    $City=$_POST['City'];
    $State=$_POST['State'];
    $Zip=$_POST['Zip'];

    try {
        $sql = "INSERT INTO Owner (OwnerNum, LastName, FirstName, Address, City, State, Zip) VALUES 
        ('".$OwnerNum."', '".$LastName."', '".$FirstName."', '".$Address."', '".$City."', '".$State."', '".$Zip."')";    
        $conn->exec($sql);
        $select_owner = "SELECT * FROM Owner";
        ?>
            <table>
                <tr>
                    <td>OwnerNum</td>
                    <td>FirstName</td>
                    <td>LastName</td>
                    <td>Address</td>
                    <td>City</td>
                </tr>
        <?php       
        $conn->prepare($select_owner );
        $result = $conn->fetchAll();
        if (count($result)) {

            foreach($result as $owner){

                    ?>
                    <tr>
                        <td><?=$owner['OwnerNum'];?></td>
                        <td><?=$owner['FirstName'];?></td>
                        <td><?=$owner['LastName'];?></td>
                        <td><?=$owner['Address'];?></td>
                        <td><?=$owner['City'];?></td>
                    </tr>       
            <?php
                }
        }
        else
        {
           ?>
            <tr>
                <td colspan="5">No Onwers Found</td>            
            </tr>  
           <?php
        }
        unset($result);
        unset($select_owner);
        unset($conn);
    }
    catch (PDOException $e)
    {
        echo 'Error: '.$e->getMessage();
    } //end catch

}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, one more question. How can I display the results in the same page only when user clicks on 'Submit' button? I have made the changes above in my code and added the if (isset) part, but once I enter data in the form and click submit, it doesn't display the table with the added user along with other owners from mySQL table.
1

The code looks fine to me but while inserting data you should catch form data first and then store them in variables.Then use those variables inside the insert query.

   if (isset($_POST['submit1']))//set your submit btn name to submit1
 {     
        $username=$_POST['OwnerNum'];//likewise catch all data

     try {
       $sql = "INSERT INTO Owner (OwnerNum, LastName, FirstName, Address, City, State, Zip) VALUES 
    (?,?,?.....)";//put the placeholders here.the num of placeholders should be equal to number of bound values
Improve this answer

1 Comment

I have not used mysqli here...Its just apart of the code which better resembles pdo....and for that you always need not bind parameters...placeholders(?) are used when parameters are not bound...you can check that in the php manual.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.