0

FORM CODE -

<form method="POST" action="shareexperience.php" id="contactForm"  name="sentMessage" target="formsaved">
<br/><textarea rows="5" cols="40" name="views" id="views" placeholder="Views About Your Profession">
</textarea> <br/>
<textarea rows="5" cols="40" name="advice" id="advice" placeholder="Advice 4 Students">
</textarea> <br/>
Wanna Be A Guide 4 Child 
<input type="radio" id="yes" name="guide" value="Yes" checked> Yes </input>
<input type="radio" id="No" name="guide" value="No" > No </input> 
<br/><input type="text" name="name" id="professionalname" placeholder="Name">
<input type="text" name="email" id="professionalemail" placeholder="Email Id"> <br/>
<br/><input type="submit" value="Share & Nominate" onclick="saveexperience()"> 
</form>


PHP CODE-

<? php
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error()); 
 $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " .mysql_error());
 //inserting Record to the database
 $name = $_POST['name']; 
 $email = $_POST['email'];
$views = $_POST['views'];
$advice = $_POST['advice'];
$guide=$_POST['guide'];
 $query = "INSERT INTO professionals(name,email,views,advice,guide)VALUES('$name','$email', '$views','$advice','$guide')"; 
 $result = mysql_query($query); 
mysql_close($con); 
?>

Target formsaved has been used to avoid redirection by using html tag iframe as followed below- 

<iframe name="formsaved" height="30px" width="300px" scrolling="no" frameborder="0"> </iframe>

Sometimes data enter fines but sometimes it doesn't work You can check my website as well - guidance4future.in/nominate

Note:- onclick has been used to disable one of the html tags in the page further...

Thanks in advance...

Improve this question
2
  • 3
    WARNING: If you're just learning PHP, please, do not learn the obsolete mysql_query interface. It's awful and has been removed in PHP 7. A replacement like PDO is not hard to learn and a guide like PHP The Right Way helps explain best practices. Your user parameters are not properly escaped and you have severe SQL injection bugs here. Commented Apr 25, 2016 at 15:42
  • 1
    In your table set field not null. And in your php check data.. if(empty($name) || empty($email) || empty($views) || empty($advice) || empty($guide)) die; Commented Apr 25, 2016 at 15:42

2 Answers 2

Reset to default
2

Firstly, please do some sanity checks on your code! Someone could come along and delete your entire database right now...

I suspect that what's happening is that someone is clicking submit without entering anything in the form: in which case your code will just insert a blank row.

Do some checks first:

$mysqli = new mysqli("localhost", "my_user", "my_password", "database");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connection failed: %s\n", mysqli_connect_error());
    exit();
}

$name = $mysqli->real_escape_string($_POST['name']);
$email = $mysqli->real_escape_string($_POST['email']);
$views = $mysqli->real_escape_string($_POST['views']);
$advice = $mysqli->real_escape_string($_POST['advice']);
$guide = $mysqli->real_escape_string$_POST['guide']);

// Check for null fields
if( empty($name) || empty($email) || empty($views) || empty($advice) || empty($guide))
{
    print "Please fill in all fields!";
    // Show the form again here
}
else
{
     $query = "INSERT INTO professionals(name,email,views,advice,guide)VALUES('$name','$email', '$views','$advice','$guide')";
     $mysqli->query($query);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

See prepared statements
Yeah that's probably worth looking into for the OP - I've not used PHP for a couple of years so it sounds like I'm behind current best practice
0

You should check the data before it is submitted to the database to make sure that all the fields were filled out properly.

if (!(empty($_POST['name']) || empty($_POST['email']) || empty($_POST['views']) || empty($_POST['advice']) || empty($_POST['guide']))){
    // do your stuff here
} else {
    // error stuff
}

Additionally, as mentioned in this comment, you should look into using PDO for your database operations.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.