0

First of all i'm sorry if this duplicate topics. However i've tried many solution but still failed. Basically i want to add input data to mysql table. At first, all the input is blank when click submit. After few round of try and error, i manage to have input data key in to the db table but certain column still empty. need you guys help how can i fix this.

<?php
$servername = "localhost";
$username = "test";
$password = "alltest123";
$dbname = "test";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

// Get values from form 
$ixname=($_POST['ixp']);
$peername=($_POST['test2']);
$asname=($_POST['asname']);
$ipv4=($_POST['ipv4']);
$ipv6=($_POST['ipv6']);
$descr=($_POST['test3']);
$node=($_POST['node']);
$category=($_POST['category']);

$sql = "INSERT INTO tbl_peer (ixname, peername, asname, ipv4, ipv6, descr, node, category)
VALUES ('$ixp', '$test2', '$asname', '$ipv4', '$ipv6', '$test3', '$node', '$category')";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

form.php

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form name="form1" method="post" action="insert_ac.php">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Test Form </strong></td>
</tr>
<tr>
<td width="71">IX Name</td>
<td width="6">:</td>
<td width="301"><input name="ixp" type="text" id="ixp"></td>
</tr>
<tr>
<td>Peer Name</td>
<td>:</td>
<td><input name="test2" type="text" id="test2"></td>
</tr>
<tr>
<td>ASN</td>
<td>:</td>
<td><input name="asname" type="text" id="asname"></td>
</tr>
<tr>
<td>Ipv4 Address</td>
<td>:</td>
<td><input name="ipv4" type="text" id="ipv4"></td>
</tr>
<tr>
<td>Ipv6 Address</td>
<td>:</td>
<td><input name="ipv6" type="text" id="ipv6"></td>
</tr>
<tr>
<td>Description</td>
<td>:</td>
<td><input name="test3" type="text" id="test3"></td>
</tr>
<tr>
<td>Node</td>
<td>:</td>
<td><input name="node" type="text" id="node"></td>
</tr>
<tr>
<td>Category</td>
<td>:</td>
<td><input name="category" type="text" id="category"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>

PHP and MYSQL version

PHP 7.0.33-0+deb9u1 (cli) (built: Dec  7 2018 11:36:49) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.33-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies
    with Xdebug v2.5.0, Copyright (c) 2002-2016, by Derick Rethans

mysql  Ver 15.1 Distrib 10.1.37-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Error Logs

PHP Notice:  Undefined variable: ixp in /var/www/insert_ac.php on line 25, referer: testb.php
PHP Stack trace:, referer:testb.php
PHP   1. {main}() /var/www/insert_ac.php:0, referer: testb.php
PHP Notice:  Undefined variable: test2 in /var/www/insert_ac.php on line 25, referer: testb.php
PHP Stack trace:, referer: testb.php
PHP   1. {main}() /var/www/insert_ac.php:0, referer: testb.php
PHP Notice:  Undefined variable: test3 in /var/www/insert_ac.php on line 25, referer:testb.php
PHP Stack trace:, referer: testb.php
PHP   1. {main}() /var/www/insert_ac.php:0, referer: testb.php
Improve this question
1
  • It says in the error log, that the variable 'ixp' is undefined. On the top you define it as $ixname. ($ixname=($_POST['ixp']);) You might change it in the sql query. The same with 'test2' and 'test3'. ($sql = "INSERT INTO [...] VALUES ($ixname, $peername, ...)) Commented Feb 8, 2019 at 9:46

3 Answers 3

Reset to default
1

Simple typo's really. You have moved data from the POST array into scalar variables, but then used the wrong variable names in the INSERT query

$ixname=($_POST['ixp']);
$peername=($_POST['test2']);
$descr=($_POST['test3']);

query 

VALUES ('$ixp', '$test2', '$asname', '$ipv4', '$ipv6', '$test3', '$node', '$category')";
         ^^^     ^^^^^^                                 ^^^^^^^

I have to warn you that Your script is wide open to SQL Injection Attack Even if you are escaping inputs, its not safe! Use prepared parameterized statements in either the MYSQLI_ or PDO API's

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You are not using correct variables. You should change your SQL query like below:

$sql = "INSERT INTO tbl_peer (ixname, peername, asname, ipv4, ipv6, descr, node, category)
    VALUES ('$ixname', '$peername', '$asname', '$ipv4', '$ipv6', '$descr', '$node', '$category')";

Also, you should bind your variables in SQL query to avoid SQL injection. Check link for more information: https://www.w3schools.com/php/php_mysql_prepared_statements.asp

Hope it can help you.

Improve this answer

Comments

0

Hey instead of storing all values in a respective variable just use extract() method which will give your result.

// Get values from form 
extract($_POST);

$sql = "INSERT INTO tbl_peer (ixname, peername, asname, ipv4, ipv6, descr, node, category)
VALUES ('$ixp', '$test2', '$asname', '$ipv4', '$ipv6', '$test3', '$node', '$category')";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

For more reference http://php.net/manual/en/function.extract.php

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.