PHP not inserting form data into DB

Question

So I have a comment post thingy for my blog I've made, but it doesn't seem to be inserting the data. Here's the form:

<form action='' method='post' name='postComment'>
<label for='name'>Name:</label><br/><input type='text' id='name' name='name''/><br/>
<label for='comment'>Comment:</label><br/><input type='text' id='comment' name='comment' />
<br/><input type='submit' value='Post' name='postComment'/></form></div>

The form is processed on the same page in the top part of the page. I use the same way of inserting the data as the blog posts themselves so I know it works. I've also tested the SQL by using phpMyAdmin (obviously removing placeholders)

if(!empty($_POST['postComment']))
{
    $date = date("d/m/y g:i:A");
    $name = clean(mysqli_real_escape_string($db, $_POST['name']));
    $comment = clean(mysqli_real_escape_string($db, $_POST['comment']));
    if ($stmt = $db->prepare("INSERT INTO `comments` (`name`, `comment`, `entry`, `date`) values (?, ?, ?, ?)")) {
        $stmt->bind_param('ssis', $name, $comment, $_GET['id'], $date);
        $stmt->execute();
        $stmt->close();
    }
}

Any help would be appreciated, been scratching my head over this one for a day now.

Are you sure $_GET['id'] still exists after you have done a page re-direct with post data? — Lochemage, Jul 25 '13 at 18:43
Watch out here: - `name='name''` -. You've put two quotes after "name" — Adi Ulici, Jul 25 '13 at 18:43
use `try..catch` Or insert `ini_set('display_errors',1); error_reporting(E_ALL)` to get correct error and post it. — Sunil Kumar, Jul 25 '13 at 18:45
Read [this](http://stackoverflow.com/a/2553892/477878) and you'll probably find your problem. — Joachim Isaksson, Jul 25 '13 at 18:46
"InnoDB is the default storage engine on this MySQL server." from phpmyadmin — Austen, Jul 25 '13 at 18:53

score 1 · Answer 1 · answered Jul 25 '13 at 18:40

1

The data may need to be cleaned as well, in order to be entered with quotes around it. If you look at your query, you may see the date not being entered like a string, which it should be.

answered Jul 25 '13 at 18:40

Bradley

1,955
1
20
28

1

Also, `$_GET['id']` is bound as an integer, while it's actually a string containing an integer. Unsure how that'd work. As a last thing too, bound strings don't need to be `mysqli_real_escape_string`'d before binding. – Joachim Isaksson Jul 25 '13 at 18:43
Just changed it to string – Austen Jul 25 '13 at 18:58

score 0 · Accepted Answer · answered Jul 25 '13 at 19:42

0

Solved it, thanks for everyone's help. For some reason phpMyAdmin did not set ID as auto-increment even though I set it when I made the table. A simple sql query solved it.

ALTER TABLE comments MODIFY id int NOT NULL AUTO_INCREMENT;

answered Jul 25 '13 at 19:42

Austen

275
1
4
16

score -1 · Answer 3 · answered Jul 25 '13 at 18:45

-1

Your form action='' is blank, so it's not going anywhere.

answered Jul 25 '13 at 18:45

Kenzo

3,117
3
14
15

It was PHP_SELF but that just took away the $_GET['id'] – Austen Jul 25 '13 at 18:46
Without declaring an action it will never go anywhere when posted. Use POST, not GET. – Kenzo Jul 25 '13 at 18:47
With `action` is blank form will go to the same page. – u_mulder Jul 25 '13 at 18:50
That's what I thought @u_mulder – Austen Jul 25 '13 at 18:55
@Kenzo - a blank action will send the form back to the same page. It's not best practice, but it certainly won't break. – andrewsi Jul 25 '13 at 19:00
The form is now set to
' method='post'
– Austen Jul 25 '13 at 19:18
Not best practice? It's not any practice. – Kenzo Jul 25 '13 at 19:20
At least use CodeIgniter for PHP apps, you can then see how PHP works. – Kenzo Jul 25 '13 at 19:21
No thanks to CodeIgniter. I'd rather code myself and learn from mistakes. – Austen Jul 25 '13 at 19:26

PHP not inserting form data into DB

3 Answers3