There are a few things wrong with your code.
First, there is this block:
$newTab=$_POST['user_input'];
$myCol=$_POST['user_column']
$sql="CREATE TABLE $newTab ($myCol VARCHAR(30));"
If the above is your actual code (I take posted code literally), you're missing a semi-colon at the end of the second line, and the quote in the third should be before the semi-colon.
$newTab=$_POST['user_input'];
$myCol=$_POST['user_column'];
$sql="CREATE TABLE $newTab ($myCol VARCHAR(30))";
However, if your entry/entries contains anything that SQL will complain about, such as a space or a hyphen, use ticks around the variables:
$newTab=$_POST['user_input'];
$myCol=$_POST['user_column'];
$sql="CREATE TABLE `$newTab` (`$myCol` VARCHAR(30))";
This is assuming that you've already established a DB connection and depending on the MySQL API you are using, need to query the DB.
An example would be:
$sql=mysqli_query($con,"CREATE TABLE `$newTab` (`$myCol` VARCHAR(30))");
Sidenote: Add or die(mysqli_error($con))
to mysqli_query()
in case of error(s).
Then you have the word "function" missing in your JS; again, if that is actual code:
function user_f(){
var x=prompt('tell me...');
var y=prompt('say to me...');
document.user.user_input.value=x;
document.user.user_column.value=y;document.user.submit();
}
Full HTML/form code would be:
<!doctype html>
<head>
</head>
<body>
<script>
function user_f(){
var x=prompt('tell me...');
var y=prompt('say to me...');
document.user.user_input.value=x;
document.user.user_column.value=y;document.user.submit();
}
</script>
<form name="user" action="my.php" Method="POST">
<button onCLick="user_f();" type="button">Submit</button>
<input type="hidden" name="user_input">
<input type="hidden" name="user_column">
</form>
</body>
</html>
- In testing this, and entering the words "one" and "two" in the prompts, did in fact echo those words after submission with no Undefined index notices.
However, it is best to use isset()
in any case. empty()
is another which you can use to test if left empty.
It's unclear whether you're using the entire code inside the same page or in two seperate files.
Nota:
If you're using it all inside the same file, then do as Newbie states in their answer. That will explain the Undefined index notices.
As Halfer pointed out in comments, you would leave yourself open to SQL injection. Use mysqli
with prepared statements, or PDO with prepared statements, they're much safer.
There is a good article here on Stack on the subject:
Edit:
The following worked perfectly for me, using "table_a_test" for the table name, and "column_a_test" for the column name.
Replace the DB credentials with your own.
Use two different files. One for your HTML form, and the other for the table creation code.
This one being your "my.php" file:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$DB_HOST = 'xxx';
$DB_USER = 'xxx';
$DB_PASS = 'xxx';
$DB_NAME = 'xxx';
$db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($db->connect_errno > 0) {
die('Connection failed [' . $db->connect_error . ']');
}
if(isset($_POST['user_input']) && isset($_POST['user_column'])){
$newTab = $_POST['user_input'];
$myCol = $_POST['user_column'];
$sql = "CREATE TABLE `$newTab` (`$myCol` VARCHAR(30))";
if(!$result = $db->query($sql)) {
die('There was an error running the query [' . $db->error . ']');
}
else {
echo "Successful query.";
}
}
/*
echo $newTab;
echo "<br>";
echo $myCol;
*/
?>
Nota:
- You will need to make sure that the table doesn't already exist, otherwise SQL will throw an error, as such which it will when using
$db->error
which is included in the above.
Edit: (as per didierc's comment, thank you)
The back tick key might not be located at the same spot on an Italian keymap.