-1

I have tried to connect to my db, but nothing works...

This is the code that I have created:

$name ='testdb';
$user = 'root';
$password = '';
$host = 'localhost';

$link = new mysqli($name, $user, $password, $host);

$name = $_POST['name'];
$message = $_POST['message'];
$mail = $_POST ['mail'];

$name = $link->real_escape_string($_POST['name']);

$message = $link->real_escape_string($_POST['message']);

$mail = $link->real_escape_string($_POST['mail']);

$sql = "INSERT INTO test (Name, Message, Mail) VALUES ('$name','$message', '$mail')";

$result = $link->query($sql);

I have allready double-checked all the spellings. Can anyone give me some tips? I may have gone blind.

hassan
  • 7,013
  • 2
  • 20
  • 32
Erica
  • 3
  • 1
  • Firstly, you should enable [error reporting](http://stackoverflow.com/a/21429652/6140684) if not already because it will help you understand the problem. – Antonios Tsimourtos May 16 '17 at 08:32

3 Answers3

1

Seems you did not initialize mysqli connection properly 

error_reporting(E_ALL);//display all errors   

$name ='testdb';
$user = 'root';
$password = '';
$host = 'localhost';

$link = new mysqli($host, $user, $password, $name);

Use prepared statements(Prevents SQL injection)

$sql = "INSERT INTO test (Name, Message, Mail) VALUES (?,?,?)";//placeholders (3placeholders for 3values)
$statement = $link->prepare($sql);//prepare query. returns true/false
$statement->bind_param('sss',$name, $message, $mail);//you dont need to escape anymore
$statement->execute(); //execute safely
Rotimi
  • 4,494
  • 4
  • 16
  • 27
0

The first parameter of mysqli is the hostname, you swapped hostname and databasename Connect to MySQL

$link = new mysqli($host, $user, $password, $name);

You can also use prepared statement, to prevent SQL injections

A prepared statement is a feature used to execute the same (or similar) SQL statements repeatedly with high efficiency.

$sql = "INSERT INTO test (Name, Message, Mail) VALUES (?,? ?)";
$stmt =  $link->prepare($sql);
$stmt->bind_param("sss",$name, $message, $mail);
$result = $stmt->execute();
if ($result) {
    // query was successful
}else {
    // query failure
}
Community
  • 1
  • 1
Junius L.
  • 13,163
  • 2
  • 28
  • 58
0

Please use this below code it will help you

$name ='testdb';
$user = 'root';
$password = '';
$host = 'localhost';

$link = new mysqli($host,$user,$password,$name);
// Check connection
if ($link->connect_error) {
    die("Connection failed: " . $link->connect_error);
} 
$name = $_POST['name'];
$message = $_POST['message'];
$mail = $_POST ['mail'];

$name = $link->real_escape_string($_POST['name']);

$message = $link->real_escape_string($_POST['message']);

$mail = $link->real_escape_string($_POST['mail']);

$sql = "INSERT INTO test (Name, Message, Mail) VALUES ('$name','$message', '$mail')";



if ($link->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $link->error;
}

$link->close();

To learn basic things in PHP and MYSQL refer this link https://www.w3schools.com/php/

Junius L.
  • 13,163
  • 2
  • 28
  • 58
Stackoverflow questions
  • 46
  • 6