Form Input POST dont show any results in MySQL

Question

I want post the entered users email address in my DB, but there comes no errors and nothing post to my MySQL DB.

HTML

<form action="post.php" method="post">
<input id="email" name="email" type="email" class="hasHelp  validateEmpty   " required="required" value="" autocomplete="off" placeholder="E-Mail-Adresse" aria-describedby="emailErrorMessage">
<button class="button actionContinue scTrack:unifiedlogin-login-submit" type="submit" id="submit" name="submit" value="submit" pa-marked="1">Next</button></form>

POST.php

<?php
    include('db_connect.php');
    if(isset($_REQUEST['submit']))
    {
        $SQL = "INSERT INTO email (email) VALUES ($email)";

        $result = mysql_query($SQL);
    }
?>

db_connect.php

<?php
    $mysqli = new mysqli("localhost", "username", "passwort", "database");
?>

DB:

Database: databasename
Table:email
email varchar(50)

Why its dont post any results to my DB?

Your code is very vulnerable to attacks such as SQL injection, consider using PDO, to connect and insert values into your database, also have you defined $email? because from what I can see it's empty, also is your table called 'email'? please also add your DB Schema for the table. Also you haven't added any error handling for connecting? so how would you know if any errors are being returned? — Isaac, Aug 04 '18 at 14:20
Oh, i have think $email takes automaticly from name="" or not? okay i add it now — anitakarst23, Aug 04 '18 at 14:26
No, $email is the name of a variable which you haven't defined,if using PDO you'd bindValue(':email', $email); but again, I'm not even sure if you've even connected to the database properly, check your php logs see if you're getting any errors — Isaac, Aug 04 '18 at 14:28
"but there comes no errors"* - That's because you didn't check for them. Enable error reporting and check for them on the query. Everything can be found on https://php.net. — Funk Forty Niner, Aug 04 '18 at 14:50
@FunkFortyNiner I'll pass the torch to you.. maybe your words will have some impact — Isaac, Aug 04 '18 at 14:51
@Isaac The OP can consult the duplicates it was closed with. Thing is Isaac, is that they're mixing apis also. I would edit your answer in regards to that. You've picked up on the string literal but not their use of the mysql_ api. — Funk Forty Niner, Aug 04 '18 at 14:53
Yeah good point, I was so confused by what he was trying to do I thought i'd just give him the tools and references to re-write it, I personally prefer PDO. Just didn't know how to answer something that is so mixed. — Isaac, Aug 04 '18 at 14:55
@Isaac `$result = mysql_query($SQL);` should read as `$result = mysqli_query($mysqli, $SQL);` - then `mysqli_error($mysqli);` should be used to check for errors, and error reporting. — Funk Forty Niner, Aug 04 '18 at 14:57
Ah, thank you! hopefully the OP will find some guidance within the duplicates. Out of sheer curiosity, do you prefer PDO to mysqli? @FunkFortyNiner — Isaac, Aug 04 '18 at 15:00
@Isaac welcome. I edited your answer. You and the OP can take it from there ;-) *Cheers* — Funk Forty Niner, Aug 04 '18 at 15:08
@Isaac not to tie up comments here (sorry mods, my ending note). For mysqli or PDO; it's a personal preference. Either or can be used. Just as long as it's a prepared statement. Both have their pros and cons. — Funk Forty Niner, Aug 04 '18 at 15:09
Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. — tadman, Aug 04 '18 at 15:43
@FunkFortyNiner It's personal preference, except for the part where PDO supports named placeholders and has a more flexible `execute` command. They both work, but in practice PDO is better, hands down. — tadman, Aug 04 '18 at 15:44
@tadman again; personal preference ;-) I've seen servers where the only PDO that could be used was SQLite and not the one I rather use. So, either one works given a server with up-to-date technology. — Funk Forty Niner, Aug 04 '18 at 15:45
@FunkFortyNine If you prefer something harder to use, or you prefer to use misconfigured servers... PDO should be the go-to for new code, `mysqli` in cases where you need to drag `mysql_query` code into the present. — tadman, Aug 04 '18 at 15:46
@tadman *lol!!* I never said I preferred misconfigured servers. I don't have control over what a client is using or wants to stick with. If "they" choose to stay on there, that's their problem and not mine. What "my" problem would be, is to "deal" with what I have been given to work with. Let's not leave that tidbit out of the equation. If you were never faced with that problem or knew of one, well now you know of one ;-) — Funk Forty Niner, Aug 04 '18 at 15:49
@FunkFortyNiner Obviously legacy concerns weigh in, but for new code there's really no good reason to use `mysqli`. It's more clunky, it's more quirky, and it's significantly harder to do some operations that are dead easy in PDO. That's all I mean. The PHP community shouldn't be afraid to express a preference. — tadman, Aug 04 '18 at 15:52
@tadman Oh, I agree with you on that, *hands down* ;-) Yet you have to agree that both apis have their pros and cons. PDO for one doesn't support multi-queries, which is a shame but no big deal. — Funk Forty Niner, Aug 04 '18 at 15:54
@FunkFortyNiner Actually that's a feature because `multi_query` is a huge security risk, no support for prepared statements, and bad programming in general. Check the result of each query, don't just YOLO it. — tadman, Aug 04 '18 at 16:25

Isaac · Answer 1 · 2018-08-04T15:33:21.917

1

Okay, I'm sure you have other errors so i'd suggest reading through This this should help you with error handling and connecting to your database using mysqli. It also gives you guidance on inserting precoded information into your database aswell. Now, moving onto actually grabbing the information from your page and inserting it, you might want to do it this way $sql = "INSERT INTO email (email) VALUES ('".$_POST["email"]."')"

The first 'email' is looking at your table name, the second is the column name you actually want the data to enter into and the third is the posted value 'email'. If you read through the documentation linked at the start and apply this principle you should be good to go, not the most secure or flashy way but should get the job done. Also change$_REQUEST to $_POST

Edit:

This part of your code $result = mysql_query($SQL);

should read as $result = mysqli_query($mysqli, $SQL);.

You cannot mix different MySQL APIS.

Then mysqli_error($mysqli); should be used to check for errors on the query, and enable error reporting.

http://php.net/manual/en/function.error-reporting.php

Use a prepared statement also, since your code is open to an SQL injection.

edited Aug 04 '18 at 15:33

answered Aug 04 '18 at 14:37

Isaac

684
9
21

yes i tried many other methods, no method post to my DB. hmmmm.... code dont work if i change it – anitakarst23 Aug 04 '18 at 14:42
Why if(isset($_REQUEST['submit']))? – Isaac Aug 04 '18 at 14:44
Change $_REQUEST to $_POST – Isaac Aug 04 '18 at 14:44
The same as before, i dont understand it.. what line must i add to my code to print the error in my browser? – anitakarst23 Aug 04 '18 at 14:46
1

Look, read through the link I posted in my answer. I'm not going to write your code for you. Sorry to be blunt but i've given you guidance on how to do what you need to do – Isaac Aug 04 '18 at 14:48
Yes and i have try all what you say without results – anitakarst23 Aug 04 '18 at 14:49

Form Input POST dont show any results in MySQL

1 Answers1