PHP request isn't get value

Question

I have a slider which one is in a tag. I want to put the slider's to a database. In the "index.php":

<form class="" action="insert.php" method="$_POST">
<input type="range" min="1" max="10" value="5" class="slider" id="myRange" name="myrange">
  <p>Value: <span id="demo"></span></p>
  <button id="btn1">Click Here</button>
</form>

and in the insert.php:

    <?php
$getRangeValue = $_GET['myRange'];
$mysqli = new mysqli("localhost","root","passwd","table_name");
//
// Check connection
if ($mysqli -> connect_errno) {
  echo "Failed to connect to MySQL: " . $mysqli -> connect_error;
  exit();
}

$mysqli -> query("INSERT INTO ertekek (RangeValue, anotherValue) VALUES ($getRangeValue, 11)");
echo "New record has id: " . $mysqli -> insert_id;
$mysqli -> close();
?>

The url: "http://localhost/insert.php?myrange=10"

Its running, and it generate a row, but the row is totaly empty... so i don't know what's going on...

Answer 1

The correct code:

<form class="" action="insert.php" method="POST">
   <input type="range" min="1" max="10" value="5" class="slider" id="myRange" name="myrange">
  <p>Value: <span id="demo"></span></p>
  <button id="btn1">Click Here</button>
</form>

and in the insert.php:

<?php
$getRangeValue = $_POST['myrange'];
$mysqli = new mysqli("localhost","root","passwd","table_name");
//
// Check connection
if ($mysqli -> connect_errno) {
  echo "Failed to connect to MySQL: " . $mysqli -> connect_error;
  exit();
}

$query = $mysqli->prepare("INSERT INTO ertekek (RangeValue, anotherValue) VALUES (?, 11)");
$query->bind_param('i',$getRangeValue);
$query->execute();
echo "New record has id: " . $mysqli -> insert_id;
$mysqli -> close();
?>

What have I changed?

• I changed the method method="POST" instead of method="$_POST"
• Change GET to POST on variable $getRangeValue
• Using prepare statment instead of simple and not secure query

Link that I recommend you to read

• What is the difference between POST and GET?
• How can I prevent SQL injection in PHP?