-1

A question asked a thousand times, trust me, I know. My code is driving me up the wall. I've read a thousand posts/guides on this matter and my code looks identical, yet, when I press submit, nothing is added to the database. I've tried all sorts of code and methods, but this simple code that follows should just work. Help, please.

if(isset($_POST['create'])) {
    $fname = $_POST['fname'];
    $age = $_POST['dob'];

    $sql = "INSERT INTO students (Firstname, Age) VALUES ('$fname', '$age')";

    $result = mysqli_query($conn,$sql);
}

Full code here:

<!DOCTYPE html>
<html>
<head>
    <title>Register New Employee</title>
    <link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
</head>
<body>
<div>
    <?php
$servername = "?";
$database = "?";
$username = "?";
$password = "?";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
 
if(isset($_POST['create'])) {
    $fname = $_POST['fname'];
    $age = $_POST['dob'];
 
    $sql = "INSERT INTO students (Firstname, Age) VALUES ('$fname', '$age')";
 
    $result = mysqli_query($conn,$sql);
}
    ?>
</div>
<div>
    <form action="Registeremployee.php" method="post">
        <div class="container">
 
            <div class="row">
                <div class="col-sm-3">
                    <h1>Register New Employee</h1>
                    <p>Fill the inforomation</p>
                    <label for="fname"><b>First Name</b></label>
                    <input class="form-control" type="text" name="fname">
 
                    <label for="lname"><b>Last Name</b></label>
                    <input class="form-control" type="text" name="lname">
 
                    <label for="Password"><b>Password</b></label>
                    <input class="form-control" type="text" name="Password">
 
                    <label for="dob"><b>Date of Birth</b>  format(00/00/0000)</label>
                    <input class="form-control" type="text" name="dob">
 
                    <label for="email"><b>Email Address</b></label>
                    <input class="form-control" type="text" name="email">
 
                    <label for="gender"><b>Gender</b></label>
                    <input class="form-control" type="text" name="gender">
 
                    <label for="phonenumber"><b>Phone Number</b></label>
                    <input class="form-control" type="text" name="phonenumber">
 
                    <label for="mobilenumber"><b>Mobile Number</b></label>
                    <input class="form-control" type="text" name="mobilenumber">
 
<p>Address information</p>
                    <label for="streetNo"><b>Street Number</b></label>
                    <input class="form-control" type="text" name="streetNo">
 
                    <label for="adress1"><b>Adress1</b></label>
                    <input class="form-control" type="text" name="adress1">
 
                    <label for="suburb"><b>Suburb</b></label>
                    <input class="form-control" type="text" name="suburb">
 
                    <label for="postcode"><b>PostCode</b></label>
                    <input class="form-control" type="text" name="postcode">
 
                    <input type="submit" name="create" value="Sign Up">
                </div>
            </div>
        </div>
    </form>
</div>
</body>
</html>
RiggsFolly
  • 83,545
  • 20
  • 96
  • 136
Wahh
  • 1
  • 1
  • 2
    Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should alway use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! – RiggsFolly May 24 '21 at 07:56
  • 1
    To get errors out of PHP even in a LIVE environment add these 4 lines to the top of any `MYSQLI_` based script you want to debug `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);`. This will force any `MYSQLI_` errors to generate an Exception that you can see on the browser as well as normal PHP errors. – RiggsFolly May 24 '21 at 07:56
  • 1
    1. Do you get the `"Connected successfully"` message? 2. What does `$_POST` contain, do a `echo '
    ' . print_r($POST,1) . ',/pre>';` to see that 3. Please show us the schema for this table! Do a `SHOW CREATE TABLE YourTableName;` and copy/paste the output to your question
     – RiggsFolly May 24 '21 at 08:00
  • Are there any columns in your table which cannot be null? You only send two variables, so leaving the rest out may be an issue? – droopsnoot May 24 '21 at 08:00
  • `should just work`...should it? It would be trivial to break your query by having a name such as `O'Brien` for example. Names containing apostrophes are very common in many countries and cultures. So quite apart from the SQL injection vulnerability pointed out above, this code has this very basic flaw, so no I would never say it was fully "working" in this state - it cannot even cope with some very predictable data being entered into it. If you got this from a tutorial, it must have been a very poor quality one. – ADyson May 24 '21 at 08:40

0 Answers0