Click here to Skip to main content
14,699,491 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello guys! I am trying to insert data to the database and after sending the data using form the URL which I am using POST method will be something like this " somelinks/add-result.php?"
What's going on with it, any idea?

What I have tried:

this is the page for inserting data to the database, and I am using form action as insert.php and method is POST.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "result1";
$con= mysqli_connect('localhost','root','','$dbname');

if(!$con){
echo'Not connected to server';
}
if(!mysqli_select_db($con,'result1'))
{
echo 'data base not selected';
}
$name =$_GET['Name'];
$id =$_GET['id'];
$Class =$_GET['Class'];
$Law =$_GET['Law'];
$Hoqoq =$_GET['Hoqoq'];
$PanelCode =$_GET['Law panel'];

$sql="INSERT INTO result (Name,id,Class,Hoqoq,Law,Law panel)VALUES('$name','$id','$Class','$Hoqoq','$Law','$PanelCode')";
if(!mysqli_query($con,$sql))
{
echo'Not Inserted';
}
else{
echo'Inserted';
}
header("refresh:2; url=admin-panel.php");
?>
Posted
Updated 6-Oct-20 5:29am
Comments
Richard Deeming 5-Oct-20 10:04am
   
$sql="INSERT INTO result (Name,id,Class,Hoqoq,Law,Law panel)VALUES('$name','$id','$Class','$Hoqoq','$Law','$PanelCode')";

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
Afg Hunter 5-Oct-20 12:20pm
   
its hard to digest those things written in manual but I will have a research on it, Thanks Richard! <3
Afg Hunter 5-Oct-20 12:22pm
   
do you think this one is fine ?

connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// prepare and bind
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);

// set parameters and execute
$firstname = "John";
$lastname = "Doe";
$email = "john@example.com";
$stmt->execute();

$firstname = "Mary";
$lastname = "Moe";
$email = "mary@example.com";
$stmt->execute();

$firstname = "Julie";
$lastname = "Dooley";
$email = "julie@example.com";
$stmt->execute();

echo "New records created successfully";

$stmt->close();
$conn->close();
?>
Richard Deeming 5-Oct-20 12:23pm
   
That looks much better. :)
Afg Hunter 6-Oct-20 3:11am
   
then how do I take the data from HTML form and send it to data base ?
Richard Deeming 6-Oct-20 3:19am
   
Using the $_GET or $_POST collections. Just store them in the variables you've bound to the parameters.
$stmt->bind_param("sss", $firstname, $lastname, $email);
$firstname = $_GET['FirstName'];
...
Afg Hunter 6-Oct-20 14:06pm
   
Rechard I am getting form values in URL and they are not being sent to the database. Name=rashed&id=10&class=10&submit=
Richard Deeming 7-Oct-20 6:34am
   
Your query-string values don't match the values you're trying to extract.
Name=...

$firstname = $_GET['FirstName'];

There is no FirstName parameter in your query-string.
Afg Hunter 8-Oct-20 2:01am
   
thanks Richard! ^_^ its working now, now I am having trouble with updating the table -_-.
Sandeep Mewara 5-Oct-20 10:23am
   
Your issue is not clear. You are usign query string and not able to get data?
Afg Hunter 5-Oct-20 12:12pm
   
yea, the data is not storing in website's Database.
Sandeep Mewara 5-Oct-20 14:38pm
   
Above code you share looks all static. Is there a problem with it?

Further, I was asking how are you passign data - using a query param or using header or body?
Afg Hunter 6-Oct-20 3:12am
   
I was using POST method to send the data as u can see that in codes,but I was getting a question mark after the URL and the data was not getting stored in database.

The data sent in a POST request is in the $_POST array. See PHP: $_POST - Manual[^]
   
Adding to Sandeep's answer, above, there's a third option:

$_REQUEST works for both $_PUT and $_GET data. There's a possible catch: if you post both types of data to the same page AND they both use the same id then you will have a clash in not being able to get them both. HOWEVER - I've never done both, together, and certainly wouldn't reuse the name for the index, anyway. It's never been a problem in about ten years.


   
v2
You say that you POST the data but in your code above you are retrieving a using GET.
$name =$_GET['Name'];
$id =$_GET['id'];
$Class =$_GET['Class'];
$Law =$_GET['Law'];
$Hoqoq =$_GET['Hoqoq'];
$PanelCode =$_GET['Law panel'];


Read about them: POST (works with headers) vs GET (it works with query strings - data after ? in url): PHP - GET & POST Methods - Tutorialspoint[^]

Assuming you made a right POST call, following is the way to retrieve data:
if(isset($_POST['save']))
{	 
    $id =$_POST['id'];
    $Class =$_POST['Class'];
    $Law =$_POST['Law'];
    $Hoqoq =$_POST['Hoqoq'];
    $PanelCode =$_POST['Law panel'];
    $sql =...
}

A sample for your reference.: Insert Data Into MySQL Using PHP[^]

As R.Deeming shared, make sure to have parameterized query to avoid SQL Injection.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900