Click here to Skip to main content
15,667,014 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
For some reason, this won't work and won't submit anything in my database. Can someone please point out what is the problem in the code?

What I have tried:

[FORM.HTML]
HTML
<title>Periples Business Form
<div class="container">
<center>

<h1 style="margin: 0; padding: 0">Event Registration Form</h1></center>


<hr>

<h3>Event Details.</h3>
Event Name: 


Event Type:  

  Virtual
  Live


  Event Date:  


<br>
Set Up Date: 

    Clean Up Date: 


Event Description:  <br>


Target Audience: 

  
Crowd Number: 


<hr>

<h3>Others.</h3>

Are you availing our service?
Yes
No
<br>
<br>
<br>
Foods /  Drinks
Yes
No
<br>
If yes, please enter the name of the provider: 

<br>
Audio / Visual Equipment
Yes
No
<br>
If yes, please enter the name of the provider: 


<hr>
<h3>Customer Details.</h3>
First Name: 

   
Middle Name: 


Last Name: 

   
Suffix: 


Address:  <br>


City: 

   
Province: 

<br>
Postal / Zip Code: 


Contact Number: 


Email: 


Are you an existing member?
Yes
No

<hr>

<center>

</center>

</div>


[REGISTER.PHP]
PHP
";
echo "Event Type : " .$eventtype;
echo "<br>";
echo "Event Date : " .$eventdate;
echo "<br>";
echo "Set Up Date : " .$setupdate;
echo "<br>";
echo "Clean Up Date : ".$cleanupdate;
echo "<br>";
echo "Event Description : " .$eventdesc;
echo "<br>";
echo "Target Audience : " .$targetaud;
echo "<br>";
echo "Estimated Crowd Number : " .$crowdnum;
echo "<br>";
echo "Availing Service? " .$avservice;
echo "<br>";
echo "Availing Food or Drinks? " .$avfodr;
echo "<br>";
echo "Availing Food or Drinks? " .$avequip;
echo "<br>";
echo "Provider 1 : " .$prov1;
echo "<br>";
echo "Provider 2 : " .$prov2;
echo "<br>";
echo "Customer Details!"
echo "<br>";
echo "First Name : " .$fname;
echo "<br>";
echo "Middle Name : " .$mname;
echo "<br>";
echo "Last Name : " .$lname;
echo "<br>";
echo "Suffix : " .$suffix;
echo "<br>";
echo "Address : " .$address;
echo "<br>";
echo "City : " .$city;
echo "<br>";
echo "Province : " .$province;
echo "<br>";
echo "Postal : " .$postal;
echo "<br>";
echo "Phone Number : " .$phone;
echo "<br>";
echo "Email : " .$email;
echo "<br>";
echo "Member? " .$member;

$host = "localhost";
$user = "root";
$password = "";
$database = "zsomydb1";

$con = mysqli_connect($host,$user,$password,$database);

$sql = "insert into
user_accounts(id, ename, etype, edate, setupdate, cleanupdate, edesc, targetaud, crowdnum, avservice, avfod, avequip, fname, mname, lname, suffix, address, city, province, postal, phonenum, email, member)
values('$eventname', '$eventtype', '$eventdate', '$setupdate', '$cleanupdate', '$eventdesc', '$targetaud', '$crowdnum', '$avservice', '$avfodr', '$avequip', '$prov1', '$prov2', '$fname', '$mname', '$lname', '$suffix', '$address', '$city', '$province', '$postal',  '$phone', '$email', '$member')";

mysqli_query($con, $sql);

echo "<br> Connection is now open.";
echo "<br> Record has been saved!";

?>
Posted
Updated 20-Jan-22 10:38am
v2
Comments
Richard Deeming 20-Jan-22 3:58am    
You didn't format your code correctly (using the code button in the toolbar) so it has been mangled to the point where we can't tell you what the problem is.

All we can tell you is that your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]
thatraja 20-Jan-22 14:41pm    
What's the error?

Strongly agree with other comment about SQL Injection.

1 solution

(1)
In your SQL statement your field list starts with
SQL
(id, ename,

and your values start with
SQL
values('$eventname',


I assume you have an id field that is autogenerated; if so, you should not specify it in the field list; that list must match with the value list!


(2)
Your INSERT code had no error handling, it assumes it will always succeed; you have already proven it does not. You should check the value returned by mysqli_query (or any other method you would use), and signal an error as soon as it occurs; there are special functions to get detailed information on what went wrong, such as mysqli_error().

:)
 
Share this answer
 
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900