How Do I Get Data Into A Database After The Click Of A Button In Html

Question

0.00/5 (No votes)

See more:

hello
am trying to create a website and trying to get data into the database after clicking the submit button .

i have three text field on the webpage their names are
.UName
.EnterEmail
.passwordsignuptextbox

and the button name is
.signupbutton

my goal is after clicking the signupbutton it send the data which is in the three text field into the database .so far this is my php code

include_once 'db_connect.php';

if(isset ($_POST['signupbutton'])) {
$uname= $_POST['UName'];
$email= $_POST['EnterEmail'];
$password=$_POST['passwordsignuptextbox'];

if (mysqli_query($conx , "INSERT INTO registration ( UserName, Email,user_password)"
. "VALUES( $uname,$email,$password)" ))

echo "inserted okay";
else {
echo " erros upon inserting data";
}

mysqli_close($conx);
}

?>

i keep on getting errors please help

Posted 11-Feb-14 17:45pm

sean871

Add a Solution

Comments

Peter Leow 12-Feb-14 6:27am

Show your code for the form. Is there a '.' before "VALUES...?

EZW 13-Feb-14 4:02am

No, he is just appending a second string to the first VIA a dot

sean871 14-Feb-14 13:04pm

yes there is a '.' before VALUES

EZW 13-Feb-14 4:00am

What do the errors say that you are getting?

sean871 14-Feb-14 13:11pm

erros upon inserting data.

EZW 15-Feb-14 14:03pm

Try the script again with MySQLi Error instead and tell us what that gives you.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Peter Leow · Answer 1 · 2014-02-14T17:18:00

You should not be injecting user's inputs directly into any sql statement, that makes your application vulnerable to SQL Injection[^].
Change your sql statement to a prepared statement like this:

SQL

$sql = "INSERT INTO registration UserName, Email, user_password) VALUES (?, ?, ?)";

if (!($stmt = $mysqli->prepare($sql))) {
    die("Prepare failed: ".$mysqli->errno);
}

if (!$stmt->bind_param('sss', $uname, $email, $password)){
    die("Binding parameters failed: ".$stmt->errno);
}

if (!$stmt->execute()) {
    die("Insert registration table failed: ".$stmt->errno);
}

Killzone DeathMan · Answer 2 · 2014-02-12T00:12:00

Solution 1

In your <form> tag, you have a action..

HTML

<form action="yourphpfile.php" method="POST">
  <input type="text" name="UName" />
  <input type="email" name="EnterEmail" />
  <input type="password" name="passwordsignuptextbox" />
  <button type="submit">Send</button>
</form>

Posted 12-Feb-14 0:12am

Killzone DeathMan

Updated 12-Feb-14 0:13am

v2