I would like these values to go into my database but it just won't do it.
Form Code
PHP Code
session_start();
include 'dbh.php';
$name = $_POST['name'];
$cig = $_POST['cig'];
$brand = $_POST['brand'];
$unit = $_POST['unit'];
$pris = $_POST['pris'];
$ligther = $_POST['ligther'];
$place = $_POST['place'];
$tid = $_POST['tid'];
$howlong = $_POST['howlong'];
$day = $_POST['day'];
$pers = $_POST['pers'];
$sql = "INSERT INTO prod (name, cig, brand, unit, pris, lighter, place, tid, howlong, day, pers)
VALUES ('$name', '$cig', '$brand', '$unit', '$pris', '$ligther', '$place', '$tid', '$howling', '$day', '$pers')";
$result = mysqli_query($conn, $sql);
header("Location: index.php");
Answer
You are on the right track but really need to refine your code. First, the SQL syntax you are using is out of date and susceptible to injection. You should read about prepared statements and make that your way of coding in the future.
Second, as one of the other posters mentioned, you are including the same file more than once.
Third, you should also look at the ISSET command and include it via an if / else statement so that your code runs properly. Right now, you are running the entire code on the server with no data to fill it. You need to look for a proper "Submit" via ISSET and execute the PHP code at that point.
See here for more help:
how to insert into mysql using Prepared Statement with php
No comments:
Post a Comment