Tuesday, 2 May 2017

php - Why won't my data go into my database?



I would like these values to go into my database but it just won't do it.




Form Code




Navn:


















PHP Code




session_start();
include 'dbh.php';

$name = $_POST['name'];
$cig = $_POST['cig'];
$brand = $_POST['brand'];
$unit = $_POST['unit'];
$pris = $_POST['pris'];

$ligther = $_POST['ligther'];
$place = $_POST['place'];
$tid = $_POST['tid'];
$howlong = $_POST['howlong'];
$day = $_POST['day'];
$pers = $_POST['pers'];

$sql = "INSERT INTO prod (name, cig, brand, unit, pris, lighter, place, tid, howlong, day, pers)
VALUES ('$name', '$cig', '$brand', '$unit', '$pris', '$ligther', '$place', '$tid', '$howling', '$day', '$pers')";
$result = mysqli_query($conn, $sql);


header("Location: index.php");


Answer



You are on the right track but really need to refine your code. First, the SQL syntax you are using is out of date and susceptible to injection. You should read about prepared statements and make that your way of coding in the future.



Second, as one of the other posters mentioned, you are including the same file more than once.



Third, you should also look at the ISSET command and include it via an if / else statement so that your code runs properly. Right now, you are running the entire code on the server with no data to fill it. You need to look for a proper "Submit" via ISSET and execute the PHP code at that point.




See here for more help:



how to insert into mysql using Prepared Statement with php


No comments:

Post a Comment

c++ - Does curly brackets matter for empty constructor?

Those brackets declare an empty, inline constructor. In that case, with them, the constructor does exist, it merely does nothing more than t...