insert job details

Question

shivya_1 0 Newbie Poster

7 Years Ago

Hello to all,

I am working on a project of job posting. There is a table in database. I have a html form and postcode.php (there will be code) ,
I am facing a problem with this code.

My html form code:-

 <form name="posting"  action="postcode.php"> <table class="table"> <h4>Job Details: <span>specify details of the position/job you are going to post.</span> <tbody></h4> <tr> <td>Job title / Designation : </td> <td><input type="text" name="title" placeholder="E.g. Php Developer, Web Designer"></td> </tr> <tr> <td>No. of Vacancies : </td> <td><input type="number" name="vacancy" ></td> </tr> <tr> <td>Keywords : </td> <td><input type="text" name="keywords" placeholder="E.g. Php Developer, Web Designer"></td> </tr> <tr> <td>Location of the job : </td> <td><input type="text" name="location" placeholder="E.g. Delhi, Noida, Gurgaon, Kolkata, Pune"></td> </tr> <tr> <td>Industry type : </td> <td><select name="industry"><option>Select Industry Type</option><option>Accounting/Finance</option><option>Agents</option><option>Analytics & Business Intelligence</option><option>Architecture/Interior Design</option><option>Banking/Finance</option><option>BPO</option><option>IT Services</option></select></td> </tr> <tr> <td>Functional Area : </td> <td><input type="text" name="area"></td> </tr> <tr> <td colspan="2"><input type="submit" name="submit" value="save"/></td> </tr> </tbody> </table> </form>

** Postcode.php:-**

<?php

include ("../connection.php");

 if(isset($_POST['submit']))
 {
$title = $_POST['title'];
$vacancy = $_POST['vacancy'];
$keywords = $_POST['Keywords'];
$location = $_POST['location'];
$industry = $_POST['industry'];
$area = $_POST['area'];

$sql = "INSERT INTO 'jobposting'('job_title', 'vacancies', 'keywords', 'location', 'indutry_type', 'Functional_Area') values('$title', '$vacancy', '$keywords', '$location', '$industry', '$area')";

if($conn->query($sql) === true)
{
    echo "Job Posted.";
}
else
{
    echo "Error posting job:".$conn->error;
}
}

?>

**Sql table columns:-**

SELECT `job_title`, `vacancies`, `keywords`, `location`, `industry_type`, `functional_area` FROM `job_detail` WHERE 1

There are not any error but my values are not inserting.
Please help me out and sorry for any grammatical mistake.

php

Edited 7 Years Ago by shivya_1

2 Contributors
7 Replies
261 Views
3 Hours Discussion Span
Latest Post 7 Years Ago Latest Post by Traevel

Traevel 216 Light Poster

7 Years Ago

You're inserting user input directly into the database. In other words, any user who uses that form can do whatever they want inside your database. You should use mysqli or PDO instead of mysql.

You're also inserting into the jobposting table, but selecting from the job_detail table. Also, we can't see what's in include ("../connection.php");. But because it's using the unsafe mysql there's no real point in fixing this issue until you've switched to either mysqli or PDO. A lot of people here will help you with that if you run into problems converting to one of the two safer methods.

Traevel 216 Light Poster

7 Years Ago

This

$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));
$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values('$title','$vacancy','$keywords','$location','$industry','$area')");

Needs to be

$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values(?,?,?,?,?,?)");
$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));

Also, you should be getting a general PHP error because in if($conn->query($sqli) == true) you're sending an object that doesn't exist anymore: $sqli;

Did you add a line like display_errors = on to your php.ini? Otherwise you won't see errors of any kind.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

shivya_1 0 Newbie Poster · Answer 1 · 2017-03-11T12:58:05+00:00

<?php

include ("../connection.php");

 if(isset($_POST['submit']))
 {

$title=mysqli_real_escape_string($_POST['title']);
$keywords=mysqli_real_escape_string($_POST['keywords']);
$location=mysqli_real_escape_string($_POST['location']);
     $industry=mysqli_real_escape_string($_POST['industry']);
     $area=mysqli_real_escape_string($_POST['area']);

$sqli = "INSERT INTO 'job_detail'('job_title', 'vacancies', 'keywords', 'location', 'indutry_type', 'Functional_Area') values('$title', '$vacancy', '$keywords', '$location', '$industry', '$area')";

if($conn->query($sqli) == true)
{
    echo "Job Posted.";
}
else
{
    echo "Error posting job:".$conn->error;
}
}

?>

"connection.php"

<?php 
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "shivya";

$conn = new mysqli($servername, $username, $password, $dbname);

if($conn -> connect_error)
{
echo "error occured: ".$conn -> connect_error;
}
else
{
    echo "connection established.";
}

?>

Traevel 216 Light Poster · Answer 2 · 2017-03-11T13:15:51+00:00

In your insert statement I'm seeing indutry_type, which I think should be industry_type and Functional_Area which should probably be functional_area.

It's even better if instead of mysqli_real_escape_string you used prepared statements.

Like:

// prepare the query statement
$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values(?, ?, ?, ?, ?, ?)");

// 6 string params, so 6 times 's' and 'strval'
$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));

// execute the query statement
$stmt->execute();

// close statement
$stmt->close();

shivya_1 0 Newbie Poster · Answer 3 · 2017-03-11T13:32:30+00:00

<?php

include ("../connection.php");

 if(isset($_POST['submit']))
 {

$vacancy=$_POST['vacancy'];
$title=$_POST['title'];
$keywords=$_POST['keywords'];
$location=$_POST['location'];
     $industry=$_POST['industry'];
     $area=$_POST['area'];

$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values('$title','$vacancy','$keywords','$location','$industry','$area')");

$stmt->execute();

if($conn->query($sqli) == true)
{
    echo "Job Posted.";
}
else
{
    echo "Error posting job:".$conn->error;
}
 $stmt->close();    
}

?>

Traevel 216 Light Poster · Answer 4 · 2017-03-11T13:43:38+00:00

Now you went back a step again, directly inserting the $_POST variables into the query. Replace the variables in the query with ? and bind them like:

$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));

Is it still not working without giving you errors?

shivya_1 0 Newbie Poster · Answer 5 · 2017-03-11T14:15:00+00:00

 <?php
    include ("../connection.php");
     if(isset($_POST['submit']))
     {
    $vacancy=$_POST['vacancy'];
    $title=$_POST['title'];
    $keywords=$_POST['keywords'];
    $location=$_POST['location'];
         $industry=$_POST['industry'];
         $area=$_POST['area'];

             $stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));
    $stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values('$title','$vacancy','$keywords','$location','$industry','$area')");
    $stmt->execute();
    if($conn->query($sqli) == true)
    {
        echo "Job Posted.";
    }
    else
    {
        echo "Error posting job:".$conn->error;
    }
     $stmt->close();    
    }
    ?>

My problem is still same.