Insert into not working in my php code

Question

Adhri 0 Newbie Poster

6 Years Ago

Signup.php

<form name="sign-up" method="post" action="process.php?action=sign-up">
<h3><span>Sign-Up</span></h3>
<table width="100%" border="0" cellspacing="1" cellpadding="1">   
<thead> User Details </thead>
<tr>
      <th scope="row">*User ID :</th>
      <td><label for="playerid"></label>
      <input type="text" name="playerid" id="playerid" required="required"></td>
    </tr>
    <tr>
      <th scope="row">*Name :</th>
      <td><label for="playername"></label>
      <input type="text" name="playername" id="playername" required="required"></td>
    </tr>
    <tr>
      <th scope="row">*Mobile Number :</th>
      <td><label for="playermob"></label>
      <input type="text" name="playermob" id="playermob" required="required"></td>
    </tr>
    <tr>
      <th scope="row">*E-Mail :</th>
      <td><label for="playermail"></label>
      <input type="text" name="playermail" id="playermail" required="required"></td>
    </tr>    
    <tr>
      <th scope="row">Address :</th>
      <td><label for="playeraddress"></label>
      <textarea name="playeraddress" id="playeraddress" cols="45" rows="5"></textarea></td>
    </tr>   
    <tr>
      <th scope="row">&nbsp;</th>
      <td><input type="submit" name="cancel" id="cancel" value="Cancel">
      <input type="submit" name="submit" id="submit" value="Submit"></td>
    </tr>
    <tr>
      <th scope="row">&nbsp;</th>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <th colspan="2" scope="row">&nbsp;</th>
    </tr>
  </table>
</form>

Process.php

function signup()
{

   $playerid = $_POST['playerid'];
    $playername = $_POST['playername'];
    $playermob = $_POST['playermob'];
    $playermail = $_POST['playermail'];
    $playeraddress = $_POST['playeraddress'];

//  $playerid = mysqli_real_escape_string($playerid);
//  $playername  = mysqli_real_escape_string($playername);
//  $playermob  = mysqli_real_escape_string($playermob);
//  $playermail    = mysqli_real_escape_string($playermail);
//  $playeraddress    = mysqli_real_escape_string($playeraddress);

    $sql = "INSERT INTO bookit_participants (`userid`,`username`,`usermail`,`userphone`,`useraddress`)".
            "VALUES('".$playerid."','".$playername."','".$playermail."','$playermob','".$playeraddress."')";
     $result=mysqli_query($conn, $sql);
        echo $sql;
    if (!$result) {
        die('Could not update data: ' . mysqli_error());
    } else {
        echo "<script>
        alert('You are successfully registered..!! continue to the booking confirmation..!!!');
        </script>";
        header('Location: ../index.php');
    }
} //signup

mysql php

7 Contributors
9 Replies
692 Views
1 Year Discussion Span
Latest Post 4 Years Ago Latest Post by nanakumi75

Reverend Jim 4,968 Hi, I'm Jim, one of DaniWeb's moderators.

6 Years Ago

What is the result of echo $sql; (what is the actual sql query string)?
Are you getting any error messages?

alan.davies 185 What's this?

6 Years Ago

Oh my. Tangled concatenation and escaping. I suggest using a prepared statement. This won't necessarily solve your problem but it will tidy up your markup and code and possibly make it easier to track down the issues. See my old tutorial: https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php

Edited 6 Years Ago by alan.davies

benanamen 69 Light Poster

6 Years Ago

Tables for layout went out in the 90's. We use CSS now.

pty commented: Indeed +9

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 1 · 2018-09-27T04:04:10+00:00

Not necessarily true, benanamen. Tables are no longer used for page layout (e.g. to create a sidebar by creating a table with two columns), but we still use them to represent tabular data. I use them quite often when I need to display stats or something that is clearly meant to be structured, tabular data.

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 2 · 2018-09-27T04:05:14+00:00

That being said ...

You might have an SQL injection error. You should properly escape all the variables you're using within your query. What if one of them includes a quote?

benanamen 69 Light Poster · Answer 3 · 2018-09-27T05:13:47+00:00

@Dani, I should have added the word "page" which is what I meant. Tabular data is perfectly fine and is exactly what tables should be used for. But with that said, the OP should actually use prepared statements, not escape anything, as @alan.davies already mentioned.

pty 882 Posting Pro · Answer 4 · 2018-09-27T11:17:48+00:00

I still find it funny that the place to go for online tech discussion (Hacker News) still uses nested tables for all layout. I know it's wrong but it works pretty well.

These days CSS Grid does everything tables does better and in a responsive manner.

Adhri 0 Newbie Poster · Answer 5 · 2018-09-28T06:07:32+00:00

@Reverend Jim, This is only a testing phace.
echo $sql; used to know the output of the sql query. So i can confirm their is no issue with data transfer.

Tables are used only for testing. after i get an working model we can transfer the layout to css.

So please help is there any wrong in the code. The same sql statement is working it self in the signup.php page. But its not working from the process.php

nanakumi75 16 Newbie Poster · Answer 6 · 2020-01-27T05:43:17+00:00

nanakumi75 16 Newbie Poster

4 Years Ago

mysqli_real_escape_string needs two paramters

Dani commented: Ah, true! You also need to pass in the connection. +16