Error while filling a mysql database with data from php/html
Clash Royale CLAN TAG#URR8PPP
Error while filling a mysql database with data from php/html
I created this for one of my projects. We have a webshop where users can enter their credentials and order products. The current solution puts all the data into a .csv-file and I was tasked with creating a mysql database as a new solution.
I added a simple HTML insert for the user to enter his name, but if I try to run the script I get a syntax error for line 19. I'm new to programming and therefore not sure what the error is here.
<!DOCTYPE html>
<html>
<body>
<?php
$servername = "localhost";
$username = "localhost";
$password = "";
$dbname = "test"
// create a variable
$Vorname=$_POST['Vorname'];
$Nachname=$_POST['Nachname'];
//Execute the query
mysqli_query($connect "INSERT INTO tbl_bestellungen(Vorname,Nachname)
VALUES('$Vorname','$Nachname')");
<?php include 'database.php';>
if(mysqli_affected_rows($connect) > 0)
echo "<p>Bestellung erfasst</p>";
else {
echo "Bestellvorgang fehlgeschlagen<br />";
echo mysqli_error ($connect);
<h2>Text Input</h2>
<form>
Vorname:<br>
<input type="text" name="Vorname">
<br>
Nachname:<br>
<input type="text" name="Nachname">
<input type="submit" name="button1" value="Senden">
</form>
</body>
</html>
Thanks in advance.
Danger: You are vulnerable to SQL injection attacks that you need to defend yourself from.
– Quentin
Aug 6 at 8:19
You forgot the comma after
$connect. Voting off-topic due to typo.– Quentin
Aug 6 at 8:21
$connect
1 Answer
1
Well you should do like this way:
$servername = "localhost";
$username = "localhost";
$password = "";
$dbname = "test"
$dbConn = mysqli_connect($servername, $username, $password, $dbname);
if(!$dbConn)
echo "No Db connected";
//above connection code should be in a separate file and include in all files or header
$Vorname=$_POST['Vorname'];
$Nachname=$_POST['Nachname'];
$query = "INSERT INTO tbl_bestellungen (Vorname,Nachname)
VALUES('$Vorname','$Nachname')";
or you can set query like
$query = "INSERT INTO tbl_bestellungen (Vorname,Nachname)
VALUES('".$Vorname."','".$Nachname."')";
if($dbConn->query($query))
echo "Record inserted !";
else
echo "Record cannot be inserted !";
This reads like a game of spot-the-different, not an answer. What did you change? Why should it solve the problem?
– Quentin
Aug 6 at 8:27
2 things, he has syntax error which is answered (if he continue the way) secondly, quotes should be around when we use variables in query (although variables works fine without that if we using double quotes)
– Naveed Ramzan
Aug 6 at 8:30
"he has syntax error which is answered" — How? Again: Answers should not be a game of spot the difference.
– Quentin
Aug 6 at 8:33
"although variables works fine without that if we using double quotes" — Which the code in the question does, so that is just a massive red herring that makes the code harder to read.
– Quentin
Aug 6 at 8:33
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
<?php include 'database.php';> is inside an already opened php block. You are also adding straight html into a php file without closing off the php tag. This code is also never going to work as the query will execute with blank statements. You need to wrap everything in a $_POST check.
– Neil Masters
Aug 6 at 8:15