php form stopped updating database

Associate
Joined
28 Dec 2002
Posts
2,400
Location
Northern Ireland
Hey Guys,
I have a simple php form that updates a database to store simple information, however this form has not stopped updating the database for some reason and I can't figure out why.

Does anyone have any ideas?


Code:
<html>
<head>
<title>insert data in database using mysqli</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>

<div id="login">
<h2>Data Archive</h2>
<hr/>
<form action="" method="post">
<label>HDD Name  :</label>
<input class="login" type="text" name="hdd_name" id="hdd_name" required="required" placeholder="Please enter HDD name"/><br /><br />
<label>Date Archived  :</label>
<input class="login" type="text" name="date_archived" id="date_archived" required="required"  placeholder="Date data was archived"/><br/><br />
<label>Project Name  :</label>
<input class="login" type="text" name="project_name" id="project_name" required="required"  placeholder="Project name"/><br/><br />
<label>Client  :</label>
<input class="login" type="text" name="client" id="client" required="required"  placeholder="Client name"/><br/><br />
<label>Archived by  :</label>
<input class="login" type="text" name="archived_by" id="archived_by" required="required"  placeholder="Name of person archiving data"/><br/><br />
<label>Editor  :</label>
<input class="login" type="text" name="editor" id="editor" required="required"  placeholder="Editor name"/><br/><br />
<label>Other information  :</label><br/><br />
<textarea class="textarea" name="other_information" id="other_information" wrap="virtual" placeholder="Name of person archiving data"/></textarea><br/><br />
<input class="login" type="submit" value=" Submit " name="submit"/><br />
</form>
</div>

</div>
<?php
if(isset($_POST["submit"])){
$servername = "*********";
$username = "***************";
$password = "***************";
$dbname = "****************";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO data_archive (hdd_name, date_archived, project_name, client, archived_by, editor, other_information)
VALUES (".$_POST["hdd_name"].",".$_POST["date_archived"].",".$_POST["project_name"].",".$_POST["client"].",".$_POST["archived_by"].",".$_POST["editor"].",".$_POST["other_information"].")";

if ($conn->query($sql) === TRUE) {
    echo "<script type= 'text/javascript'>alert('New Record Inserted Successfully');</script>";
} else {
    echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}

$conn->close();
}
?>
</body>
</html>
 
Soldato
Joined
28 Oct 2006
Posts
12,456
Location
Sufferlandria
Does it give you any of the error messages or the success message?
Is there anything in the php error log?

Can you manually connect to the database using those credentials (via phpmyadmin, MySQL Workbench, etc) and edit that table?
 
Associate
OP
Joined
28 Dec 2002
Posts
2,400
Location
Northern Ireland
I have checked and there is no errors in the php log, I am not getting any messages of any type, success or error when submitting.

I can manually add information via phpmyadmin.

I can view the older information via the same connection.
 
Soldato
Joined
13 Jun 2009
Posts
4,230
Location
My own head
I would get new code... that's pretty open to malicious use :D

There's no escaping there, so users can break this super easy, unless you've got some funky stuff going on that we can't see?

Not tested, but this might work - Although the fact you're taking raw user input is massively dangerous... so hope this is just a school project :)

PHP:
<html>
<head>
<title>insert data in database using mysqli</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>

<div id="login">
<h2>Data Archive</h2>
<hr/>
<form action="" method="post">
<label>HDD Name  :</label>
<input class="login" type="text" name="hdd_name" id="hdd_name" required="required" placeholder="Please enter HDD name"/><br /><br />
<label>Date Archived  :</label>
<input class="login" type="text" name="date_archived" id="date_archived" required="required"  placeholder="Date data was archived"/><br/><br />
<label>Project Name  :</label>
<input class="login" type="text" name="project_name" id="project_name" required="required"  placeholder="Project name"/><br/><br />
<label>Client  :</label>
<input class="login" type="text" name="client" id="client" required="required"  placeholder="Client name"/><br/><br />
<label>Archived by  :</label>
<input class="login" type="text" name="archived_by" id="archived_by" required="required"  placeholder="Name of person archiving data"/><br/><br />
<label>Editor  :</label>
<input class="login" type="text" name="editor" id="editor" required="required"  placeholder="Editor name"/><br/><br />
<label>Other information  :</label><br/><br />
<textarea class="textarea" name="other_information" id="other_information" wrap="virtual" placeholder="Name of person archiving data"/></textarea><br/><br />
<input class="login" type="submit" value=" Submit " name="submit"/><br />
</form>
</div>

</div>
<?php
if(isset($_POST["submit"])){
$servername = "*********";
$username = "***************";
$password = "***************";
$dbname = "****************";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO data_archive (hdd_name, date_archived, project_name, client, archived_by, editor, other_information)
VALUES ('
$_POST["hdd_name"],
$_POST["date_archived"],
$_POST["project_name"]
$_POST["client"],
$_POST["archived_by"],
$_POST["editor"],
$_POST["other_information"]
')";

if ($conn->query($sql) === TRUE) {
    echo "<script type= 'text/javascript'>alert('New Record Inserted Successfully');</script>";
} else {
    echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}

$conn->close();
}
?>
</body>
</html>
 
Last edited:
Back
Top Bottom