I am looking to insert the data from the php form in to the mysql database via the PHP code located on the same page.
<?php
if (isset($_POST['submit'])){
$con=mysqli_connect("localhost","root","********","*********");
$sql="INSERT INTO drafts (id, title, description, post, author, category, declined)
VALUES
('','$_POST[title]',$_POST[description],$_POST[post],$_POST[author],$_POST[category],0)";
echo "Droplet Successfully Added!";}
?>
<form action="create-post.php" method="post">
Title: <br /><input type="text" name="title"><br /><br />
Description: <br /><textarea name="description"></textarea><br /><br />
Post: <br /><textarea name="post"></textarea><br /><br />
Author: <br /><input type="text" name="author"><br /><br />
Category: <br /><input type="text" name="category"><br /><br />
<input class="btn btn-info" type="submit" value="Submit for review">
</form>
Currently, when a user fills out the form above and clicks the submit button, the form data is sent for processing to a PHP file named create-post.php.
Now, if you leave the action attribute empty, the form will submit to itself:
<?php
if (isset($_POST['submit'])) {
$con=mysqli_connect("localhost","root","********","*********");
$sql="INSERT INTO drafts (id, title, description, post, author, category, declined)
VALUES
('','$_POST[title]',$_POST[description],$_POST[post],$_POST[author],$_POST[category],0)";
echo "Droplet Successfully Added!";
}
?>
<form action="" method="post">
Title: <br /><input type="text" name="title"><br /><br />
Description: <br /><textarea name="description"></textarea><br /><br />
Post: <br /><textarea name="post"></textarea><br /><br />
Author: <br /><input type="text" name="author"><br /><br />
Category: <br /><input type="text" name="category"><br /><br />
<input class="btn btn-info" type="submit" value="Submit for review">
</form>
When a user visits the page, $_POST['submit'] won't be set, and the statements inside the if block won't get executed and the form will be displayed. Once the form is filled out and the user clicks the submit button, the $_POST super-global array will be populated with the form inputs,the if condition will evaluate to TRUE and thus the statements will get executed.
Unrelated note: you're currently accepting user inputs and directly inserting it in your query. It's vulnerable to SQL injection. Never ever trust user inputs. See bobby-tables to understand more about SQL injection and how to prevent it.
change <form action="create-post.php" method="post"> to <form action="" method="post"> for same page insert.
Correct the query like $sql="INSERT INTO drafts (title,description,post,author,category,declined) VALUES ('$_POST[title]', '$_POST[description]', '$_POST[post]', '$_POST[author]', '$_POST[category]', 0)";
Add this line $query = mysqli_query($con,$sql);
this three changes will do the work but its not the best practice, you are accepting direct input from user so vulnerable to SQL injection.