I am trying to create a simple catalog. I have a sqlConnect.php file that contains the following
<?php
$host = 'localhost';
$db = 'books';
$user = 'root';
$pass = 'password';
$con = mysqli_connect($host, $user, $pass, $db);
if ($con) {
echo 'Successfully connected to database!';
} else{
die('Did not connect');
}
?>
I then have the actual book.php (index page) that contains the following code:
<?php
include_once 'sqlConnect.php';
?>
<!doctype html>
<html lang="en">
<head>
<title> Library Catalog </title>
</head>
<style>
h1 {
color: #08298A;
}
</style>
<body>
<h1> <center> Library Catalog </center> </h1>
<h4> <center> Add a New Book </center> </h4>
<center>
<form method="POST">
<input type="text" name="title" placeholder="Title" id="title">
<input type="text" name="author" placeholder="Author" id="author">
<input type="text" name="genre" placeholder="Genre" id="genre">
<input type="text" name="quantity" placeholder="Quantity" id="quantity">
<input type="submit" name="submit" value="Submit"/>
<!-- <button type="submit" name="submit"> Submit</button> -->
</form>
</center>
<?php
$title = $_POST['title'];
$author = $_POST['author'];
$genre = $_POST['genre'];
$quantity = (int)$_POST['quantity'];
$submit = $_POST['submit'];
if ($submit) {
$sql = "INSERT INTO catalog (id, title, author, genre, quantity) VALUES (NULL, '$title', '$author', '$genre', '10');";
mysqli_query($con, $sql);
}
?>
</body>
</html>
When I enter in values on the page and hit submit, nothing happens. I have tested to make sure the query is acceptable. I ran into the issue that "quantity" is actually set to a string not an int like it wants in database so i just hard coded in a 10 for now. I can get the query code to work if I place it in sqlConnect.php but it will not work inside of book.php. Am I not connecting to the database correctly by including the sqlConnect.php class?
Any help would be greatly appreciated!
Try this
If (isset($_POST('submit')){
$title = mysqli_real_escape_string($con,$_POST('title'));
$author = mysqli_real_escape_string($con, $_POST('author'));
$genre = mysqli_real_escape_string($con,$_POST('genre'));
$quantity = mysqli_real_escape_string($con, $_POST('quantity'));
$query = "INSERT INTO catalog (title, author, genre, quantity) VALUES ('$title', '$author', '$genre', '$quantity');
$ret = mysqli_query($con, $query);
If(!$ret){
die( mysqli_error($con));
}
else{
echo 'query was successful ';
}
else{
echo 'post is not set);
}
I hope this helps.
I took your code and added some enhancements for my own purposes. I tested this on my own system. If it does not work for you then there is some system issue on your side.
Triple check your database credentials and permissions.
This code is going to write to debug.log.
book.php
<?php
include_once 'Log.php';
include_once 'sqlConnect.php';
?>
<!doctype html>
<html lang="en">
<head>
<title> Library Catalog </title>
</head>
<style>
h1 {
color: #08298A;
}
</style>
<body>
<h1> <center> Library Catalog </center> </h1>
<h4> <center> Add a New Book </center> </h4>
<center>
<form method="POST">
<input type="text" name="title" placeholder="Title" id="title">
<input type="text" name="author" placeholder="Author" id="author">
<input type="text" name="genre" placeholder="Genre" id="genre">
<input type="text" name="quantity" placeholder="Quantity" id="quantity">
<input type="submit" name="submit" value="Submit"/>
<!-- <button type="submit" name="submit"> Submit</button> -->
</form>
</center>
<?php
\Log\Log::debug('_POST ' . print_r($_POST, true));
$title = $_POST['title'] ?? null;
$author = $_POST['author'] ?? null;
$genre = $_POST['genre'] ?? null;
$quantity = (int) ($_POST['quantity'] ?? 0);
$submit = $_POST['submit'] ?? null;
if ( $submit ) {
$sql = "INSERT INTO catalog (title, author, genre, quantity) VALUES ('$title', '$author', '$genre', $quantity);";
\Log\Log::debug($sql);
if ( ! mysqli_query($con, $sql) ) {
\Log\Log::debug(mysqli_error ( $con ));
}
}
?>
</body>
</html>
Log.php
<?php
namespace Log;
class Log {
static function debug($msg) {
$file = 'debug.log';
file_put_contents($file, strftime('%Y-%m-%d %T ') . $msg . "
", FILE_APPEND);
}
}
Change this code:
<?php
$title = $_POST['title'];
$author = $_POST['author'];
$genre = $_POST['genre'];
$quantity = (int)$_POST['quantity'];
$submit = $_POST['submit'];
if ($submit) {
$sql = "INSERT INTO catalog (id, title, author, genre, quantity) VALUES
(NULL, '$title', '$author', '$genre', '10');";
mysqli_query($con, $sql);
}
?>
to this:
<?php
$title = $author = $genre = $quantity = $submit = '';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$title = $_POST["title"];
$author = $_POST["author"];
$genre = $_POST["genre"];
$quantity = $_POST["quantity"];
$sql = "INSERT INTO catalog (id, title, author, genre, quantity) VALUES
(NULL, '$title', '$author', '$genre', '10');";
mysqli_query($con, $sql);
}
?>
After that works, you should use run some kind of security function on your input like this:
// handles form input security
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
You can run test_input() on each $_POST[] data to prevent security problems