I am unable to pass the following form data:
<form method="post" action="form.php" id="contact" enctype="multipart/form-data">
<fieldset>
<legend>Contact Us</legend>
<div id="conleft">
<label>First Name:</label><input type="text" name="firstName" required />
<label>Last Name:</label><input type="text" name="lastName" required />
<label>House/Flat No:</label><input type="text" name="houseNum" />
<label>Address:</label><input type="text" name="address" />
<label>Town/City:</label> <input type="text" name="city" />
<label>Postcode:</label> <input type="text" name="postcode" />
<label>Telephone:</label> <input type="tel" name="telephone" />
<label>Email:</label> <input type="email" name="email" required />
</div>
<div id="conright">
<label>Enquiry:</label><textarea name="description" rows="13" required ></textarea>
<label>Date:</label><input type="month" name="date" /><br /><br />
<input type="submit" name="submit" value="Send" />
<input type="reset" name="Reset" value="Reset" />
<input type="hidden" name="customerNo" />
<input type="hidden" name="enquiryNo" />
<input type="radio" name="type" value="customer" checked />
</div>
</fieldset>
</form>
with the following PHP to MySQL database
<?php
$con=mysqli_connect("localhost", "root", "myuser","mypass");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql1="INSERT INTO customers (NULL, firstName, lastName, houseNum, address, city, postcode, telephone, email, type)
VALUES ('$_POST[customerNo]','$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
mysqli_query($con,$sql1);
$sql2="INSERT INTO enquiry (NULL, customerNo, description, date)
VALUES ('$_POST[enquiryNo]','$_POST[customerNo]','$_POST[description]','$_POST[lastName]','$_POST[date]')";
mysqli_query($con,$sql2);
echo "<script language=javascript>window.location = 'thanks.html';</script>";
mysqli_close($con);
?>
The web page acts as if the form data has been sent by showing the thank.html page when submitted, but no data is populated in the database. I've set AUTO INCREMENT, PRIMARY and FOREIGN keys, is it the way I am trying to the pass the values?
use '".$_POST['customerNo']."' instead of '$_POST[customerNo]' and something like that for all $_POST values in your INSERT command
EDIT 1:
It seems customerNO and enquiryNo are auto-increment columns. So
$sql1="INSERT INTO customers (NULL, firstName, lastName, houseNum, address, city, postcode, telephone, email, type)
VALUES ('$_POST[customerNo]','$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
should be
$sql1="INSERT INTO customers (customerNo, firstName, lastName, houseNum, address, city, postcode, telephone, email, type)
VALUES (NULL,'$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
mysqli_query($con,$sql1);
$customerNO=mysql_insert_id();
and then
$sql2="INSERT INTO enquiry (NULL, customerNo, description, date)
VALUES ('$_POST[enquiryNo]','$_POST[customerNo]','$_POST[description]','$_POST[lastName]','$_POST[date]')";
should be
$sql2="INSERT INTO enquiry (enquiryNO, customerNo, description, date)
VALUES (NULL,'$customerNo','$_POST[description]','$_POST[lastName]','$_POST[date]')";
Try to change the first query as following :
$sql1="INSERT INTO customers (customerNo,firstName, lastName, houseNum, address, city, postcode, telephone, email, type)VALUES('{$_POST['customerNo']}','{$_POST['firstName']}','{$_POST['lastName']}','{$_POST['houseNum']}','{$_POST[address]}','{$_POST['city']}', '{$_POST['postcode']}','{$_POST['telephone']}','{$_POST['email']}','{$_POST['type']}')";
and the second query like this :
$sql2="INSERT INTO enquiry (enquiryNo,customerNo, description,lastname,date)VALUES('{$_POST['enquiryNo']}','{$_POST['customerNo']}','{$_POST['description']}','{$_POST['lastName']}','{$_POST['date']}')";
Try that and tell me the result :)
It looks like you're trying to insert a value into the NULL column, which is presumably meant to be the ID or No column? I'm assuming your Primary Keys are customerNo and enquiryNo, try the code below:
$sql1 = "INSERT INTO customers (firstName, lastName, houseNum, address, city, postcode, telephone, email, type) VALUES ('$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
mysqli_query($con, $sql1) or die('Query 1 Failed: '.mysqli_error($con));
$customer_no = mysqli_insert_id($con);
$sql2 = "INSERT INTO enquiry (customerNo, description, date) VALUES ('$customerNo','$_POST[description]','$_POST[lastName]','$_POST[date]')";
mysqli_query($con, $sql2) or die('Query 2 Failed: '.mysqli_error($con));
To get the primary key of a newly inserted record you can use mysqli_insert_id().
I've also added some error trapping for if the query fails. I would recommend looking in to prepared statements as these will help protect your database from SQL injection attacks.
Well first of all, you NEED to check your posted inputs for SQL injection.
But if you do this, for now, it should work
$sql1="INSERT INTO customers (NULL, firstName, lastName, houseNum, address, city, postcode, telephone, email, type) VALUES ('". $_POST['customerNo'] ."','".$_POST['firstName'] ."','".$_POST['lastName'] ."','".$_POST['houseNum'] ."','". $_POST['address'] ."','". $_POST['city'] ."','". $_POST['telephone'] ."', '". $_POST['postcode'] ."','". $_POST['email'] ."','". $_POST['type'] ."')";
mysqli_query($con,$sql1) or die(print_r(mysqli_error()));
for a simple SQL injection cleanser, I use this,
function scrubSQL($con,$string)
{
$string = htmlspecialchars(strip_tags(trim($string)));
$string = str_replace("'","",$string);
$string = mysqli_real_escape_string($con,$string);
return $string;
}