i want data inputed form user submitted database. reason code isn't working?
<form action="newpostsubmit.php" method="post"> <h2 class="form-signin-heading">new post (beta)</h2> <div class="form-group"> <label for="title">title</label> <input type="text" class="form-control" name="title" id="title"> </div> <br> <div class="form-group"> <label for="post">post</label> <textarea class="form-control" rows="5" name="post" id="post"></textarea> </div> <br> <input type="submit"> </form> php submit
<?php //connecting sql db. $connect = mysqli_connect("localhost","root","pwd","db"); //sending form data sql db. mysqli_query($connect,"insert posts (title, post) values ('$_post[title]', '$_post[post]')"; ?>
first, $_post variables incorrect you're forgetting quote item $_post['title'].
second, should use prepared statements. they'll make code cleaner , have added benefit of protecting against sql injection attacks..
you should perform minimal error checking of connection , queries, you're missing information successful. errors in error log, can make them echo out screen.
//connecting sql db. $connect = mysqli_connect("localhost","root","pwd","db"); if (!$connect) { echo "connection failed: ". mysqli_connect_error(); exit(); } //sending form data sql db. $stmt = mysqli_prepare($connect, "insert `posts` (`title`, `post`) values (?,?)"); mysqli_stmt_bind_param($stmt, 'ss', $_post['title'], $_post['post'] ); // execute prepared statement mysqli_stmt_execute($stmt); // there problem? if(mysqli_stmt_error($stmt)) { echo "there error performing query, " . mysqli_stmt_error($stmt); } there a lot going on here, notable prepare() use placeholders variables (?) , mysqli_stmt_bind_param() bind variables, strings (s each item) query.
finally, check if there errors , echo screen mysqli_stmt_error()
note: make sure handle errors gracefully users, never displaying actual problems them exposes site attacks. echoing information screen, being done here, fine during development stage.
Comments
Post a Comment