Can't get HTML form to connect to DB

[### Username (e.g. epiz_XXX) or Website URL

(please specify the website or account you are asking about)](http://cws.epizy.com/book-ladder-match.php)

Error Message

(please share the FULL error message you see)

Other Information

(other information and details relevant to your question)
G’day, I can’t connect my html form to db after submit using the below code.
I can send form field data to another page successfully if I set form action=“ladder-matches.php”, but sending to the db with form action=“book-ladder-match-form.php” doesn’t work. DB table displays as empty. No error message that I can see.

<?php
if(isset($_POST['submit']))
    {
        $date = $_POST['date'];
        $time = $_POST['time'];
        $challenger = $_POST['challenger'];
	$opponent = $_POST['opponent'];
        
        //database details.
        $host = "sql101.epizy.com";
        $username = "epiz_32459765";
        $password = "XXXXXXXXXXXXX";
        $dbname = "epiz_32459765_cwsdb";

        //create connection
        $con = mysql_connect($host, $username, $password, $dbname);
        //check connection if it is working or not
        if (!$con)
        {
            die("Connection failed!" . mysql_connect_error());
        }
        //This below line is a code to Send form entries to database
        $sql = "INSERT INTO bookladdermatch_form (id, date_fld, time_fld, challenger_fld, opponent_fld) VALUES ('0', '$date', '$time', '$challenger', '$opponent')";
      //fire query to save entries and check it with if statement
        $rs = mysql_query($con, $sql);
        if($rs)
        {
            echo "<p style=color:#006699>Your booking is successful. Good luck.<p>";
        }
      	else{
         	echo "<p style=color:red>Error, Your booking was unsuccessful! Try again.<p>"; 
        }
      //connection closed.
        mysql_close($con);
    }
?>

Oops! I included my password. Changing it now.

When I submit the form, I get this:

image

As it is not one of your defined error messages, I am assuming that there is other code in use.

Also, that code is vulnerable to SQL injection, which can lead to hackers manipulating the form data, perhaps deleting all your data, causing a data breech, or both.

Can you share the entire code for the “book-ladder-match-form.php” file? Because even if I visit the file directly using a GET request, I still get a success message.

3 Likes
Thank you. Much appreciated for your help. As a newbie to php I'm getting scripts for Google searches. Some helpful, some not : )
Ignore DB password below as it's been changed.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Cue Well Snooker</title>
<link rel="icon" type="image/x-icon" href="/images/favicon.ico">
<meta name="viewport" content="width=device-width, initial-scale=1">

<!-- Link css file -->
    <link href="css/style.css" rel="stylesheet" type="text/css">

</head>

<body>

    <div class="header">
        <!-- Logo -->
        <a href="index.php" class="logo"><img src="images/cws.png" style="border: 0px"></a>
</div>
<!-- Navigation bar -->
        <div class="topnav" id="myTopnav">
  <a href="index.php" class="active">Home</a>
  <a href="submit-results.php">Submit Results</a>
  <a href="ladder-standings.php">Ladder Standings</a>
  <a href="ladder-matches.php">Ladder Matches</a>
  <a href="ladder-results.php">Ladder Results</a>
  <a href="book-ladder-match.php">Book Ladder Match</a>
  <a href="comp-rego.php">Comp Rego</a>
  <a href="comp-registered-players.php">Comp Registered Players</a>
  <a href="comp-results.php">Comp Results</a>
  <a href="player-contacts.php">Player Contacts</a>
  <a href="contact-admin.php">Contact Admin</a>
  <a href="javascript:void(0);" style="font-size:15px;" class="icon" onclick="myFunction()">&#9776;</a>
</div>
    
<script>
function myFunction() {
  var x = document.getElementById("myTopnav");
  if (x.className === "topnav") {
    x.className += " responsive";
  } else {
    x.className = "topnav";
  }
}
</script>
<!-- Container -->
<div class="container">

<div class="pageheading">
<h1>Success</h1>
</div>
<?php
if(isset($_POST['submit']))
    {
        $date = $_POST['date'];
        $time = $_POST['time'];
        $challenger = $_POST['challenger'];
		$opponent = $_POST['opponent'];
        
        //database details.
        $host = "sql101.epizy.com";
        $username = "epiz_32459765";
        $password = "G2JGPHmHO8vY9";
        $dbname = "epiz_32459765_cwsdb";

        //create connection
        $con = mysql_connect($host, $username, $password, $dbname);
        //check connection if it is working or not
        if (!$con)
        {
            die("Connection failed!" . mysql_connect_error());
        }
        //This below line is a code to Send form entries to database
        $sql = "INSERT INTO bookladdermatch_form (id, date_fld, time_fld, challenger_fld, opponent_fld) VALUES ('0', '$date', '$time', '$challenger', '$opponent')";
      //fire query to save entries and check it with if statement
        $rs = mysql_query($con, $sql);
        if($rs)
        {
            echo "<p style=color:#006699>Your booking is successful. Good luck.<p>";
        }
      	else{
         	echo "<p style=color:red>Error, Your booking was unsuccessful! Try again.<p>"; 
        }
      //connection closed.
        mysql_close($con);
    }
?>
</div>

</body>
</html>

I tried submitting the form using a different browser after clearing DNS cache. I did not see and success or failed connection message.
Checking the db shows -
MySQL returned an empty result set (i.e. zero rows). (Query took 0.0003 seconds.)
SELECT * FROM bookladdermatch_form

id date_fld time_fld challenger_fld opponent_fld


When I click submit I get this.
Even no input also showing same.

The issue is that your code is never triggering in the first place.

On the first line of PHP, you are waiting for submit to be posted. However, it never is, because your form is not setup to post it:
image

The easy way to fix it would be to change this line:
image

To this:
image

Which gives you this:
image

However, your code now returns an HTTP 500 error (Which means it is running, but failing).
image

Try replacing the line that defines $sql with this:

$sql = "INSERT INTO `bookladdermatch_form` (`id`, `date_fld`, `time_fld`, `challenger_fld`, `opponent_fld`) VALUES ('0', '$date', '$time', '$challenger', '$opponent')";

If that does not work, open PHPMyAdmin, click on the table bookladdermatch_form, then screenshot the entire page and paste the screenshot here.

3 Likes

So sorry, but the code changes did not work. I’ve attached screenshot as requested.
Also, should we be wasting time here if my code is vulnerable to SQL injection? Should I be searching for a more secure method of code?

The mysql_* functions were removed from PHP almost 7 years ago. Please use mysqli or PDO instead to connect to the database instead.

And please think twice before using a 10 year old tutorial next time. Programming languages evolve over time, and what was once the right way to do things may no longer be the best way or not even work at all anymore.

4 Likes

Thanks for the advice. I did not know the code was from a 10 year old tutorial. I know nother about programming languages,
As Greenreader9 pointed out with vulnerable to SQL injection, I’m rethinking all my forms coding. I think I have some learning to do here before I proceed any further with the forms and db.
Sorry if I’ve caused any hassles.

1 Like

Anyones help here will be greatly appreciated.
I have changed code and now after submitting the form, data is entered into the db table successfully. Yeppie!
However, if I clear my cache, reload the form and submit new data again I get the error message Error, No data recorded.
If I delete the data from the db table (therefore table is now empty), resubmit the form I get the Success message again and the data appears in the db table.
Why does the db table not allow more than one record to be added?
Is this issue with how I have the db table setup or an issue with my mysqli script?
A search on Google has not produced any mention of this issue.

Looking at this code:

$sql = "INSERT INTO bookladdermatch_form (id, date_fld, time_fld, challenger_fld, opponent_fld) VALUES ('0', '$date', '$time', '$challenger', '$opponent')";

You create every item in the table with the id column set to 0. I’m going to assume that the id column is the primary key of the table, which means every record must have a unique value for the id column. MySQL can generate this for you if you set the column to AUTO_INCREMENT, but that’s not going to work if you specifically tell MySQL to store the record with id=0.

So to fix it, set the id column to AUTO_INCREMENT in the database and remove it from the insert query.

6 Likes

Thank you very much. Prolem solved. I continue to learn something new each day. At age 65 I guess that I’m not too old to learn :stuck_out_tongue_winking_eye:

1 Like

If Admin has solved your problem, could you please mark his reply as a solution?

Thanks.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.