skip to Main Content

I need to create a form about companies with couple of information (as you can see down below), but every time I want to upload a new row I get 1’s in every column.

So, I want to know what should I do with my code?

        <?php 
        include('mysql.php');

        if ($_POST) {
                 $companyName = isset($_POST['cname']);
                 $address = isset($_POST['address']);
                 $phoneNubmber = isset($_POST['phoneNubmber']);

                      $result = $connection->query("INSERT INTO `companies` 
                      (`name`, `email`, `phone`) VALUES('$cegnev ', 
                     '$address', '$pn')");

    header('Location: http://localhost/phptest/test.php');

    mysqli_close($connection);
}
?>

<!DOCTYPE html>
<html>
    <head>
        <title>Form</title>
        <meta charset="UTF-8">
        <link rel="stylesheet" tpe="text/css" href="urlapcss.css">
    </head>
    <body>
    <div id="container">
        <form id="reg" action="test.php" method="post">
            <fieldset>
                <legend>Form</legend>
                <ol>
                <li>
                        <label for="cname">Name of the company<em>*</em></label>
                        <input id="cname" type="text"  name="cname"/>
                    </li><li>
                        <label for="address">Email<em>*</em></label>
                        <input id="address" type="text"  name="address"/>
                    </li><li>
                        <label for="phoneNubmber">Phone number<em>*</em></label>
                        <input id="phoneNubmber" type="text" name="phoneNubmber" />
                    </li>
                </ol>
            </fieldset>
            <input type="submit" value="OK"/>
        </form>
    </div>
    </body>
</html>

Here is the table.

Btw, the mysql.php, if you wondering what this .php file contains :

<?php
$host = "localhost";
$userName = "root";
$password = "";
$DBname = "hgeza06";

$connection = new mysqli($host, $userName, $password, $DBname);
if ($connection->connect_error) {
    die("Error");
} else {
    echo "Succes!";
}
?>

2

Answers


  1. isset($_POST['cname']) – will return 1 if you have $_POST['cname'] or 0 if you don’t have it.

    A better way will be :

    $companyName = isset($_POST['cname']) ? $_POST['cname'] : '' ; //add a empty value if is not filled
    $address = isset($_POST['address']) ? $_POST['address'] : '';
    $phoneNubmber = isset($_POST['phoneNubmber']) ? $_POST['phoneNubmber'] : '';
    
    Login or Signup to reply.
  2. For starters, your variable names are inconsistent. You create a variable called $companyName and then try to use it as $cegnev. Same problem with your $phoneNubmber variable (which itself also contains a typo). Use the variables that you define.

    Once that’s corrected… This return a boolean (true/false) value:

    isset($_POST['cname'])
    

    So you’re literally inserting true and false values into your database, which get interpreted as 1 and 0. Get the actual values:

    $companyName = $_POST['cname'];
    

    Use isset() to determine conditionally what you want to do if the value is or is not set, but don’t use it to try and get the value itself.

    Finally, and this is important, your code is wide open to SQL injection. (Or is about to be anyway, and it’s by coincidence and error alone that it isn’t currently open to it.) There is great information here on what to do about that. This is important because SQL injection vulnerabilities are both a major security hole (and thus a bad habit to allow to continue) but also a very common source of bugs and unexpected behavior in code.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search