I need to create a form about companies with couple of information (as you can see down below), but every time I want to upload a new row I get 1’s in every column.
So, I want to know what should I do with my code?
<?php
include('mysql.php');
if ($_POST) {
$companyName = isset($_POST['cname']);
$address = isset($_POST['address']);
$phoneNubmber = isset($_POST['phoneNubmber']);
$result = $connection->query("INSERT INTO `companies`
(`name`, `email`, `phone`) VALUES('$cegnev ',
'$address', '$pn')");
header('Location: http://localhost/phptest/test.php');
mysqli_close($connection);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Form</title>
<meta charset="UTF-8">
<link rel="stylesheet" tpe="text/css" href="urlapcss.css">
</head>
<body>
<div id="container">
<form id="reg" action="test.php" method="post">
<fieldset>
<legend>Form</legend>
<ol>
<li>
<label for="cname">Name of the company<em>*</em></label>
<input id="cname" type="text" name="cname"/>
</li><li>
<label for="address">Email<em>*</em></label>
<input id="address" type="text" name="address"/>
</li><li>
<label for="phoneNubmber">Phone number<em>*</em></label>
<input id="phoneNubmber" type="text" name="phoneNubmber" />
</li>
</ol>
</fieldset>
<input type="submit" value="OK"/>
</form>
</div>
</body>
</html>
Btw, the mysql.php, if you wondering what this .php file contains :
<?php
$host = "localhost";
$userName = "root";
$password = "";
$DBname = "hgeza06";
$connection = new mysqli($host, $userName, $password, $DBname);
if ($connection->connect_error) {
die("Error");
} else {
echo "Succes!";
}
?>
2
Answers
isset($_POST['cname'])
– will return1
if you have$_POST['cname']
or0
if you don’t have it.A better way will be :
For starters, your variable names are inconsistent. You create a variable called
$companyName
and then try to use it as$cegnev
. Same problem with your$phoneNubmber
variable (which itself also contains a typo). Use the variables that you define.Once that’s corrected… This return a boolean (true/false) value:
So you’re literally inserting
true
andfalse
values into your database, which get interpreted as1
and0
. Get the actual values:Use
isset()
to determine conditionally what you want to do if the value is or is not set, but don’t use it to try and get the value itself.Finally, and this is important, your code is wide open to SQL injection. (Or is about to be anyway, and it’s by coincidence and error alone that it isn’t currently open to it.) There is great information here on what to do about that. This is important because SQL injection vulnerabilities are both a major security hole (and thus a bad habit to allow to continue) but also a very common source of bugs and unexpected behavior in code.