0

I'm having trouble sending my forms to my database. I've tried for an hour to fix the issue; I riddled my code with "echo mysqli_error();" but received no error, simply a lack of the new data into my database (it seems as if the submit form isn't reloading the page to send the info either). The database works for the rest of my pages using config.php, connectDB.php and header.php, so the problem isn't in the database setup. I believe that the error is within the "isset($_POST['submit'])", since it doesn't reload the page with the header(), but I'm providing the rest of my code just in case. (I know this code isn't protected against SQL Injection, form validation is the next step after I fix this):

<?php
require_once ("Includes/config.php"); 
require_once  ("Includes/connectDB.php");
include("Includes/header.php");
if (isset($_POST['submit'])){
                $name = $_POST['name'];
                $email = $_POST['email'];
                $content = $_POST['content'];
                $query = "INSERT INTO requests (name, email, content) VALUES (?, ?, ?)";

                $statement = $databaseConnection->prepare($query);
                $statement->bind_param('sss', $name, $email, $content);
                header('Location: /index.php');

                $statement->execute()
                $statement->store_result();
                setcookie("nameErr"," ", time()+3600);
                setcookie("emailErr"," ", time()+3600);
                setcookie("contentErr"," ", time()+3600);
                setcookie("contentSucc","Announcement Request Successful", time()+3600);
                header('Location: /request.php');

}
?>
<div id="main">
        <ol>
            <li>
                <label for="name">Name:</label> 
                <input type="text" name="name" value="" id="name" />
                <span class="error">* <?php if (isset($_COOKIE["nameErr"])){echo $_COOKIE["nameErr"];}?></span>
            </li>
            <li>
                <label for="email">Email:</label>
                <input type="text" name="email" value="" id="email" style = "position: relative; left: 3px;"/>
                <span class="error" style = "position: relative; left: 3px;">* <?php if (isset($_COOKIE["emailErr"])){echo $_COOKIE["emailErr"];}?></span>
            </li>
            <li>
                    <label for="content">Requested Announcement:</label><br>
                    <textarea rows="18" cols="140" name="content" id="content"></textarea>
                    <br>
                    <span class="error"> <?php if (isset($_COOKIE["contentErr"])){echo $_COOKIE["contentErr"];}?></span>
                    <span class="error"> <?php if (isset($_COOKIE["contentSucc"])){echo $_COOKIE["contentSucc"];}?></span>
            </li>
        </ol>
        <input type="submit" name="submit" value="Submit " style = "position: relative; left: 40px;" /> 
        <!-- onclick="window.location='request.php';" -->   
        <p>
            <a class="cancel" href="index.php" style = "position: relative; left: 40px;">Cancel</a>
        </p>
</div>
Improve this question
4
  • 2
    You don't seem to have a <form> declaration anywhere... Commented Apr 25, 2014 at 23:26
  • This is what happens when you try to code with 3 hours of sleep. Sorry, I'll make that edit. Thank you! Commented Apr 25, 2014 at 23:28
  • 1
    I'd be suspicious of that header() call just before the execute(). Do your server error logs say anything? Commented Apr 25, 2014 at 23:29
  • That was me forgetting to remove that after testing my code using header(). I think Justin got it! Commented Apr 25, 2014 at 23:31

1 Answer 1

Reset to default
1
  1. Your redirecting to another webpage before the SQL is executed.
  2. You don't have a semicolon at the end of the line.
  3. You don't have a <form> around the <input> tags.
  4. You shouldn't have to do very much else to stop SQL injection. As long as your using MySQLi properly, your fine.

Change this

            $statement->bind_param('sss', $name, $email, $content);
            header('Location: /index.php');

            $statement->execute()

to this

            $statement->bind_param('sss', $name, $email, $content);
            $statement->execute();
            $statement->close();

            header('Location: /index.php');
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I'll give you the correct answer, but Justin actually got it: I forgot to define the form. That header() was the vestiges of me using an if statement to test the code to see what was happening.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.