Why wont my form add to database after adding if(isset($_POST['save']))?

Question

0.00/5 (No votes)

See more:

I have a form that adds records to a database. Every time I would refresh the page it added a blank record. I narrowed it down to the php file that executes the sql query. When I reload this php file in the browser it adds empty records. I've searched and I think it has something to do with if(isset($_POST['save'])) missing. 

I've enclosed the code inside the if(isset($_POST['save'])). It doesn't add records on reloads now, but when submitting the form it doesn't add anything to the database. The input submit is named "save". Here's the form code....

HTML

<form id="myform"  enctype="multipart/form-data" method="post" >
<p><label>Tracking Code<span style="color: red;">*</span> 
</label><br>
  <input type="text" id="code" name="code" required></p>

<p id="userhidden" style="display:none"><font color="#000000"> 
[swpm_show_member_info column="user_name"]</font></p>
<p><label>Username<span style="color: red;">*</span> 
</label><br>
  <input id="username2" type="text" name="username"  readonly 
required> 
</p>


<p><label>Address</label><br>
  <input type="text" name="address" id="address" placeholder="E.g. 
1313 
Mockingbird Ln."></p>

<p><label>City<span style="color: red;">*</span> 
</label><br>
  <input type="text" name="city" id="city" placeholder="E.g. 
Mockingbird 
Heights" required></p>

<p><label>State<span style="color: red;">*</span> 
</label><br>
  <input type="text" name="state" id="state" placeholder="E.g. 
California" required></p>

<p><label>Country<span style="color: red;">*</span> 
</label><br>
  <input type="text" name="country" id="country" placeholder="E.g. 
US" 
required></p>

<p><label>Note</label><br>
  <textarea name="note" rows="8" cols="40" placeholder="Write a note 
for 
all to read."></textarea></p>

<p><label for="file-select">Upload Photo of your duck:</label><br>
  <!-- <input type="file" name="upload" id="file-select"></p> -->
  <input type="file" name="uploadfile" value="" accept="image/png, 
image/jpeg"/><br><br>



<input  type="submit" value="Log Duck!" id="btnSendData" name="save" 
class="button button1" ><br />

</form>

Here is the php code...

PHP

<?php

//$_POST['save'] being the input submit with name="save"
if(isset($_POST['save'])) { 
$servername = "localhost:3306";
$database = "keljohns_duck_tracking";
$username = "keljohns_kelly";
$password = "Kjohnson5488!";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected to database successfully.";
//echo $_FILES["uploadfile"]["name"];


if(true)
{
$filename ="";

if (empty($_FILES['uploadfile']['name'])){
    $_FILES['uploadfile']['name'] = "default.jpg";
    $filename = $_FILES['uploadfile']['name'];
}
else{
    $filename = $_FILES["uploadfile"]["name"];
    $tempname = $_FILES["uploadfile"]["tmp_name"];
        $folder = "img/".$filename;


        if (move_uploaded_file($tempname, $folder))  {
            $msg = "Image uploaded successfully";
        }else{
            $msg = "Failed to upload image";
      }
}

    $code = ($_POST['code']);
    $username =  ($_POST['username']);
    $address =  ($_POST['address']);
    $city =  ($_POST['city']);
    $state =  ($_POST['state']);
    $country =  ($_POST['country']);
    $note =  ($_POST['note']);
    $date=date("Y-m-d");


$sql = "INSERT INTO ducks (code, username, address, city, state, country, upload, note, date)
      VALUES ('$code','$username','$address','$city','$state','$country','$filename', '$note', 
'$date')";

if (mysqli_query($conn, $sql)) {
  echo "";
} else {
  echo "Error: " . $sql . "<br>" . mysqli_error($conn);

}

mysqli_close($conn);
}
//  }

}
?>

What I have tried:

First it was inserting blank records into the DB. After I added the if(isset($_POST['save'])) line it doesn't add anything to the DB now.

Posted 12-Nov-21 13:52pm

Kelly Johnson 2021

Add a Solution

Comments

Peter_in_2780 13-Nov-21 0:18am

Right up front in your PHP, put

var_dump($_POST);

and see what it shows. You should be able to figure it from there.

Kelly Johnson 2021 13-Nov-21 18:02pm

It still doesn't add to the DB, but I now show array(0) { } at the bottom of the page.

Kelly Johnson 2021 13-Nov-21 18:17pm

I added it on the second line after

Richard Deeming 15-Nov-21 3:58am

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)