In my HTML file, posts to mysql are not being saved-CodePudding

I'm running xampp, when I submit the values in the form it is not being saved in the database (I checked the database and it is also not saved there), it spits out the error "Records not saved" from my php file.

Here is the HTML

<form action="connect.php" class="row" method="POST">
        <div class="col-lg-6 col-md-6 mb-3">
          <input type="text" placeholder="first name" name="fname" class="shadow form-control form-control-lg" required>
        </div>
        <div class="col-lg-6 col-md-6 mb-3">
          <input type="text" placeholder="last name" name="lname" class="shadow form-control form-control-lg" required>
        </div>
        <div class="col-lg-12 mb-3">
          <input type="email" placeholder="email address" name="email" class="shadow form-control form-control-lg" required>
        </div>
        <div class="col-lg-12 mb-3">
          <textarea placeholder="your query" name="note" rows="8" class="shadow form-control form-control-lg" required></textarea>
        </div>
        <div class="text-center d-grid mt-1">
          <button type="button submit" class="btn btn-primary rounded-pill pt-3 pb-3">
            submit
            <i class="fas fa-paper-plane"></i>
          </button>
        </div>
      </form>

Here is the php code:

<?php

//Database records.The records we have in the database

$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$note = $_POST['note'];

//Making DataBase connection

$servername = 'localhost';
$username = 'root';
$password = '';
$dbname = 'company';
$conn = new mysqli($servername,$username,$password,$dbname);

//Checking for errors and inserting data into the database

if ($conn-> connect_error) {
       die('connection failed :' .$conn-> $connect_error);
}



else {
       $sql = ("INSERT INTO orders(fname,lname,fname,note)
       VALUES ('$fname','$lname','$email','$note')");
}

$sql = mysqli_query($conn, $sql);

// $sql conditions which will be displayed after clicking the save button

if ($sql == true) {
       echo "Records saved";
} else {
       echo "Records not saved  ";
}

?>

CodePudding user response：

$sql = ("INSERT INTO orders(fname,lname,fname,note)
       VALUES ('$fname','$lname','$email','$note')");

You put wrong in field fname 2 times.

fname,lname,fname,note -> fname,lname,email,note

CodePudding user response：

You really ought to adopt prepared statements when dealing with any user supplied data to help mitigate sql injection. The error in the original sql ( as noted by @Tartarus ) should not have prevented the record from being added successfully unless the data was too long for the column but the mistake in the HTML might - namely <button type="button submit" should simply be <button type="submit" or perhaps more simply:

<button class="btn btn-primary rounded-pill pt-3 pb-3">
    submit
    <i class="fas fa-paper-plane"></i>
</button>

The default type for a button is submit!

How you might use a prepare statement...

<?php

    if( isset(
        $_POST['fname'],
        $_POST['lname'],
        $_POST['email'],
        $_POST['note']
    )){
    
        $servername = 'localhost';
        $username = 'root';
        $password = '';
        $dbname = 'company';
        $conn = new mysqli($servername,$username,$password,$dbname);
    
        $sql='INSERT INTO `orders` (`fname`,`lname`,`email`,`note`) values(?,?,?,?)';
        $stmt=$conn->prepare($sql);
        $stmt->bind_param('ssss', $_POST['fname'], $_POST['lname'], $_POST['email'], $_POST['note'] );
        $stmt->execute();
        $rows=$stmt->affected_rows;
        echo $rows==1 ? 'Record saved' : 'Record not saved';
        
        $stmt->close();
        $conn->close();
    }

?>