I am unable to add values from input boxes to a database I created manually. My index form is below.
<!DOCTYPE html>
<Header>
</header>
<body>
<form action="includes/signup.inc.php" method="POST">
<input type="text" name="inputName" placeholder="First Name">
<br>
<input type="text" name="inputLastname" placeholder="Last Name">
<br>
<input type="text" name="inputGender" placeholder="Gender">
<br>
<button type="submit" name="submit"> Sign up </button>
</form>
</body>
I have a signup.inc.php file inside an "includes" folder where the heavy lifting is supposed to occur. See below
<?php
require_once 'dbh.inc.php';
/* Variables from input form for SQL */
$inputName = $_POST['inputName'];
$inputLastname = $_POST['inputLastname'];
$inputGender = $_POST['inputGender'];
/* Using said variables from form to insert into SQL database */
$sql = "INSERT INTO tbl_users (first_name, last_name, gender)
VALUES ('$inputName,' '$inputLastname', '$inputGender');";
mysqli_query($conn, $sql);
/* If this page runs successfully, URL bar should have success */
header("location: ../index.php?signup=success");
?>
From what I understand, I created the variables and slotted them into my SQL statement, pulling values from the form, as seen below. $conn is a variable from dbh.inc.php that is the connection between my PHP project and the database.
The error below is what I get:
Fatal error: Uncaught mysqli_sql_exception: Column count doesn't match value count at row 1 in G:\xampp\htdocs\phptutorial\includes\signup.inc.php:10 Stack trace: #0 G:\xampp\htdocs\phptutorial\includes\signup.inc.php(10): mysqli_query(Object(mysqli), 'INSERT INTO tbl...') #1 {main} thrown in G:\xampp\htdocs\phptutorial\includes\signup.inc.php on line 10
I tried removing altering where DBH was being pulled from and the error changes so I know I'm pulling information from the right file. My database only has users_id which is Auto Increment so I doubt that could be an issue.
CodePudding user response:
If you want to solve this right now without addressing the security matters, it's quite simple. Here:
$sql = "INSERT INTO tbl_users (first_name, last_name, gender)
VALUES ('$inputName,' '$inputLastname', '$inputGender');";
mysqli_query($conn, $sql);
you can see that the ,
is between the ' '
. ('$inputName,'
). This should be, ('$inputName',
). Note the placement of the comma. So the full query becomes:
$sql = "INSERT INTO tbl_users (first_name, last_name, gender)
VALUES ('$inputName', '$inputLastname', '$inputGender');";
mysqli_query($conn, $sql);
However you should really address the problems with security. Please check out prepared statements.
Stackoverflow question regarding SQL injections.
CodePudding user response:
You have an error with your SQL Query. Always use "." when you are adding custom PHP values. try use
$sql = "INSERT INTO tbl_users (first_name, last_name, gender)
VALUES('" . $inputName. "','" . $inputLastname. "','" . $inputGender. "');"
Instead Of
$sql = "INSERT INTO tbl_users (first_name, last_name, gender)
VALUES ('$inputName,' '$inputLastname', '$inputGender');";