php - add data from html forms to database. undefined sql error and empty query error

View Original

I am trying to add data from html form to database. However , I think everthing is OK but there are 2 errors: undefined sql and empty query. I research something and I learned sql injection but I dont understand what is the difference in INSERT INTO query. How can I solve this problem?(I have also one more column in database its name is id and it is auto inceremented. So I havent add it)

<?php 
include('dbConnection.php'); 
  ?>
<!DOCTYPE html>
<html>
<head>
    <link rel="stylesheet" href="addMember.css">
    <script src="addMember.js"></script>
    <title>Nature Apartment-Add Member</title>
</head>
<body>
    <h1>Nature Apartment</h1>
<?php
if($_SERVER["REQUEST_METHOD"]=="POST"){
if(isset($_POST['submit'])){
$apartmentID= $_REQUEST['apartmentID'];
 $uname= $_REQUEST['uname'];
 $pwd= $_REQUEST['pwd'];
 $phoneNumber= $_REQUEST['phoneNumber'];
 $secondPhoneNumber= $_REQUEST['secondPhoneNumber'];
 $whoseNumber= $_REQUEST['whoseNumber'];
$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES '$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";
    }
}
if (mysqli_query($conn, $sql)) {
  echo "New record created successfully";
} else {
  echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
?>
    <ul>
        <li><a href="AdminHomePage.html">HomePage</a></li>
        <li><a href="AdminMembers.html">Members</a></li>
        <li><a href="AdminPayments.html">Payments</a></li>
        <li><a href="AdminGeneralExpenses.html">General Expenses</a> </li>
        <li><a href="Chat.html">Chat</a></li>
        <li><a href="AdminSettings.html">Settings</a></li>
        </ul>
        <br><br>
        <h2>Add New Member</h2>
        <br><br>
        <form id="form" method="POST" >
            <label for="apartmentID">Apartment ID</label><br>
            <input type="text" id="id" name="id"><br><br>
            <label for="username">Username</label><br>
            <input type="text" id="uname" name="uname"><br><br>
            <label for="Password">Password</label><br>
            <input type="password" id="pwd" name="pwd"><br><br>
            <label for="phoneNumber">Phone number</label><br>
            <input type="text" id="phoneNumber" name="phoneNumber"><br><br>
            <label for="secondPhoneNumber">Second phone number</label><br>
            <input type="text" id="secondPhoneNumber" name="secondPhoneNumber"><br><br>
            <label for="whoseNumber">Whose phone number? </label><br>
            <input type="text" id="whoseNumber" name="whoseNumber"><br><br>
            <input  type="submit" value="Add" name="submit" >
          </form>
       



</body>
</html>

Answer

Solution:

I think you forgot a bracket??

$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES '$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";

Should be

$sql = "INSERT INTO members (apartmentID, username, password, phoneNumber, secondPhoneNumber, whoseNumber)
VALUES **(**'$apartmentID', '$uname', '$pwd', '$phoneNumber', '$secondPhoneNumber', '$whoseNumber')";

Source
© 2021
E-mail: contact@webdevask.com
Back to top