Please Tell us what’s happening in your own words.
Learning to describe problems is hard, but it is an important part of learning how to code.
Also, the more you say, the more we can help!
1 Like
I created a data entry form with html
<!DOCTYPE html>
<html>
<head>
<title>Contact Us Data Entry</title>
</head>
<body>
<h2>Contact Us Data Entry</h2>
<form method="post" action="contactsave.php">
<label for="name">Name:</label>
<input type="text" id="name" name="name" required><br><br>
<label for="email">Email:</label>
<input type="email" id="email" name="email" required><br><br>
<label for="message">Message:</label><br>
<textarea id="message" name="message" rows="4" cols="50" required></textarea><br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
**and a data save form with php**
<?php
// Define MySQL database connection credentials
$servername = "localhost";
$username = "root";
$password = ""; // Assuming empty password
$database = "otrs";
// Create connection
$conn = new mysqli("localhost","root","","otrs");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Get the form data
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
// Prepare SQL statement to insert data into the database
$sql = "INSERT INTO contactustable VALUES ($name,$email,$message)";
// Prepare and bind parameters to avoid SQL injection
$stmt = $conn->prepare($sql);
$stmt->bind_param("sss", $name, $email, $message);
// Execute the statement
if ($stmt->execute() === TRUE) {
// Data inserted successfully
echo "Data saved successfully!";
} else {
// Error occurred
echo "Error: " . $sql . "<br>" . $conn->error;
}
// Close statement and connection
$stmt->close();
$conn->close();
}
?>
but the save form does not save the data to the table in SQL .
Hello!
You have to put the variables into $conn, not the values.
Use placeholders under VALUES( ?, ?, ?)
By using the user input directly, you are inviting the SQL injections that you are trying to avoid with the statements.
Change this and run tests. Come back to us anytime if your data still doesn’t get saved.
1 Like
// Connection parameters
$servername = "localhost";
$username = "root";
$password = "";
$database = "otrs";
// Create connection
$conn = new mysqli("localhost","root","","otrs");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Retrieve data from form
$bookingno = $_POST['bookingno'];
$status = $_POST['status'];
$updationdate_time = date("Y-m-d H:i:s"); // Get current date and time
// Prepare SQL statement to insert data into updation table
$sql = "INSERT INTO updation (bookingno, status, updationdate_time) VALUES ('$bookingno', '$status', '$updationdate_time')";
// Execute SQL statement
if ($conn->query($sql) === TRUE) {
echo "Data saved successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
// Close connection
$conn->close();
?>
the data is not getting saved