-2

I must be overlooking something incredibly obvious, but I've went through all my PHP code and compared it to the other forms that are working. I can't find any differences. Basically when I submit this form, it's not adding anything to the comments table in my database. There must be something incredibly obvious that I'm overlooking. Can you please help me figure out what I'm missing? Here's my php form first:

<?php
session_start();
require_once('functions/functions.php');

echo do_html(array('title'=>'Comments', 'css_file'=>'assets/css/style.css'));
echo do_header();
?>

<div id="usernameDiv"><?php echo do_greetings(); ?></div> 
<div>
    <p class="lead">We are always looking for new feedback, whether you have registered or not! Please leave your name and email address. Thank you!</p>
</div>

<form action="actions/comments.php" method="post">

    First Name:<br>
    <input type="text" name="fname">
    <br>
    Last Name:<br>
    <input type="text" name="lname">
    <br>
    Email Address:<br>
    <input type="text" name="eaddress"> <br><br> 

    <textarea name="ucomment" cols="50" rows="7" placeholder="Enter comments here..."></textarea>

    <br><br>
    <input type="submit" name="submitButton" value="Submit" >

</form>

<?php echo do_footer(); ?>

Then, here is the php file that processes it to the form.

<?php
require_once("constants.php"); 

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
mysqli_set_charset($link, 'utf8');
if (!$link) {
    die("Database connection failed: " . mysqli_error($link));
}
if (isset($_POST['fname'])) {

    $post_vars = array('fname', 'lname', 'eaddress', 'ucomment');
    foreach($post_vars as $key) {
        $$key = mysqli_real_escape_string($link, $_POST[$key]);

    }

    $sql = "INSERT INTO comments (fname, lname, eaddress, ucomment) VALUES ('$fname', '$lname', '$eaddress', '$ucomment');";
    $result = mysqli_query($link, $sql);
}
mysqli_close($link);
?>

Also, here is my constants file, but I doubt its here since my other forms are posting fine:

<?php
//This is constants.php file
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
define('DB_NAME', 'conference');
?>
Vortex11
  • 171
  • 1
  • 3
  • 11
  • any error? while you are using mysqli then use prepared query! – Akam Oct 31 '15 at 17:45
  • Does it enter the `if`? What does the generated query look like? – chris85 Oct 31 '15 at 17:48
  • print the query "$sql" variable before calling mysqli_query – asim-ishaq Oct 31 '15 at 17:49
  • 2
    `$result = mysqli_query($link, $sql) or die(mysqli_error($link));` – Funk Forty Niner Oct 31 '15 at 17:53
  • you can also try and get rid of the semi-colon in `'$ucomment');` <= That could be a contributing factor and may be halting the array, while putting your query inside the `foreach` – Funk Forty Niner Oct 31 '15 at 17:56
  • Are the variables your are inserting declared? Try echo them out first. – Script47 Oct 31 '15 at 17:56
  • while looking at your other question http://stackoverflow.com/q/33337303/ the column names are different. So, your question is a bit unclear and whether or not you're using the same table, or database for that matter. Go over the comments left above again. Make sure their lengths are long enough, because that could fail silently. – Funk Forty Niner Oct 31 '15 at 18:00
  • Whoever posted the answer below and then deleted it ended up working. – Vortex11 Oct 31 '15 at 18:06

1 Answers1

2

Add more error handling....

<?php
if ( !isset($_POST['fname']) ) {
    echo '...';
}
else {
    require_once "constants.php";

    $link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
    if ($link->connect_errno) {
        trigger_error( sprintf('mysqli connect error (%d) %s', $link->connect_errno, $link->connect_error), E_USER_ERROR);
        die;
    }
    else if ( !mysqli_set_charset($link, 'utf8') ) {
        trigger_error('Error loading character set utf8: '. $link->error, E_USER_ERROR);
    }
    else {
        $post_vars = array('fname', 'lname', 'eaddress', 'ucomment');
        foreach($post_vars as $key) {
            if ( !isset($_POST[$key]) ) {
                trigger_error('missing POST parameter '.$key, E_USER_ERROR);
                // ....and some bailout code here
            }
            $$key = mysqli_real_escape_string($link, $_POST[$key]);
        }
        $sql = "INSERT INTO comments (fname, lname, eaddress, ucomment) VALUES ('$fname', '$lname', '$eaddress', '$ucomment')";
        $result = mysqli_query($link, $sql);
        if ( !$result ) {
            trigger_error('query failed. '. $link->error, E_USER_ERROR);
        }
        else {
            echo $link->affected_rows, ' record(s) inserted';
        }
    }
    mysqli_close($link);
}
VolkerK
  • 95,432
  • 20
  • 163
  • 226
  • Look at the OP's comment up there. They said the deleted answer http://stackoverflow.com/a/33454696/ solved it. How/why, I have no idea. – Funk Forty Niner Oct 31 '15 at 18:11
  • I admittingly don't care about that ( just decided that a few hours ago ;-) ) It's all about flooding SO with php/pdo/mysql answers that do not _completely_ suck regarding error handling and sql injections. :-D (otherwise it would be another puzzeling "how the heck did _that_ solve _anything_" moment) – VolkerK Oct 31 '15 at 18:14