Please help....i want to save a user to my database..using wampserver...

<form method="POST" action="">
        <td>User Id</td>
        <td><input type="text" name="userId"></td>
        <td><input type="text" name="lastname"></td>
        <td><input type="text" name="firstname"></td>
        <td>Middle Name</td>
        <td><input type="text" name="middleName"></td>
        <td><input type="text" name="suffix"></td>
        <td><input type="text" name="position"></td>
        <td><select name="priv">
        <td><input type="username" name="username" ></td>
        <td><input type="password" name="password" ></td>
                <td><input type="submit" name="save" value="Save"></td>

 include '../config/connect.php';
if (isset($_POST['save']))
                    $userId=  strtoupper($_POST['userId']);
                    $lastname=  strtoupper($_POST['lastname']);
                    $middleName=  strtoupper($_POST['middleName']);
                    $suffix=  strtoupper($_POST['suffix']);
                    $position=  strtoupper($_POST['position']);

                     $query = "INSERT INTO users
                    VALUES (Null,'$userId',
            $result = mysqli_query($query);
            if ($result)
                echo "<center>Successfully Saved!</center>";
                echo "<center>User Account Saving Failed!</center>";

Edited by lloydsbackyard

2 Years
Discussion Span
Last Post by diafol

You haven't mentioned what is happening or included your code class so we don't have much to go on. I would suggest adding code to output PHP errors on the page and see what errors/warnings you get.


Normally you give a form an action - a script to run. The script gets the variables from the form, then does something with them.
<form method="POST" action="">
Yours doesn't. Action is empty.


As the action property is empty, I'm assuming that you are sending to the form page itself. This is not the usual way of performing a form send. Usually form data is sent to a specific form handler script, usually in a different file. Otherwise, you get issues on page refresh / reload.

In addition, you are open to SQL Injection as you have not sanitized your user input nor used a prepared statement. See DW Tutorial: Common Issues with MySQL and PHP for options. Server-side data validation is also important, e.g. checking size and type of input.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.