0

Hello to all,

I am working on a project of job posting. There is a table in database. I have a html form and postcode.php (there will be code) ,
I am facing a problem with this code.

My html form code:-

 <form name="posting"  action="postcode.php"> <table class="table"> <h4>Job Details: <span>specify details of the position/job you are going to post.</span> <tbody></h4> <tr> <td>Job title / Designation : </td> <td><input type="text" name="title" placeholder="E.g. Php Developer, Web Designer"></td> </tr> <tr> <td>No. of Vacancies : </td> <td><input type="number" name="vacancy" ></td> </tr> <tr> <td>Keywords : </td> <td><input type="text" name="keywords" placeholder="E.g. Php Developer, Web Designer"></td> </tr> <tr> <td>Location of the job : </td> <td><input type="text" name="location" placeholder="E.g. Delhi, Noida, Gurgaon, Kolkata, Pune"></td> </tr> <tr> <td>Industry type : </td> <td><select name="industry"><option>Select Industry Type</option><option>Accounting/Finance</option><option>Agents</option><option>Analytics & Business Intelligence</option><option>Architecture/Interior Design</option><option>Banking/Finance</option><option>BPO</option><option>IT Services</option></select></td> </tr> <tr> <td>Functional Area : </td> <td><input type="text" name="area"></td> </tr> <tr> <td colspan="2"><input type="submit" name="submit" value="save"/></td> </tr> </tbody> </table> </form>

** Postcode.php:-**

<?php

include ("../connection.php");

 if(isset($_POST['submit']))
 {
$title = $_POST['title'];
$vacancy = $_POST['vacancy'];
$keywords = $_POST['Keywords'];
$location = $_POST['location'];
$industry = $_POST['industry'];
$area = $_POST['area'];

$sql = "INSERT INTO 'jobposting'('job_title', 'vacancies', 'keywords', 'location', 'indutry_type', 'Functional_Area') values('$title', '$vacancy', '$keywords', '$location', '$industry', '$area')";

if($conn->query($sql) === true)
{
    echo "Job Posted.";
}
else
{
    echo "Error posting job:".$conn->error;
}
}

?>

**Sql table columns:-**

SELECT `job_title`, `vacancies`, `keywords`, `location`, `industry_type`, `functional_area` FROM `job_detail` WHERE 1

There are not any error but my values are not inserting.
Please help me out and sorry for any grammatical mistake.

Edited by shivya_1

2
Contributors
7
Replies
34
Views
8 Months
Discussion Span
Last Post by Traevel
0

You're inserting user input directly into the database. In other words, any user who uses that form can do whatever they want inside your database. You should use mysqli or PDO instead of mysql.

You're also inserting into the jobposting table, but selecting from the job_detail table. Also, we can't see what's in include ("../connection.php");. But because it's using the unsafe mysql there's no real point in fixing this issue until you've switched to either mysqli or PDO. A lot of people here will help you with that if you run into problems converting to one of the two safer methods.

0
<?php

include ("../connection.php");

 if(isset($_POST['submit']))
 {

$title=mysqli_real_escape_string($_POST['title']);
$keywords=mysqli_real_escape_string($_POST['keywords']);
$location=mysqli_real_escape_string($_POST['location']);
     $industry=mysqli_real_escape_string($_POST['industry']);
     $area=mysqli_real_escape_string($_POST['area']);

$sqli = "INSERT INTO 'job_detail'('job_title', 'vacancies', 'keywords', 'location', 'indutry_type', 'Functional_Area') values('$title', '$vacancy', '$keywords', '$location', '$industry', '$area')";

if($conn->query($sqli) == true)
{
    echo "Job Posted.";
}
else
{
    echo "Error posting job:".$conn->error;
}
}

?>

"connection.php"

<?php 
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "shivya";

$conn = new mysqli($servername, $username, $password, $dbname);

if($conn -> connect_error)
{
echo "error occured: ".$conn -> connect_error;
}
else
{
    echo "connection established.";
}

?>

Edited by shivya_1

0

In your insert statement I'm seeing indutry_type, which I think should be industry_type and Functional_Area which should probably be functional_area.

It's even better if instead of mysqli_real_escape_string you used prepared statements.

Like:

// prepare the query statement
$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values(?, ?, ?, ?, ?, ?)");

// 6 string params, so 6 times 's' and 'strval'
$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));

// execute the query statement
$stmt->execute();

// close statement
$stmt->close();
0
<?php

include ("../connection.php");

 if(isset($_POST['submit']))
 {

$vacancy=$_POST['vacancy'];
$title=$_POST['title'];
$keywords=$_POST['keywords'];
$location=$_POST['location'];
     $industry=$_POST['industry'];
     $area=$_POST['area'];

$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values('$title','$vacancy','$keywords','$location','$industry','$area')");

$stmt->execute();

if($conn->query($sqli) == true)
{
    echo "Job Posted.";
}
else
{
    echo "Error posting job:".$conn->error;
}
 $stmt->close();    
}

?>
0

Now you went back a step again, directly inserting the $_POST variables into the query. Replace the variables in the query with ? and bind them like:

$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));

Is it still not working without giving you errors?

0
 <?php
    include ("../connection.php");
     if(isset($_POST['submit']))
     {
    $vacancy=$_POST['vacancy'];
    $title=$_POST['title'];
    $keywords=$_POST['keywords'];
    $location=$_POST['location'];
         $industry=$_POST['industry'];
         $area=$_POST['area'];

             $stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));
    $stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values('$title','$vacancy','$keywords','$location','$industry','$area')");
    $stmt->execute();
    if($conn->query($sqli) == true)
    {
        echo "Job Posted.";
    }
    else
    {
        echo "Error posting job:".$conn->error;
    }
     $stmt->close();    
    }
    ?>

My problem is still same.

2

This

$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));
$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values('$title','$vacancy','$keywords','$location','$industry','$area')");

Needs to be

$stmt = $conn->prepare("INSERT INTO 'job_detail' ('job_title', 'vacancies', 'keywords', 'location', 'industry_type', 'functional_area') values(?,?,?,?,?,?)");
$stmt->bind_param('ssssss', strval($title), strval($vacancy), strval($keywords), strval($location), strval($industry), strval($area));

Also, you should be getting a general PHP error because in if($conn->query($sqli) == true) you're sending an object that doesn't exist anymore: $sqli;

Did you add a line like display_errors = on to your php.ini? Otherwise you won't see errors of any kind.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.