I am trying to use on form to insert data into 3 different tables

<?php
if (isset($_POST["submit"])){

$servername = "localhost";
$username = "root";
$password = "";
$db = "test_db";

$conn = new mysqli($servername, $username, $password, $db);

if ($conn->connect_error){
            die("Connection failed: ". $conn->connect_error);
}

$Vehicle_type = $_POST["Vehicle_type"];
$Vehicle_colour = $_POST["Vehicle_colour"];
$Vehicle_licence = $_POST["Vehicle_licence"];
$People_name = $_POST["People_name"];
$People_licence = $_POST["People_licence"];
$Incident_Date = $_POST["Incident_Date"];
$Incident_Report = $_POST["Incident_Report"];

$sql = "INSERT INTO Vehicle(Vehicle_type,Vehicle_colour,Vehicle_licence)VALUES
('$Vehicle_type','$Vehicle_colour','$Vehicle_licence')";

$query= mysqli_query($conn, $sql);

if($query){

  $sql2 = "INSERT INTO People (People_name,People_licence)VALUES
  ('$People_name','$People_licence')";
  $result= mysqli_query($conn, $sql2);
  $sql3 = "INSERT INTO Incident (Incident_Report,Incident_Date)VALUES
  ('$Incident_Report','$Incident_Date')";
  $result= mysqli_query($conn, $sql3);
  echo "Your form was succesfully submitted✅";
} else {

  echo "There was an error in submitting your form";
}


}

$conn->close() ;

?>

and this is my html

<form action="incident.php" method="post">
Report a new Incident⚠️
<br>
<br>
Incident report:<input type="text" name="Incident_Report"><br>
Incident Date:<input type="text" name="Incident_Date"><br>
Vehicle Model:<input type="text" name="Vehicle_type"><br>
Vehicle Colour:<input type="text" name="Vehicle_colour"><br>
Vehicle Licence number:<input type="text" name="Vehicle_licence"><br>
Owner: <input type="text" name="People_name"><br>
Driver licence number: <input type="text" name="People_licence"><br>
<input type="submit" name="submit" value="submit">
</form>
<br>

Recommended Answers

What specifically is failing? Are you seeing any error message?

At first glance, you are not escaping variables passed into the MySQL query. Make sure to always do this. Aside from being a huge security concern, this could potentially be causing your queries to error.

Jump to Post

All 3 Replies

Tell the forum more about the issue. At first glance the code is OK. But since success depends on many factors you may have to debug a failed insert.

What specifically is failing? Are you seeing any error message?

At first glance, you are not escaping variables passed into the MySQL query. Make sure to always do this. Aside from being a huge security concern, this could potentially be causing your queries to error.

As Dani has mentioned security is a big issue here, using root to access a server is very insecure, the password should be changed on a regular basis.
Applications should have their own access and there should also be a separate file containing security access and passwords, otherwise anytime the password is changed then so will any application that uses it, you should consider changing your code to process your data in a more secure way.

I am sorry I haven't answered your specific problem but as an old school systems programmar, using Assembler, Pascal, Cobol and C with extended compilation times we made sure we didn't have to spend time on rewriting code to handle foreseeable problems.
In particular the application was given access to read the password file not the user and it made simple password changes much easier to routinely deal with, that didn't stop a few "smart" ones hard coding the application and wondering why it didn't work, even worse if someone else had to deal with the maintenance. Many heated arguments resulted. :)

commented: "I am root." Not always a good thing. +15
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.