1

I really don't know what I'm doing wrong here. For some reason the data won't insert into the database. I think the problem is where I'm saving the data into local variables and escaping them for security. So, If I remove that set of local variables, then obviously I get an empty row in the database, and If I leave them there, then it won't do nothing at all, but I need to have that set of local variables to secure the data. I'm also validating data using PHP regex which I know that's not the problem.

If anybody can find the problem, please let me know.

PHP
I know it doesn't look good, but that's the best I can do.

if(isset($_POST['submit'])){
    $errors = array();


   // Check name is valid
  if(empty($_POST['full_name'])):
      $errors['full_name'] = "";//"Please enter your name."
      echo "<script type='text/javascript'>$(document).ready(function(){ $('#full_name').addClass('input-error')});</script>";
   elseif(!preg_match('/\b([A-Z]{1}[a-z]{1,30}[- ]{0,1}|[A-Z]{1}[- \']{1}[A-Z]{0,1}[a-z]{1,30}[- ]{0,1}|[a-z]{1,2}[ -\']{1}[A-Z]{1}[a-z]{1,30}){2,5}/', $_POST['full_name'])):
    $errors['full_name'] = "";//"Please enter a valid name."
    echo "<script type='text/javascript'>$(document).ready(function(){ $('#full_name').addClass('input-error')});</script>";
  else: endif;

   // Check email is valid 
    if(empty($_POST['email'])):
      $errors['email'] = "";  //"Please enter your email.
      echo "<script type='text/javascript'>$(document).ready(function(){ $('#email').addClass('input-error')});</script>";         
    elseif (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)): // validate the email *** REQUIRES PHP 5.2 ***
        $errors['email'] = "";//'Please enter a valid email.
    echo "<script type='text/javascript'>$(document).ready(function(){ $('#email').addClass('input-error')});</script>";            
    else: endif; 

if(!empty($_POST['phone'])){
  //Check phone is valid  Matches - 14165551212, 4165551212, (416)5551212, 416 555 1212, 416-555-1212, (416)-555-1212, (416) 555 1212, 1-900-888-1212
  if(!preg_match('/^(1?)(-| ?)(\()?([0-9]{3})(\)|-| |\)-|\) )?([0-9]{3})(-| )?([0-9]{4}|[0-9]{4})$/', $_POST['phone'])):
     $errors['phone'] = "";//"Please enter a valid phone number.    
    echo "<script type='text/javascript'>$(document).ready(function(){ $('#phone').addClass('input-error')});</script>";              
   else: endif;
}

   // Check subject is valid
  if(empty($_POST['subject'])):
      $errors['subject'] = "";//"Please enter your subject.
      echo "<script type='text/javascript'>$(document).ready(function(){ $('#subject').addClass('input-error')});</script>";          
   elseif(!preg_match("/^(([a-zA-Z])+\s)?[a-zA-Z]+$/", $_POST['subject'])):
    $errors['subject'] = "";//"Please enter a subject.
    echo "<script type='text/javascript'>$(document).ready(function(){ $('#subject').addClass('input-error')});</script>";      
  else: endif;

  // Check URL is valid  Matches - http://regexlib.com | http://www.google.com | ftp://teach.me.regex/checkpattern/o | http://www.google.com/search?hl=en&source=hp&q=asp.net | https://secure.mailserver.com | http://localhost/mypage.html | http://localhost:89783/mypage.aspx | http://go.com | http://forum.whoisyourdaddy.org/index.html?RegID=7449046&Daddy=dontknow&son=me
if(!empty($_POST['url'])){    
   if(!preg_match("/^(ht|f)tp(s?)\:\/\/(([a-zA-Z0-9\-\._]+(\.[a-zA-Z0-9\-\._]+)+)|localhost)(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&amp;%\$#_]*)?([\d\w\.\/\%\+\-\=\&amp;\?\:\\\&quot;\'\,\|\~\;]*)$/", $_POST['url'])):
    $errors['url'] = "";    //"Please enter a valid URL address.
    echo "<script type='text/javascript'>$(document).ready(function(){ $('#url').addClass('input-error')});</script>";      
  else: endif; 
}

   // Check message is valid
  if(empty($_POST['message'])):
      $errors['message'] = "";//"Please enter your message.
      echo "<script type='text/javascript'>$(document).ready(function(){ $('#message').addClass('input-error')});</script>";          
   elseif(!preg_match("/^(([a-zA-Z])+\s)?[a-zA-Z]+$/", $_POST['message'])):
    //$errors['message'] = "Please enter a minimum or more than 50 characters.";
    //echo "<script type='text/javascript'>$(document).ready(function(){ $('#message').addClass('input-error')});"; 
  else: endif;  





    if ( (strlen( $message ) >= 50) && (strlen( $message ) <= 1500)) {
    } else {
    //$errors['message'] = "Please enter from 50 to 1500 characters.";
    echo "<script type='text/javascript'>$(document).ready(function(){ $('#message').addClass('input-error')});</script>";      
    }


  // If no validation errors
   if(0!==count($errors)) {

     echo "<script type='text/javascript'>$(document).ready(function(){ $('.error-container').show()});</script></strong>"; 
  }
  elseif(0===count($errors)){   


            include_once('admin/includes/database.php');
            $conn = db_connect();
            // Save data into local variables and escape them for security  
            $name = mysqli_real_escape_string($conn,$_POST['full_name']);                           
            $email = mysqli_real_escape_string($conn,$_POST['email']);                          
            $phone = mysqli_real_escape_string($conn,$_POST['phone']);                          
            $subject = mysqli_real_escape_string($conn,$_POST['subject']);                          
            $url = mysqli_real_escape_string($conn,$_POST['url']);                          
            $message = mysqli_real_escape_string($conn,$_POST['message']);  

         // An insertion query. $result will be `true` if successful
          $insertSQL = "insert into users (fullname,email,phone,subject,url,message) VALUES ('$name','$email','$phone','$subject','$url','$message')";  


          $run_insertion = mysqli_query($conn, $insertSQL);

          if ($run_insertion === false) {
                $error = db_error();
          } else {

             echo "<script>alert('Your submisision was successfully sent!')</script>";

          }                
  }

}

HTML

                    <form action="contact.php" method="post" id="form1" name="form1">
                <div class="error-container">
                    <div class="error-content">
                        <div class="error-header">
                            <div class="error-icon"></div>
                            <div class="error-title">Oops, it looks like something wasn't right.</div>                               
                        </div> <!-- END OF error-header -->
                        <div class="error-message-content">Mistakes are marked below. <br>Correct the errors and resubmit the form.</div> <!-- END OF error-message-content -->
                    </div> <!-- END OF error-content -->
                </div> <!-- END OF error-container -->                    
                   <div class="form-element"><label for="name"><b>Name <div>*</div></b></label><br>
                       <div class="input-wrapper <?php echo form_row_class("full_name") ?>"><input type="text" class="input" name="full_name" placeholder="Full name" id="full_name" value="<?php echo h($_POST['full_name']); ?>" /><font color="red"><?php  echo error_for('full_name') ?></font></div>
                    </div>
                   <div class="form-element">
                      <label for="email"><b>Email <div>*</div></b></label><br>
                      <div class="input-wrapper <?php echo form_row_class("email") ?>"><input type="text" id="email" class="input" name="email" placeholder="[email protected]" value="<?php echo h($_POST['email']); ?>" /><font color="red"><?php  echo error_for('email') ?></font></div>
                   </div>
                   <div class="form-element">
                      <label for="phone">Phone</label><br>
                      <div class="input-wrapper <?php echo form_row_class("phone") ?>"><input type="text" id="phone" class="input" name="phone" placeholder="1 800 000 0000"  value="<?php echo h($_POST['phone']); ?>"/><font color="red"><?php  echo error_for('phone') ?></font></div>
                   </div>
                   <div class="form-element">
                      <label for="subject"><b>Subject <div>*</div></b></label><br>
                      <div class="input-wrapper <?php echo form_row_class("subject") ?>"><input type="text" id="subject" class="input" name="subject" placeholder="Subject" value="<?php echo h($_POST['subject']); ?>" /><font color="red"><?php  echo error_for('subject') ?></font></div>
                   </div>
                   <div class="form-element">
                      <label for="company">URL</label><br>
                      <div class="input-wrapper <?php echo form_row_class("url") ?>"><input type="text" id="url" class="input" name="url" placeholder="URL" value="<?php echo h($_POST['url']); ?>" /><font color="red"><?php  echo error_for('url') ?></font></div>
                   </div>
                   <div class="form-textarea">
                      <label for="message"><b>Your Message <div>*</div></b></label><br>
                      <div class="textarea-wrapper <?php echo form_row_class("message") ?>"><textarea class="textarea" id="message" name="message" placeholder="Your message" ><?php echo h($_POST['message']); ?></textarea><font color="red"><?php  echo error_for('message') ?></font></div>
                   </div>
                   <div class="submit-element">
                       <input type="submit" class="submit" name="submit" value="Submit" />
                   </div>

                </form>
Improve this question
2
  • Have you tried outputting the contents of your $errors variable i.e print_r($errors) - after validating your input? Commented Mar 7, 2015 at 19:27
  • I tried this... echo $insertSQL = "insert into users (fullname,email,phone,subject,url,message) VALUES ('$name','$email','$phone','$subject','$url','$message')"; and I get results with no problem. Commented Mar 7, 2015 at 19:45

1 Answer 1

Reset to default
1

As Nikos said, you should be connecting with $link = mysqli_connect.

To check your errors, 

if ($run_insertion) {
  echo "<script>alert('Your submisision was successfully sent!') /script>";

}else{
       echo ("Could not insert data : " . mysqli_error($link) . " " . mysqli_errno($link));
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I checked the errors and the reason was, that the data from the message field was too long accordingly to what the length was specified in the database. Does that makes sense? Thanks anyway!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.