Form not working... where is my code in error?

General Database (Oracle, SQL Server, etc)
#1

Ok so i have this form and it’s just returning a random 500 error… HELP!
this is the submission form

Form Test label,a { font-family : Arial, Helvetica, sans-serif; font-size : 12px; }

Business Name:

Name:

Phone Number:

Email Address:

Website:

Which Service(s) are you interested in?:
Review Audit/Management Logo Creation/Editing Website Creation/Editing

Additional Comments: 

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

        $bname=$_POST['fname'];
        $name=$_POST['rname'];
        $email=$_POST['email'];
        $pnum=$_POST['pnum'];
        $website=$_POST['website'];
        $service = implode(',', $_POST['service']);
	$comment=$_POST['comment'];





	$sql = "INSERT INTO brp_requests (bname, rname, email, pnum, website, service, comment)
		VALUES ($bname, $name, $email, $pnum, $website, $service, $comment)";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
	} 
else {
    echo "Error: " . $sql . "<br>" . $conn->error;
	}

$conn->close();
?>




//done. redirect to thank-you page.
header('Location: thank-you.html');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
   
?>
#2

how do i share code without it getting processed on here?

#3

Blockquote

indent preformatted text by 4 spaces

Options on the tool bar.

As far as your code, you close php for no reason right after the connection close. If you had error reporting turned on you would get all kinds of errors.

Additionally, you need to use Prepared Statements. Do not create variables for nothing. You have a function floating around that is not used.

Do not output internal system errors to the user. That info is only good to hackers.

This line is redundant:
if ($conn->query($sql) === TRUE)

if already checks for true/false. The === TRUE needs to go.

There is no need to manually close the DB connection. Php will do it automatically.

You really should be using PDO. Here is a tutorial to get you going. https://phpdelusions.net/pdo

#4

Ok so I fixed the close php, have no clue what you mean about prepared statements, removed the true and the db close, and no clue about pdo… and i’m still getting the same error…

#5

Here is where basic debugging comes in.

  1. Turn on error reporting
  2. Look in the error log file and see what it says.
#6

Also, does the file named “thank-you.html” spelled exactly that way exist on the same place as your code is?
AND, the last section of your code is OUTSIDE of PHP… Right after $conn->close(); you close PHP…
The rest is not in your code but is HTML and would throw an error because you have no HTML set up…

#7

so i decided to take it down to basic levels to see if it could be the host that is causing me issues… i used this code to run a test`<?php

Fill our vars and run on cli

$ php -f db-connect-test.php

$dbname = ‘name’;
$dbuser = ‘user’;
$dbpass = ‘pass’;
$dbhost = ‘host’;
$connect = mysql_connect($dbhost, $dbuser, $dbpass) or die(“Unable to Connect to ‘$dbhost’”);
mysql_select_db($dbname) or die(“Could not open the db ‘$dbname’”);
$test_query = “SHOW TABLES FROM $dbname”;
$result = mysql_query($test_query);
$tblCnt = 0;
while($tbl = mysql_fetch_array($result)) {
$tblCnt++;
#echo $tbl[0]."
\n";
}
if (!$tblCnt) {
echo “There are no tables
\n”;
} else {
echo “There are $tblCnt tables
\n”;
}`

and it ran fine… but then I added an insert which i did like this
<?php

Fill our vars and run on cli

$ php -f db-connect-test.php

$dbname = ‘name’;
$dbuser = ‘user’;
$dbpass = ‘pass’;
$dbhost = ‘host’;

$connect = mysql_connect($dbhost, $dbuser, $dbpass) or die(“Unable to Connect to ‘$dbhost’”);
mysql_select_db($dbname) or die(“Could not open the db ‘$dbname’”);

insert into resorts(Name, Color)
values(‘Clifford Richmond’,‘Blue’);

SELECT
*
FROM
resorts;

and it couldn’t handle it…

error
error1280×800 87.4 KB

what am i missing…

#8

Your code uses mysqli but you want to run a test with Obsolete and dangerous MySQL code that has been removed from PHP?

#9

Well, we do not support using MySQL here as Benanamen stated. Please update your code at least to MySLQi code.

Next, there is no command such as INSERT. That is for a QUERY. Therefore, you need to execute the query in the correct format.

Read up on this using the “improved” version of MySQLi here: W3-Schools insert data
That site has a ton of beginner examples for you to look at. Then, fix up your code and come back with your next question(s)… Good luck!

Sponsor our Newsletter | Privacy Policy | Terms of Service