gcc: Submit post echo but does not write information in database

samedi 28 mars 2015

Submit post echo but does not write information in database

I'm having problem with updating information in database. The echo pops out as successful but the database row stays blank - why? PHP code:


<?php

    if (isset($_POST['gender'])) {
        // Sanitize and validate the data passed in
        $gender = filter_input(INPUT_POST, 'gender', FILTER_SANITIZE_STRING);
        if ($stmt) {
            $stmt->bind_param('s', $gender);
            $stmt->execute();
            $stmt->store_result();

            if ($insert_stmt = $mysqli->prepare("INSERT INTO  members gender VALUE ?")) {
                $insert_stmt->bind_param('s', $gender);
            }
        }
        echo "<div class='notemarg'> Your gender has been submitted</div>";
    } 
?>

and input form:


<form action="" method="POST">
  <input type="radio" name="gender" value="male"> Male <br>
  <input type="radio" name="gender" value="female"> Female <br>
  <input type="submit" name="gender" value="Set gender" class="button">
</form>

I want to use mysqli->prepare to prevent SQL injection.

I fixed it with alternative way, where there is pre-defined input by button.


<?php

    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
     if (isset($_POST['Female'])) {

     $gender = $_POST['Female'];
     $sql = "UPDATE members SET gender = '$gender' WHERE username = '".$_SESSION['username']."'"; 


    if ($conn->query($sql) === TRUE) {
        echo "<div class='notemarg'> Your gender has been submitted</div>";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
    $conn->close();
}
    ?>

And simple form:


<form action="" method="POST">
 <input type="submit" name="Female" value="Female" class="button">
</form>

Thanks to all who wanted to help me, especially to anant kumar singh. I could not get that alter idea without his suggestions. Thanks!

gcc

samedi 28 mars 2015

Submit post echo but does not write information in database

Aucun commentaire:

Enregistrer un commentaire