Friday, 10 February 2017

Send Form Data PHP (Mysql) Using Http Post

Often on this blog, I tend to write a little post about politics in my spare time; but my day job is Computer Technician and/or Web Developer. I recently had to write a program to send form data into a SQL database using the HTTP post function. The information to write this program was all out there, but it was all scattered around in bits and pieces and not always very clear. So in the interests of the open source/share information mind set, I'm going to post the information and program I made below with comments:

Before you start.

You will need a server (your own computer can be the server running XAMMP) running XAMMP (enable/start Apache and Mysql in XAMMP once installed) if you're going to develop this locally on your computer; or if you want to develop it live on the web, you will need a web host which has PHP and MySql installed and activated. Once you have Mysql running, you will need to create a database called form and within that database a table called form; the form table needs to have rows created ready to collect firstName, lastName and email data. To run this program you need to type
http://localhost/form.php (that address assumes you have the files saved in xammp htdocs folder) into the web browser with apache and mysql running if you are using the program locally, if you are running it on a web server you will need to type in the address for your files on the server.

Part 1 The Html Code form.php

The code below is simple Html to create a form with 3 fields, firstName, lastName and email. When you have filled in the data and click 'submit' you trigger the <form action="send.php"> function. This triggers the send.php program which I will talk about below. It's important to understand the method="post" piece of code too, all that means is that the form data is being sent to the send.php program via the HTTP POST method, in other words the web browser is handling moving the form data you have typed in, over to the send.php program. If you wanted to, you could style the form so it's more attractive using CSS. Save the html as form.php.


<html>
<body>

<form action="send.php" method="post">
First name: <input type="text" name="firstName"><br><br>
Last name: <input type="text" name="lastName"><br><br>
E-mail: <input type="text" name="email"><br><br>
<input type="submit">
</form>

</body>
</html>



Part 2 send.php Code.

<?php
//Put login info into variables for security reasons
$host = "localhost";
$username = "root";
$password = "";
$dbname = "form";

// Create connection
$conn = new mysqli($host, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// escape variables for security
$firstName = mysqli_real_escape_string($conn, $_POST['firstName']);
$lastName = mysqli_real_escape_string($conn, $_POST['lastName']);
$email = mysqli_real_escape_string($conn, $_POST['email']);

// Insert data in SQL Table
$sql = "INSERT INTO form (firstName, lastName, email)
VALUES ('$firstName', '$lastName', '$email')";


// Report if data transfer successful or error
if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}


// Close connection to database
$conn->close();


?>

send.php above collects the form data from http post, escapes any escape characters for security  such as ' or / or null and then inserts the data into your sql table. The login info in send.php is configured to work with a local installation of XAMMP on the default settings. So you may need to put in different settings for your own XAMMP install or web server. send.php is commented so I won't explain any further, except to say if you want to test if your mysqli_real_escape function is working or not, try removing the mysqli_real_escape code from send.php and then run the program and try submitting escape characters such as ' - the program should fail and give an error message.

Now put the mysqli_real_escape code back into send.php, fill in the form data again with escape characters, eg put Jame's in first name and then click submit. The program will report back "New record created successfully" if your program is correctly escaping data. You should now have a working function to collect and save form data to a mysql database...

James Bickle