PHP contact form binds but doesn't submit
Hi guys, this is my PHP for a contact form. It connects successfully when I ran multiple tests at different points to make sure it worked, but it doesn't seem to be posted to the database. Can anyone help me?
<?php
define('DB_NAME', 'x');
define('DB_USER', 'x');
define('DB_PASSWORD', 'x');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use' . DB_NAME . ': ' . mysql_error());
}
$value = $_POST['UserName'];
$value1 = $_POST['UserEmail'];
$value2 = $_POST['UserMessage'];
$sql = "INSERT INTO ContactUs (UserName, UserEmail, UserMessage) VALUES ('$value', '$value1', '$value2')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
mysql_close();
I also added that the actual code snippet for the contact form (its in a modal field):
<div class = "modal fade" id = "contact" role="dialog">
<div class = "modal-dialog">
<div class = "modal-content">
<div class = "modal-header">
<h4>Contact form</h4>
</div>
<div class = "modal-body">
<p>HELLO HELLO HELLO HELLO</p>
</div>
<div class="form-group">
<form action="ContactUs.php" method="post">
<div class="form-group">
<label for="UserEmail">Email address</label>
<input type="text" class="form-control" id="UserEmail" name="UserEmail" placeholder="What is your E-Mail">
</div>
<div class="form-group">
<label for="UserName">Name</label>
<input type="text" class="form-control" id="UserName" name="UserName" placeholder="What is your name?">
</div>
<div class="form-group">
<label for="UserMessage">Message</label>
<input type="text" class="form-control" id="UserMessage" name="UserMessage" placeholder="What would you like to say?">
</div>
<input type="Submit" value="Submit" class="btn btn-default">Submit</button>
</form>
</div>
<div class = "modal-footer">
<a class = "btn btn-default" data-dismiss = "modal">Close</a>
<a class = "btn btn-primary" data-dismiss = "modal">Close</a>
</div>
</div>
</div>
</div>
</div>
Defining how it is a contact form, I just want the information to be sent to my email address, if anyone could tell me if this is appropriate, which would be great [if not, how to set it up so that do it like this). I used the video tutorial [link below] but it only mentioned how to store in the database.
source to share
You had a typo in your review if (!link)
, but in addition, you should use the newer, more secure MySQLi
functionality. Try the following:
<?php
define('DB_NAME', 'x');
define('DB_USER', 'x');
define('DB_PASSWORD', 'x');
define('DB_HOST', 'localhost');
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_errno)
{
die("Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
}
$userName = $_POST['UserName'];
$userEmail = $_POST['UserEmail'];
$userMessage = $_POST['UserMessage'];
if (!($stmt = $mysqli->prepare("INSERT INTO ContactUs (UserName, UserEmail, UserMessage) VALUES (?, ?, ?)")))
{
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$stmt->bind_param("sss", $userName, $userEmail, $userMessage);
if (!$stmt->execute())
{
die("INSERT failed: (" . $stmt->errno . ") " . $stmt->error);
}
$mysqli->close();
In this case, Prepared Statements , which essentially replace the labels ?
in the prepared statement definition with the escaped values ββof the variables that you bind to the statement. This helps prevent SQL injection.
source to share