Home/ Questions/Q 9120461
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T05:37:58+00:00

I did a form using HTML and tried to insert the data using PHP

  • 0

I did a form using HTML and tried to insert the data using PHP to MySQL database. But only a few cells in the database are getting added. Couldn’t figure out what is wrong. Please help. Thanks in advance.

Here is my code, of the page which has the form (patienthistory.php)

<?php 

  // Connects to your Database 

mysql_connect("localhost", "root", "") or die(mysql_error()); 

mysql_select_db("cleftdb") or die(mysql_error()); 


//checks cookies to make sure they are logged in 

if(isset($_COOKIE['ID_my_site'])) 

{ 

$username = $_COOKIE['ID_my_site']; 

$pass = $_COOKIE['Key_my_site']; 

    $check = mysql_query("SELECT * FROM members WHERE username = '$username'")or die(mysql_error()); 
}
else 

//if the cookie does not exist, they are taken to the login screen 

{            

header("Location: login.php"); 

 } 

$check = mysql_query("SELECT id FROM members WHERE username = '$username'")or die(mysql_error());
while ($row = mysql_fetch_assoc($check)) {
$id = $row["id"];
}



echo '<form action="savepatienthistory.php" method=post />';

echo '<input type="hidden" name="id" value="'.$id.'">';

echo '<p>Patient ID: <input type="text" name="pid" /></p>';
echo '<p>First Name: <input type="text" name="fname" /></p>';
echo '<p>Last Name: <input type="text" name="lname" /></p>';
echo '<p>Date of birth : <input type="date" name="dob" /></p>';
echo '<p>Sex: 
<select name="sex">
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>
</p>';
echo '<p>Race: <input type="text" name="race" /></p>';
echo '<p>Address: <input type="text" name="address" /></p>';
echo '<p>GN Division: <input type="text" name="GNdivision" /></p>';
echo '<p>Parent/Guardian First Name: <input type="text" name="Xfname" /></p>';
echo '<p>Parent/Guardian Last Name: <input type="text" name="Xlname" /></p>';
echo '<p>Parent/Guardian Age: <input type="text" name="Xage" /></p>';
echo '<p>Parent/Guardian Occupation: <input type="text" name="Xoccupation" /></p>';
echo '<p>Parent/Guardian NIC number: <input type="text" name="XNICno" /></p>';
echo '<p>Parent/Guardian Race: <input type="text" name="Xrace" /></p>';
echo '<p>Parent/Guardian Address: <input type="text" name="Xaddress" /></p>';
echo '<p>Parent/Guardian GN Division: <input type="text" name="XGNdivision" /></p>';
echo '<p>Parent/Guardian Relationship to the Patient: <input type="text" name="Xrelationship" /></p>';
echo '<p>Parent/Guardian Country: <input type="text" name="Xcountry" /></p>';
echo '<p>General Medical History: 
<select name="otherproblem">
    <option value="Nothing">Nothing</option>
    <option value="Allergy: Penicillin">Allergy: Penicillin</option>
    <option value="Aspirin">Aspirin</option>
    <option value="Erythromycin">Erythromycin</option>
    <option value="Latex or Rubber Products">Latex or Rubber Products</option>
    <option value="Codeine">Codeine</option>
    <option value="Tetracycline">Tetracycline</option>
    <option value="Germicides/Pesticides, Foods">Germicides/Pesticides, Foods</option>
    <option value="Other">Other</option>
    <option value="Asthma">Asthma</option>
    <option value="Bleeding Disorders">Bleeding Disorders</option>
    <option value="Diabetes">Diabetes</option>
    <option value="Epilepsy">Epilepsy</option>
    <option value="GI disorders">GI disorders</option>
    <option value="Heart disease">Heart disease</option>
    <option value="Hepatitis">Hepatitis</option>
    <option value="Jaundice">Jaundice</option>
    <option value="Liver disease">Liver disease</option>
    <option value="Neoplasm">Neoplasm</option>
    <option value="Psychiatric Problems">Psychiatric Problems</option>
    <option value="Respiratory diseases">Respiratory diseases</option>
    <option value="Rheumatic fever">Rheumatic fever</option>
</select>
</p>';
echo '<p>Do patient currently under medical treatment? If yes, what are the medicines: <input type="text" name="medicaltreatment" /></p>';
echo '<p>Do Patient Need Antibiotic Prophylaxis?  
<select name="antibiotic">
    <option value="Yes">Yes</option>
    <option value="No">No</option>
</select>
</p>';



echo '<input type="submit" value="Submit">';
echo '</form>';


?>

and my savepatienthistory.php code,

<?php 
 // Connects to your Database 

 mysql_connect("localhost", "root", "") or die(mysql_error()); 

 mysql_select_db("cleftdb") or die(mysql_error()); 


 $id = $_POST['id'];
 $pid = $_POST['pid'];
 $fname = $_POST['fname'];
 $lname = $_POST['lname'];
 $dob = $_POST['dob'];
 $sex = $_POST['sex'];
 $race = $_POST['race'];
 $address = $_POST['address'];
 $GNdivision = $_POST['GNdivision'];
 $Xfname = $_POST['Xfname'];
 $Xlname = $_POST['Xlname'];
 $Xage = $_POST['Xage'];
 $Xoccupation = $_POST['Xoccupation'];
 $XNICno = $_POST['XNICno'];
 $Xrace = $_POST['Xrace'];
 $Xaddress = $_POST['Xaddress'];
 $XGNdivision = $_POST['XGNdivision'];
 $Xrelationship = $_POST['Xrelationship'];
 $Xcountry = $_POST['Xcountry'];
 $otherproblem = $_POST['otherproblem'];
 $medicaltreatment = $_POST['medicaltreatment'];
 $antibiotic = $_POST['antibiotic'];


 $sql = "INSERT into history (id) VALUES ('$id')";

 $sql = "INSERT into history (pid) VALUES ('$pid')";
 $sql = "INSERT into history (fname) VALUES ('$fname')";
 $sql = "INSERT into history (lname) VALUES ('$lname')";
 $sql = "INSERT into history (dob) VALUES ('$dob')";
 $sql = "INSERT into history (sex) VALUES ('$sex')";
 $sql = "INSERT into history (race) VALUES ('$race')";
 $sql = "INSERT into history (address) VALUES ('$address')";
 $sql = "INSERT into history (GNdivision) VALUES ('$GNdivision')";
 $sql = "INSERT into history (Xfname) VALUES ('$Xfname')";
 $sql = "INSERT into history (Xlname) VALUES ('$Xlname')";
 $sql = "INSERT into history (Xage) VALUES ('$Xage')";
 $sql = "INSERT into history (Xoccupation) VALUES ('$Xoccupation')";
 $sql = "INSERT into history (XNICno) VALUES ('$XNICno')";
 $sql = "INSERT into history (Xrace) VALUES ('$Xrace')";
 $sql = "INSERT into history (Xaddress) VALUES ('$Xaddress')";
 $sql = "INSERT into history (XGNdivision) VALUES ('$XGNdivision')";
 $sql = "INSERT into history (Xrelationship) VALUES ('$Xrelationship')";
 $sql = "INSERT into history (Xcountry) VALUES ('$Xcountry')";
 $sql = "INSERT into history (otherproblem) VALUES ('$otherproblem')";
 $sql = "INSERT into history (medicaltreatment) VALUES ('$medicaltreatment')";
 $sql = "INSERT into history (antibiotic) VALUES ('$antibiotic')";



 if(!mysql_query($sql)){
die('Error: '.mysql_error());
 } 

 mysql_close();

 ?>

and here is a screenshot of the added values to db
screenshot

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A very important first remark is that your code has glaring security issues as it is very open to sql injection. You are directly inserting user input (i.e. the POST values) into sql statements without checking them for malicious content. Please be sure to read up on this subject and adjust the code.

    Your sql insert statements are not executed and you constantly overwrite the statement, so only the last one will be executed. You have to combine them all in one statement.

    INSERT INTO history (fname, lname) VALUES ('john', 'doe')

    In your case you can make the complete statement with a loop and string concatenation

    $post = array($pid = $_POST['pid'], $fname = $_POST['fname'], $lname = $_POST['lname']);

$sql = "INSERT INTO history ('pid', 'fname', 'lname') VALUEs ('";

foreach( $post as $val ){
    $sql .= $val."', '";
}
$sql = substr($sql, 0, -3);
$sql .= ")";

mysql_query($sql);

    I have only included three columns in the loop here but it should be trivial to extend it to all the columns needed. I also assumed that the ‘id’ you get from the $_POST is the primary key of the table and is therefore omitted from the INSERT statement as it will be generated automatically.

    • 0