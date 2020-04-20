Code for Book record management

#1 
<?php

$con=mysqli_connect('localhost','root') ;
if($con=== false)
{
	die ("error : could not conect ." . 
mysqli_connect_error());
}
mysqli_select_db($con,'BRM_DB');
$Title=mysqli_real_escape_string($con, $_REQUEST ['title']);
$Price=mysqli_real_escape_string($con, $_REQUEST ['price']);
$Author=mysqli_real_escape_string($con, $_REQUEST ['author']);

$query="INSERT INTO book(title,Price,Author)VALUES('$Title',$Price,'$Author')";
if(mysqli_query($con,$query))
{
	echo ("Record inserted");
	}
	else 
	{ 
	echo ("insertion failed");	
	}
mysqli_close($con);
	?>

<!DOCTYPE html>
<html>
<head>
<title>Insertion</title>
</head>
<body>
<h1>Book Record Management</h1>
<a href="insertform.php">click here</a>
</body>
</html>

What am I doing wrong here? I don’t know why it’s give “insertion failed”. Please some solve this problem I’m naive in it.

#2

'Tis probably this, but you should really be using prepared statements rather than inserting variables into your SQL.

#3

Can you show the form code? All we can see here is a link to (presumbly) your form, not the form itself.

#4

Your query is failing with an error for some reason, but you don’t have useful error handling for all the database statements that can fail. Add the following line of code before the point where you make the database connection, then insure that php’s error_reporting is set to E_ALL and display_errors is set to ON -

// set the mysqli error mode to exceptions, then let php catch the exception, where it will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.)
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
#5

Why are we escape-stringing a numeric value?

#6

If it works locally and not online I would check caSeSenSitivity.

#7

First of all check yours database name columns for capital letters to be sure they are same in query and in database also.

Second you should run all those checking and insert into database only if form is submitted.

Here is code i tested on my pc and online and all works

<?php
error_reporting(E_ALL);

if (isset($_POST['submit'])) { // when form is submited

    $con = mysqli_connect('localhost', 'root', '', 'BRM_DB');

    if (!$con) die ("error : could not conect ." . mysqli_connect_error());

	$Title = mysqli_real_escape_string($con, $_POST['title']);
	$Price = mysqli_real_escape_string($con, $_POST['price']);
	$Author = mysqli_real_escape_string($con, $_POST['author']);

    // title, Price, Author check for those in database to be same as here
	$query = "INSERT INTO book(title, Price, Author) VALUES ('$Title', $Price, '$Author')";

	if(mysqli_query($con, $query)) {
		echo ("Record inserted");
	} else { 
		echo ("insertion failed");	
	}
	mysqli_close($con);
}
?>


<!DOCTYPE html>
<html>
	<head>
		<title>Insertion</title>
	</head>
<body>
	<form method="post" action="">
		<input type="text" name="title"><br>
		<input type="text" name="price"><br>
		<input type="text" name="author"><br>
		<input type="submit" name="submit" value="Add">
	</form>
</body>
</html>