Getting error need help

srsingh83 · August 8, 2018, 8:57am

Please let me know whats wrong here i am getting the error please check query
just adding subcategory to main category

	<div class="col-lg-4 mx-md-auto paper-card">

		
		
		<?php

	if ( isset( $_POST[ 'submit' ] ) ) {
			if ( empty( $_POST[ 'subcat' ] ) ) {
				echo '<span style="color: red;"> Please Fill in the Category Name</span> ';
			} else {

				
				$subcat =clean( $_POST['subcat']);
       

        $query = " insert into subcategory values('sid','$_POST[cat]','$subcat')";
				$result = mysqli_query( $con, $query );

				if ( $result ) {
					echo '<span style="color: green;">Category Added Successfully</span>';
				} else {
					echo '  Please Check Your Query ';
				}
			}
		}



		?>

		<form method="post" action="">
			<div class="form-group">
				<lable>Sub Category Name</lable>
				<input type="text" class="form-control" name="subcat"/>
			</div>
			<div class="form-group">
				<lable>Select Category</lable>
				<select class="form_control" name="cat">
					<?php 
	
	$query="select * from category";
	$sql=mysqli_query($con,$query);
	if(mysqli_num_rows($sql)>0){
		while($row=mysqli_fetch_assoc($sql)){
	
	?>
					<option value="<?php echo $row['cid']; ?>">
						<?php echo $row['catname']; ?>
					</option>
					<?php 
			}	
	}		
		?>
				</select>
			</div>


			<div class="form-group">
				<button class="btn btn-primary" name="submit">Submit</button>

			</div>

		</form>
	</div>

</div>

Dormilich · August 8, 2018, 9:02am

What’s the error you get?

… not to mention the gaping SQL injection hole.

droopsnoot · August 8, 2018, 9:12am

In this query

" insert into subcategory values('sid','$_POST[cat]','$subcat')";

don’t you need to specify which columns you are assigning those values to? I haven’t done massive amounts of SQL, but it seems that otherwise it would need to guess which value goes into which column.

Is this a typo or intentional?

<lable>Sub Category Name</lable>

Dormilich · August 8, 2018, 9:16am

No, but that doesn’t make it a good idea and also causes hard-to-find bugs.

From the manual:

If you do not specify a list of column names for INSERT ... VALUES or INSERT ... SELECT , values for every column in the table must be provided by the VALUES list or the SELECT statement.

droopsnoot · August 8, 2018, 9:17am

Ah yes, I was just editing my previous post with exactly that. Values for all columns must be specified, and in the correct order. I haven’t come across that before, and as you say, it seems to be fraught with difficulty and makes queries hard to read.

srsingh83 · August 20, 2018, 4:20am

i tried putting them but same error - Please Check Your Query

droopsnoot · August 20, 2018, 9:27am

Show us the new version of the code. Is it correct that the first column you insert contains the fixed string “sid”, which will always be the same?

Mittineague · August 20, 2018, 7:07pm

My thought was that the line looked like a misuse of mysqli bind param syntax. i.e.

s - string
i - integer
d - double

http://php.net/manual/en/mysqli-stmt.bind-param.php

srsingh83 · August 21, 2018, 7:23am

these are the category and subcategory in my mysql tried replace each one but same error is anything else is wrong in the code/form or its just the query

category
cid,catname

subcategory
sid,cid,scatname

srsingh83 · August 21, 2018, 9:45am

see the uploaded code this code works fine but mine not i think he is using php5 and i am using php7 is this matter
see the screenshot attched

droopsnoot · August 21, 2018, 9:46am

Well, the error message you are getting is displayed when you’ve just run the query, so it’s probably that.

If the ‘sid’ column is your unique subcategory identifier, and it’s auto-incrementing, then you don’t need to specify it. Just do something like

insert into subcategory (cid, scatname) values ($_POST[cat], $subcat);

droopsnoot · August 21, 2018, 9:47am

Yes, but that code isn’t specifying a string value for the first column, it’s just leaving it blank. You are trying to store a string “sid” into what looks as if it’s a numerical column. What if you just remove the string and leave the quotes, just like above?

srsingh83 · August 21, 2018, 9:49am

did that too but same error

droopsnoot · August 21, 2018, 9:49am

Show us the latest code.

srsingh83 · August 21, 2018, 9:49am

tried this also but not working same error - Please Check Your Query

srsingh83 · August 21, 2018, 9:50am

<?php include("header.php"); ?>

<div id="primary" style="padding-top: 40px;">
	<div class="container">

		<div class="col-lg-4 mx-md-auto paper-card">

			<h2>Add New Sub Category</h2>

		</div>
	</div>

	<hr/>
	<div class="container">

		<div class="col-lg-4 mx-md-auto paper-card">

			<?php

			if ( isset( $_POST[ 'submit' ] ) ) {
				if ( empty( $_POST[ 'subcat' ] ) ) {
					echo '<span style="color: red;"> Please Fill in the Category Name</span> ';
				} else {
					$subcat = clean( $_POST[ 'subcat' ] );
					$query = "insert into subcategory (cid, scatname) values ($_POST[cat], $subcat)";
					$result = mysqli_query( $con, $query );

					if ( $result ) {
						echo '<span style="color: green;">SubCategory Added Successfully</span>';
					} else {
						echo '  Please Check Your Query ';
					}
				}
			}



			?>

			<form method="post" action="">
				<div class="form-group">
					<lable>Sub Category Name</lable>
					<input type="text" class="form-control" name="subcat"/>
				</div>
				<div class="form-group">
					<lable>Select Category</lable>
					<select class="form_control" name="cat">
						<?php 
		
		$query="select * from category";
		$sql=mysqli_query($con,$query);
		if(mysqli_num_rows($sql)>0){
			while($row=mysqli_fetch_assoc($sql)){
				
				
		
		?>
						<option value="<?php echo $row['cid']; ?>">
							<?php echo $row['catname']; ?>
						</option>
						<?php 
				}	
		}		
			?>
					</select>
				</div>


				<div class="form-group">
					<button class="btn btn-primary" name="submit">Submit</button>

				</div>

			</form>
		</div>

	</div>
</div>
</div>
</div>
</div>
</div>
<!-- Row -->
</div>
<!-- Main Wrapper -->

<?php include("footer.php"); ?>

droopsnoot · August 21, 2018, 9:51am

Do you need to put the quotes back in? I left them out because I’m never quite sure, and I use PDO and prepared statements which handle the quotes for me.

srsingh83 · August 21, 2018, 9:52am

if i remove the quotes the it gives error
( ! ) Parse error: syntax error, unexpected ‘into’ (T_STRING) in C:\wamp64\www\site\admin\teset.php on line 25
so put them

droopsnoot · August 21, 2018, 9:53am

OK, so the latest code you posted above isn’t the latest, because you’ve added quotes into the query?

What’s the table layout of the subcategory table?

srsingh83 · August 21, 2018, 9:54am

see this i can add category with this code

<div id="primary" style="padding-top: 40px;">
        <div class="container">
           
                <div class="col-lg-4 mx-md-auto paper-card">
					
		<h2>Add New Category</h2>			
					
			</div></div>	
					
				<hr />  <div class="container">
           
                <div class="col-lg-4 mx-md-auto paper-card">
	
	<?php
	
		

    if(isset($_POST['submit']))
    {
        if(empty($_POST['category']) )
        {
            echo '<span style="color: red;"> Please Fill in the Category Name</span> ';
        }
        else
        {

			
			$cat = $_POST['category'];
           

            $query = " insert into category (catname) values('$cat')";
            $result = mysqli_query($con,$query);

            if($result)
            {
                echo '<span style="color: green;">Category Added Successfully</span>';  
            }
            else
            {
                echo '  Please Check Your Query ';
            }
        }
    }
    
	?>

	<form method="post" action="">
		<div class="form-group" >
	<lable> Category Name</lable>
		<input type="text" class="form-control" name="category"/>
		
		</div>
	<div class="form-group">
<button class="btn btn-primary" name="submit">Submit</button>
		
		</div>
	
		</form>
			</div>

</div></div>

only few changes done to add sub category