I can't insert data into Database table

Databases
1

my problem is once i press submit the data does not get inserted into the database table please help me.

Here is my code:

<?php

$link=mysqli_connect("localhost", "root", "");
mysqli_select_db($link, "dbdata");

?>




<!DOCTYPE html>
<html>
<head>
	<title>Add Product</title>
</head>
<body>
	<div id="header">
		<h1>TheFreshFoodDelivery</h1>
	</div>
	<div id="navbar">
		<ul>
			<li><a href="index.html">Home</a></li>
			<li><a href="webpages/Vegetarianstore.php">Store</a></li>
			<li><a href="webpages/About Us.html">About Us</a></li>
			<li><a href="webpages/Register.php">Register</a></li>
			<li><a href="webpages/Login.php">Login</a></li>
			<li><a href="webpages/add_product.php">Add Product</a></li>
		</ul>
	</div>


	<div id="body">

		<h1>Add Product</h1>

		<div class="block">

			<form name="form1" action="" method="post" enctype="multipart/form-data" >
			<table>
				<tr>
					<td>Product Name</td>
					<td><input type="text" name="pnm"></td>
				</tr>
				<tr>
					<td>Product Description</td>
					<td><textarea cols="15" rows="10" name="pdesc"></textarea></td>
				</tr>
				<tr>
					<td>Product Price</td>
					<td><input type="text" name="pprice"></td>
				</tr>
				<tr>
					<td>Product Quantity</td>
					<td><input type="text" name="pqty"></td>
				</tr>
				<tr>
					<td>Product Image</td>
					<td><input type="file" name="pimage"></td>
				</tr>
				<tr>
					<td>Product Category</td>
					<td><select name="pcategory">
							<option value="Vegetarian_Products">Vegetarian Products</option>
							<option value="Meat_Products">Meat Products</option>
						</select>
					</td>
				</tr>
				<tr>
					<td colspan="2" align="center"><input type="submit" name="submit1" value="upload"></td>
				</tr>

			</table>
			</form>


			<?php

			if(isset($_POST["submit1"]))
			{
				$v1=rand(1111,9999);
				$v2=rand(1111,9999);

				$v3=$v1.$v2;
				$v3=md5($v3);

				$fnm=$_FILES["pimage"]["name"];
				$dst="./product_image/".$v3.$fnm;
				$dst1="product_image/".$v3.$fnm;
				move_uploaded_file($_FILES["pimage"]["tmp_name"], $dst);

				mysqli_query($link, "insert into tblproduct values('','$_POST[pnm]','$_POST[pdesc]', $_POST[pprice], $_POST[pqty], $dst1,'$_POST[pcategory]')");
			}

			?>

		</div>
		
	</div>

	
</body>
</html>
2

Before you define the values you must define which fields the values will go into.

Eg:-

"INSERT INTO table (firstname, lastname, email) VALUES (:first, :last, :email)"

I would also warn against putting unvalidated POST data directly into a query as you will be vulnerable to SQL injection.
Validate, sanitise, use prepared statements.

3 Likes
3

Add this line right above the query. Resubmit, copy the string/full query, and execute it in MySQL. What is the error?

echo "insert into tblproduct values('','$_POST[pnm]','$_POST[pdesc]', $_POST[pprice], $_POST[pqty], $dst1,'$_POST[pcategory]')";

Also, as SamA74 pointed out your code is susceptible to SQL injection. Using mysqli alone does not prevent SQL injection. You need to either escape the data or preferably use prepared statements binding user input as parameters separate from the query.

Edit:

I think this is your problem but the query might still fall.

"insert into tblproduct values('','{$_POST['pnm']}','{$_POST['pdesc']}', {$_POST['pprice']}, {$_POST['pqty']}, $dst1,'{$_POST['pcategory']}')"

Note the proper way to embed /access array values in a string.

4

i have tried writing the table fields like you said SamA74 but it didn’t work. Also should I use a semi colon before each value like you did? Or is it fine if i keep them in $. Also i am doing this for a school project so i am new. It wont be made online so no worries about SQL injection which i dont even know what it means haha.

Zookeeper, i wrote echo before the query but nothing happened.
I wrote the line the same as you however now when i load the page it is just a white screen. It doesnt even et me enter any values.

5

The :value syntax was representative of how it may be written with “named placeholders” as used in prepared statements. The other method is to simply use a ? as an un-named placeholder.

Well if you are learning about PHP and SQL it’s essential that you do learn about these things.
Although your project may be “safe” while not published on-line, it’s best to learn how to do things the right way for when the day comes that your work is published.

Or for a more fun explanation:-

1 Like
6

You need to replace string with the one I corrected in the edit.

This is not valid PHP:

echo "foobar $values[value].";

This is:

echo "foobar {$values['value']}.";

See the difference?

Accessing values in arrays needs to be surrounded by {} in php when embedded in strings.

7

Yes i see the difference and have replaced it but the website turns to white screen when i load it. Also thanks SamA74 i’ll be sure to read up on SQL injection.

8

I would recommend turning on error reporting while developing. That way syntax errors will be seen onscreen.

1 Like
9

how do i see that? I am currently on sublime text 3. Any idea how?

10

In google search “turn on error reporting php”. There should be plenty of info for you.

11

To expand on that, you should always have error reporting, but in the development environment you may “display errors” and in a live production environment you should never display errors, but do log them.

http://php.net/manual/en/language.errors.basics.php

12

Ok so i enabled all the error displays and stuff but i dont know where i can view the errors.

13

If you use display errors (for dev env), they should be printed on your screen.
If you log errors (for live env) they should be written to the error log file.

14

may, yes… must? no

not necessary to name the columns if you provide a value for every column

1 Like
15

I wasn’t aware of that as I have never done it that way, with the first column generally being an ID with AI, though I did wonder if that were the case after posting.
I see the OP has an empty value first, would that be for the ID? I guess the AI would still work? Never tried it that way. :thinking:

It’s not yet clear if the error is SQL or PHP related.

16

Thanks for the help guys! I found out that something was wrong with MAMP so when i changed over to XAMP and replaced the string as ZooKeeper said it worked like a charm!

17

[quote=“SamA74, post:15, topic:278074, full:true”]
I see the OP has an empty value first, would that be for the ID? I guess the AI would still work? [/quote]
yes, that works – in MySQL (i’m not sure about other databases, but i’m skeptical)

it’s actually an ~empty string~ that’s being inserted into an integer auto_increment column, but MySQL interprets this as NULL, and NULL is interpreted as “please may i have the next number”

or something like that :cry:

i personally would never do it that way, but hey, it works

as for the error, i’m fairly sure it can be traced back to poorly coded php

1 Like
18

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.