Before you define the values you must define which fields the values will go into.
Eg:-
"INSERT INTO table (firstname, lastname, email) VALUES (:first, :last, :email)"
I would also warn against putting unvalidated POST data directly into a query as you will be vulnerable to SQL injection.
Validate, sanitise, use prepared statements.
Add this line right above the query. Resubmit, copy the string/full query, and execute it in MySQL. What is the error?
echo "insert into tblproduct values('','$_POST[pnm]','$_POST[pdesc]', $_POST[pprice], $_POST[pqty], $dst1,'$_POST[pcategory]')";
Also, as SamA74 pointed out your code is susceptible to SQL injection. Using mysqli alone does not prevent SQL injection. You need to either escape the data or preferably use prepared statements binding user input as parameters separate from the query.
Edit:
I think this is your problem but the query might still fall.
"insert into tblproduct values('','{$_POST['pnm']}','{$_POST['pdesc']}', {$_POST['pprice']}, {$_POST['pqty']}, $dst1,'{$_POST['pcategory']}')"
Note the proper way to embed /access array values in a string.
i have tried writing the table fields like you said SamA74 but it didn’t work. Also should I use a semi colon before each value like you did? Or is it fine if i keep them in $. Also i am doing this for a school project so i am new. It wont be made online so no worries about SQL injection which i dont even know what it means haha.
Zookeeper, i wrote echo before the query but nothing happened.
I wrote the line the same as you however now when i load the page it is just a white screen. It doesnt even et me enter any values.
The :value syntax was representative of how it may be written with “named placeholders” as used in prepared statements. The other method is to simply use a ? as an un-named placeholder.
Well if you are learning about PHP and SQL it’s essential that you do learn about these things.
Although your project may be “safe” while not published on-line, it’s best to learn how to do things the right way for when the day comes that your work is published.
Yes i see the difference and have replaced it but the website turns to white screen when i load it. Also thanks SamA74 i’ll be sure to read up on SQL injection.
To expand on that, you should always have error reporting, but in the development environment you may “display errors” and in a live production environment you should never display errors, but do log them.
If you use display errors (for dev env), they should be printed on your screen.
If you log errors (for live env) they should be written to the error log file.
I wasn’t aware of that as I have never done it that way, with the first column generally being an ID with AI, though I did wonder if that were the case after posting.
I see the OP has an empty value first, would that be for the ID? I guess the AI would still work? Never tried it that way.
It’s not yet clear if the error is SQL or PHP related.
Thanks for the help guys! I found out that something was wrong with MAMP so when i changed over to XAMP and replaced the string as ZooKeeper said it worked like a charm!
[quote=“SamA74, post:15, topic:278074, full:true”]
I see the OP has an empty value first, would that be for the ID? I guess the AI would still work? [/quote]
yes, that works – in MySQL (i’m not sure about other databases, but i’m skeptical)
it’s actually an ~empty string~ that’s being inserted into an integer auto_increment column, but MySQL interprets this as NULL, and NULL is interpreted as “please may i have the next number”
or something like that
i personally would never do it that way, but hey, it works
as for the error, i’m fairly sure it can be traced back to poorly coded php