Not all data save to the database

PHP
1

Good day!

I got encountered problem in my php file, because when I’m not input all data in a textbox only the completed was save in my database and the rest was not.

here is the codes:


<?php
include("config.php");
$rexist = 0;
if($_POST["plt_no"] && $_POST["plt_typeno"])
    {
    $bom = $_POST["bom"];
    $chem = $_POST["chem"];
    $qty = $_POST["qty"];
    $part = $_POST["part"];
    $lot = $_POST["lot"];
    
    $query = "INSERT INTO plt_transact (plt_no, b1, sc2, plt_typeno) VALUES ('" . $_POST["plt_no"] . "', '" . $_POST["b1"] . "', '" . $_POST["sc2"] . "', '" . $_POST["plt_typeno"] . "')";
    $result = mysql_query($query);
    $plt_transact_id = mysql_insert_id();

    $totalarr = count($bom);
    for($ctr=0; $ctr < $totalarr; $ctr++)
        {
        if($bom[$ctr] && $chem[$ctr] && $qty[$ctr] && $part[$ctr] && $lot[$ctr])
            {
            $query = "INSERT INTO plt_data (bom, plt_chemicals, qty, part_no, lot_no, plt_transact_id) VALUES ('" . $bom[$ctr] . "', '" . $chem[$ctr] . "', '" . $qty[$ctr] . "', '" . $part[$ctr] . "', '" . $lot[$ctr] . "', '" . $plt_transact_id . "')";
            $result = mysql_query($query);
            }
        }
    
    $opname = $_POST["opname"];
    $timein = $_POST["timein"];
    $timeout = $_POST["timeout"];
    $inqty = $_POST["inqty"];
    $outqty = $_POST["outqty"];
    $idno = $_POST["idno"];
    $mcno = $_POST["mcno"];
    $varqty = $_POST["varqty"];
    $varplt = $_POST["varplt"];
    $dateshift = $_POST["dateshift"];
    
    $totalarr = count($opname);
    for($ctr=0; $ctr < $totalarr; $ctr++)
       {
        if($opname[$ctr] && $timein[$ctr] && $timeout[$ctr] && $inqty[$ctr] && $outqty[$ctr] && $idno[$ctr] && $mcno[$ctr] && $varqty[$ctr] && $varplt[$ctr] && $dateshift[$ctr])
            {
            $query = "INSERT INTO traceability (operation_name, time_in, time_out, input_qty, output_qty, id_no, mc_no, variance_qty, variance_plt, date_shift, plt_transact_id) VALUES ('" . $opname[$ctr] . "', '" . $timein[$ctr] . "', '" . $timeout[$ctr] . "', '" . $inqty[$ctr] . "', '" . $outqty[$ctr] . "', '" . $idno[$ctr] . "', '" . $mcno[$ctr] . "', '" . $varqty[$ctr] . "', '" . $varplt[$ctr] . "', '" . $dateshift[$ctr] . "', '" . $plt_transact_id . "')";
            $result = mysql_query($query);
            }
        }   
    }
$rexist = 0;
?>
<html>
<head>
    <title>Dunlop - PLT</title>
    <script language="javascript">
    function getplt(plt_typeno)
        {
        var myform = document.enumplt;
        myform.plt_typeno.value = plt_typeno;
        myform.submit();
        }
    </script>
</head>
<body>
<p><a href="plt_definition.php">PLT Types</a></p>
Type:&nbsp;&nbsp;
<select name="plt_type" onChange="getplt(this.options[this.selectedIndex].value);" onKeyDown="if(event.keyCode==13) event.keyCode=9;">
    <?php
    $plt_typeno = "";
    if($_POST["enum_plt"]) $plt_typeno = $_POST["plt_typeno"];
    $query = "SELECT DISTINCT plt_typeno FROM plt_type GROUP BY plt_typeno ORDER BY plt_typeno";
    $result = mysql_query($query);
    echo "<option value=''></option>";
    if(!$plt_typeno)
        {
        while($row = mysql_fetch_array($result))
            echo "<option value='" . $row["plt_typeno"] . "'>" . $row["plt_typeno"] . "</option>";
        }
    else
        {
        while($row = mysql_fetch_array($result))
            {
            echo "<option value='" . $row["plt_typeno"] . "'";
            if($plt_typeno == $row["plt_typeno"]) echo " selected";
            echo ">" . $row["plt_typeno"] . "</option>";
            }
        }
    ?>
</select>

<form action="plt_main.php" method="post">
<?php
//Show form
if($_POST["enum_plt"] && $_POST["plt_typeno"])
    {
    $query = "SELECT * FROM plt_type WHERE plt_typeno = '" . $_POST["plt_typeno"] . "'";
    $result = mysql_query($query);
    if($result)
        {
        $rexist = 1;
        echo "<p>PLT No:&nbsp;&nbsp;<input type='text' name='plt_no' onKeyDown='if(event.keyCode==13) event.keyCode=9;'/></p>";
        echo "<table>";
        echo "<tr><th>BOM</th><th>Chemicals</th><th>Qty</th><th>Part #</th><th>Lot #</th></tr>";
        while($row = mysql_fetch_array($result))
            {
            echo "\
\	<tr>";
            echo "\
\	\	<td><input type='text' name='bom[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
            echo "\
\	\	<td>" . $row["plt_chemicals"];
            echo "<input type='hidden' name='chem[]' value='" . $row["plt_chemicals"] . "' /></td>";
            echo "\
\	\	<td><input type='text' name='qty[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
            echo "\
\	\	<td><input type='text' name='part[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
            echo "\
\	\	<td><input type='text' name='lot[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
            echo "\
\	</tr>";
            }
        echo "</table>";
        
        echo "<p>&nbsp;</p>";
        echo "<table>";
        echo "<tr><th>PARTS TRACEABILITY</th><th>LOT/BATCH #</th></tr>";
        echo "<tr><td>B1</td><td><input type='text' name='b1' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td></tr>";
        echo "<tr><td>SC2</td><td><input type='text' name='sc2' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td></tr>";
        echo "</table>";
        echo "<p>&nbsp;</p>";
        
        $query = "SELECT * FROM trace_operations WHERE plt_typeno = '" . $_POST["plt_typeno"] . "'";
        $result = mysql_query($query);
        if($result)
            {
            $rexist = 1;
            echo "<p>OPERATOR AND MACHING TRACEABILITY</p>";
            echo "<table>";
            echo "<tr><th>OPERATIONS</th><th>Time IN</th><th>Time OUT</th><th>INPUT<br />QTY</th><th>OUTPUT<br />QTY</th><th>ID #</th><th>MC #</th><th>VARIANCE<BR />Qty</th><th>VARIANCE<br />PLT #</th><th>DATE &amp; SHIFT</th></tr>";
            while($row = mysql_fetch_array($result))
                {
                echo "\
\	<tr>";
                echo "\
\	\	<td>" . $row["operation_name"];
                echo "<input type='hidden' name='opname[]' value='" . $row["operation_name"] . "' /></td>";
                echo "\
\	\	<td><input size='6' type='text' name='timein[]'  onKeyDown='if(event.keyCode==13) event.keyCode=9;'/></td>";
                echo "\
\	\	<td><input size='6' type='text' name='timeout[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	\	<td><input size='6' type='text' name='inqty[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	\	<td><input size='6' type='text' name='outqty[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	\	<td><input size='6' type='text' name='idno[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	\	<td><input size='6' type='text' name='mcno[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	\	<td><input size='6' type='text' name='varqty[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	\	<td><input size='6' type='text' name='varplt[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	\	<td><input size='20' type='text' name='dateshift[]' onKeyDown='if(event.keyCode==13) event.keyCode=9;' /></td>";
                echo "\
\	</tr>";
                }
            echo "</table>";
            }
        }
    }
    if($rexist) 
        {
        echo "<p><input type='submit' value='Save' /></p>";
        echo "<input type='hidden' name='plt_typeno' value='" . $_POST["plt_typeno"] . "' />";
        }
?>
</form>
<form name="enumplt" action="plt_main.php" method="post">
<input type="hidden" name="enum_plt" value="1" />
<input type="hidden" name="plt_typeno" />
</form>
</body>
</html>

Thank you

2

First of all, don’t use user input in your queries without sanitizing it. In this case, since you put all of them between quotes, use mysql_real_escape_string().
And second, to check if the query is executed correctly, change

$result = mysql_query($query);

into

$result = mysql_query($query) [B][COLOR="Red"]or die("mysql error " . mysql_error() . " in query $query")[/COLOR][/B];