Invalid input syntax for integer: "" - php

I have a problem, to build INSERT PHP file with HTML form code. When I drop from HTML form, then this error pops out ""invalid input syntax for integer: "" LINE 2:""
in all code, I comment every single line and nothing.
There is my PHP script
`
$order_nr = pg_escape_string($_POST['order_nr']);
$date = pg_escape_string($_POST['date']);
$place = pg_escape_string($_POST['place']);
$service = pg_escape_string($_POST['service']);
$Vards = pg_escape_string($_POST['vards']);
$Uzvards = pg_escape_string($_POST['uzvards']);
$phone = pg_escape_string($_POST['phone']);
$email = pg_escape_string($_POST['email']);
$veids = pg_escape_string($_POST['veids']);
$passw = pg_escape_string($_POST['passw']);
$papildaprikojums = pg_escape_string($_POST['papildaprikojums']);
$save_info = pg_escape_string($_POST['save_info']);
$defekts = pg_escape_string($_POST['defekts']);
$query = " INSERT INTO serviss (order_nr, place, service, vards, uzvards, email, veids, passw, save_info, papildaprikojums, defekts)
VALUES ('$order_id', '$place', '$service', '$vards', '$uzvards', '$email', '$veids', '$passw', '$papildaprikojums', '$save_info', '$defekts') " ;
$result = pg_query($query);
if (!$result) {
$errormessage = pg_last_error();
echo "Error with query: " . $errormessage;
exit();
}
printf ("These values were inserted into the database - %s %s %s", $order_id);
pg_close();
There is my HTML form code
<form action="serviss.php" method="post" >
<div class="ievade">
Pasūtijuma numurs : <input type="text" size="5" name="order_id"> <br><br>
Pieņemšanas datums : <input type="date" data-date="" data-date-format="DD MMMM YYYY" value="2015-08-09" name="date"> <br><br>
Pieņemšanas vieta : <select name="place">
<option value="Ausekļa_iela_9"> Ausekļa iela 9 </option>
</select> <br><br>
Pieņēma : <select >
<option value="service" name="Maris"> Māris </option>
<option value="service name="Toms"> Toms </option>
</select> <br> <br>
Klienta vārds : <input type="text" name="vards" size="5"> <br><br>
Klienta uzvārds : <input type="text" name="uzvards" size="5"> <br><br>
Klienta tel.nr.: <input type="tel" id="phone" size="6"> <br><br>
Klienta e-pasts: <input type="text" value="example#test.net" name="email">
<br><br>
Iekārtas veids: <input type="text" value="iekārta" name="veids" size="5"> <br><br>
Parole: <input type="text" name="passw" size="5"> <br><br>
</div>
<div class="checkbox">
Garantija: <br>
Ir
<input type="radio" name="garantija" value="Ir"> <br>
Nav <input type="radio" name="garantija" value="Nav">
<br> <br>
</div>
<div class="ievade">
Papildaprīkojums: <input type="text" name="papildaprikojums" > <br><br>
Papildus informācija: <input type="text" name="informacija">
<br> <br>
Saglabājamā informācija: <input type="text" name="save_info">
<br> <br>
Defekta apraksts: <input type="text" name="defekts">
</div>
</div>
<input type="submit" value="Submit">
</form>
I hope you can help me.
I use PostgreSQL 10.10


It's like you have mixed up the 'order_id' with 'order_nr'.
The name value attribute is 'order_id' so when you try to get it it is
$_POST['order_id'] not `$_POST['order_nr']`
It means that either you should say
$order_nr = pg_escape_string($_POST['order_id']);
In order to use the variable into the insert statement and then
$query = " INSERT INTO serviss (order_nr, place, service, vards, uzvards, email, veids, passw, save_info, papildaprikojums, defekts)
VALUES ('$order_nr', '$place', '$service', '$vards', '$uzvards', '$email', '$veids', '$passw', '$papildaprikojums', '$save_info', '$defekts') " ;
or you shoud say
$order_id = pg_escape_string($_POST['order_id']);
And then
$query = " INSERT INTO serviss (order_nr, place, service, vards, uzvards, email, veids, passw, save_info, papildaprikojums, defekts)
VALUES ('$order_id', '$place', '$service', '$vards', '$uzvards', '$email', '$veids', '$passw', '$papildaprikojums', '$save_info', '$defekts') " ;

Related

php file not uploading in folder

I created an image url table of products and products table in database.
Registering image url and products in the database but not uploading the file.
this is php codes
$ekle = #$_POST['ekle'];
if(isset($ekle)){
$udyekle = $vt->prepare("INSERT INTO urunler(isim,
fiyat,stok,detay,katid) VALUES (?, ?, ?, ?, ?)");
$udyekle->bind_param('siisi', $_POST['urunisim'],
$_POST['urunfiyat'],
$_POST['urunstok'],
$_POST['urundetay'],
$_POST['urunkategori']);
$udyekle->execute();
$sonid = mysqli_insert_id($vt);
$udyekle->close();
$klasor="../images/product-details";
$dosya_sayi=count($_FILES['dosya']['name']);
for($i=0;$i<=$dosya_sayi;$i++){
if(!empty($_FILES['dosya']['name'][$i])){
$dosyaadi= sha1(md5($_FILES['dosya']['name'][$i]));
if(move_uploaded_file($_FILES['dosya']['tmp_name'][$i],$klasor."/".$dosyaadi)){
echo "upload successful";
}else{
echo $_FILES['dosya']['error'];
}
$resup = $vt->prepare("INSERT INTO urunresim(urunid,url) VALUES (?, ?)");
$resup->bind_param('is', $sonid,$dosyaadi);
$resup->execute();
$resup->close();
}
}
}
it gives error code 0
this is html codes.
I added the name to the submit but something did not change
<form action="urunekle.php" method="post" enctype="multipart/form-data">
<label>Ürün ismini giriniz : </label>
<input class="form-control" name="urunisim"><br>
<label>Ürün fiyatını giriniz : </label>
<input class="form-control" name="urunfiyat"><br>
<label>Ürünün stok bilgisini giriniz : </label>
<input class="form-control" name="urunstok"><br>
<label>Ürün kategorisini seçiniz : </label>
<select class="form-control" id="sel1" name="urunkategori">
<?php
$sorgucuk = mysqli_query($vt, "select * from kategoriler");
while($sonuccuk = mysqli_fetch_assoc($sorgucuk)){
?>
<option value="<?php echo $sonuccuk['id']; ?>"><?php echo $sonuccuk['isim']; ?></option>
<?php } ?>
</select><br>
<label>Ürüne resim seçiniz : </label>
<input class="form-control" type="file" name="dosya" id="dosya" multiple="multiple" />
<label>Ürün hakkında detay giriniz : </label>
<textarea class="form-control" name="urundetay"></textarea><br>
<input type="submit" name="ekle" id="ekle" value="Ekle" class="btn btn-success">
</form>

POST value from html select list?

i am trying to send some information to insert-event.php. Every piece of data comes through, except the options listed in my SELECT.
<form action="php/insert-event.php" method="post">
<select id="skoleDropdown" name="skole"><option hidden>Velg skole</option>"' . $skoleAttributter . '" </select>
<input type="text" name="Title" placeholder="Tittel" class="ico-title" required></input>
<input type="text" name="description" placeholder="Beskrivelse" class="ico-title" required></input>
<input type="text" name="pris" placeholder="Pris i NOK" class="ico-title" required></input>
<input type="date" name="date" class="ico-title" required></input>
<input type="text" name="img_url" placeholder="Bildelenke" class="ico-title" required></input>
<input type="text" name="type" placeholder="Type arrangement" class="ico-title" required></input>
<input type="submit" name="submit" value="LEGG TIL"></input>
</form>
</div>';
And then i have my insert-event.php:
<?php
$title = $_POST['Title'];
$pris = $_POST['pris'];
$date = $_POST['date'];
$url = $_POST['img_url'];
$description = $_POST['description'];
$school = $_POST['skole'];
$schoolId = '';
$type = $_POST['type'];
switch($school) {
case 'Campus Brennerviveien';
$schoolId == 1;
break;
case 'Campus Vulkan';
$schoolId == 2;
break;
case 'Campus Fjerdingen';
$schoolId == 3;
break;
}
// Connect and select DB
$connect = mysqli_connect('localhost', 'chris', 'chris');
if (!$connect) {
echo 'Not connected';
}
if (!mysqli_select_db($connect, 'eksamen')) {
echo 'Database not selected';
}
// Submit
$sql = "INSERT INTO events (id, title, description, pris, img_url, date, type, skole_id)
VALUES (NULL, '$title', '$description', '$pris', '$url', '$date', '$type', '$schoolId')";
if ($connect->query($sql) === TRUE) {
header("Location:../index.php");
exit;
} else {
echo "Error: " . $sql . "<br>" . $connect->error;
}
$connect->close();
?>
I think maybe this speaks for itself.
Appreciate help.
Thanks!

proper method of select is
<select name="skole" id="skole">
<option value="test"> option one text here </option>
<option value="test2"> option two text here </option>
</select>
when your request to select like
$school = $_POST['skole']; ====> $school = 'test'
when select have selected then it will gives you the value of option other it can not give any value.
thanks

you have to use value attribute for select tag to send data on post page
<select id="skoleDropdown" name="skole">
<option hidden value="Velg skole">Velg skole</option>"' . $skoleAttributter . '"
</select>
then this should be like
<form action="php/insert-event.php" method="post">
<select id="skoleDropdown" name="skole"><option hidden value="Velg skole">Velg skole</option>"' . $skoleAttributter . '" </select>
<input type="text" name="Title" placeholder="Tittel" class="ico-title" required></input>
<input type="text" name="description" placeholder="Beskrivelse" class="ico-title" required></input>
<input type="text" name="pris" placeholder="Pris i NOK" class="ico-title" required></input>
<input type="date" name="date" class="ico-title" required></input>
<input type="text" name="img_url" placeholder="Bildelenke" class="ico-title" required></input>
<input type="text" name="type" placeholder="Type arrangement" class="ico-title" required></input>
<input type="submit" name="submit" value="LEGG TIL"></input>
</form>
</div>';
And then this will be like this
$skoleListe = Skole::all();
$skoleAttributter = '';
foreach($skoleListe as $skole)
{
$skoleAttributter.= '<option value="' .$skole['id'] . '">' . $skole['navn'] . '</option>';
}
you have added "" this double time remove one from option value attibute

Extra double quotes problem so values is setting empty
$skoleAttributter.= '<option value=""' .$skole['id'] . '">' . $skole['navn'] . '</option>';
^^^
change to
$skoleAttributter.= '<option value="' .$skole['id'] . '">' . $skole['navn'] . '</option>';
^^^^
1) And no need switch case because your setting id as a value attribute . so you can directly use it as schoolId
Try to use prepared statement or pdo to avoid sql injection .

Simple form does not get $_POST value and cannot submit

Somehow this takes me a day and still does not solve, I have other forms that works properly. But this one looks perfect but it simply refresh the page after I submit the form.
<form action="" enctype='multipart/form-data' name= 'myForm' id="myForm" method='post'>
<label>
<span>Product Name</span><input id="product_name" value='<?php echo $product_name;?>' type="text" name="product_name" disabled >
</label>
<label>
<span>Retail Price</span> <input name='retail_price' value="<?php echo $retail_price;?>" type='text' id='retail_price' size='10' disabled >
</label>
<label>
<span>Discount (%)</span> <input name='discount' value="<?php echo $discount;?>" type='text' id='discount' size='10'disabled >
</label>
<label>
<span>Details</span><textarea id="details" class="product_details" placeholder="For any other reasons, please provide details here" name="details"></textarea>
</label>
<label>
<span>Reason to Report</span>
<select name='reason' id='reason' class="required">
<option value = '' > </option>
<option value = 'price10' > Product price is higher than $9.9</option>
<option value = 'shelf' > Product is off the shelf</option>
<option value = 'no_fs' > Product does not have free-shipping</option>
<option value = 'reject' > Seller does not deliver products</option>
<option value = 'price_not_match' > Product Price does not match on Upto9 </option>
<option value = 'category' > Product is in wrong category </option>
<option value = 'other' > Other reasons</option>
</label>
<label>
<input name='submit' type='submit' id='button' class="button" value="Submit Report"/>
</label>
</form>
THen This is my php code :
echo 'before';
if (isset($_POST['submit'])) {
echo 'after';
var_dump($_POST);
$con= mysqli_connect("xxxxx.com"," admin","xxxxx","xxxxx") or die(mysqli_error($con));
$details=mysqli_real_escape_string($con,$_POST['details']);
$reason=mysqli_real_escape_string($con,$_POST['reason']);
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
$sql="INSERT INTO reports (pid,product_name,listing_price,links,discount,retail_price,details,stock_level,reason,report_time,reporter,reporter,ip) VALUES
('$pid','$product_name','$listing_price','$links','$discount','$retail_price','$details','$stock_level','$reason',now(),'$log_username','$ip')";
$query = mysqli_query($con, $sql);
mysqli_insert_id($con);
mysqli_close($con);
header('Location: ' . $_SERVER['HTTP_REFERER']);
echo "successful!";}
The output is: befre
after I added the sql code var_dump($_POST) gives me nothing, so probably the sql code is wrong...

How to use IF statement on PHP MYSQL query

Currently i'm doing my final year project about hotel management system. Now I'm stuck on using IF STATEMENT on PHP MYSQL query. I had create column named roomtype and roomprice under reservation table. The case are like this:
If guest selected single on roomtype, it automatically shown the
price on roomprice. Let say the price was 100.
Then if guest selected superior, the price is 200.
And then if deluxe was selected, the price is 300.
Below are my codes to store to database
$link = mysql_connect('localhost', 'root', '') or die('Could not connect: ' . mysql_error());
mysql_select_db('hotel_reservation3') or die('Could not select database');
// Store query in variable
$query = "INSERT INTO reservation (user_id,fullname,contactno,passport,roomtype,roomprice,num_of_rooms,dor,dco,bookingdate,length_of_stay)
VALUES
(
'".$_SESSION['user_id']."',
'".$_POST['fullname']."',
'".$_POST['contactno']."',
'".$_POST['passport']."',
'".$_POST['roomtype']."',
'".$_POST['num_of_rooms']."',
'".$_POST['dor']."',
'".$_POST['dco']."',
sysdate(),
DATEDIFF(dco,dor)
)";
// Performing SQL query
$result = mysql_query($query)
or die('Query failed: ' . mysql_error());
//echo "Success inserting record!";
// Closing connection
mysql_close($link);
header("Location:reservation.php?success");
I'm using POST method which comes from a form. Below are partial code of the form
<form action="" method="post">
<ul>
<li>
Full name*: <br>
<input type="text" name="fullname">
</li>
<li>
Contact No.: <br>
<input type="text" name="contactno">
</li>
<li>
IC/Passport*: <br>
<input type="text" name="passport">
</li>
<li>
Room Type*: <br>
<select name="roomtype" id="roomtype">
<option value="Single">Single</option>
<option value="Superior">Superior</option>
<option value="Deluxe">Deluxe</option>
</select>
</li>
<li>
Number of Rooms*:</li>
<input type="text" size="3" name="num_of_rooms">
<br>
<li>
Date of reservation*: <br>
<input type="text" size="12" id="dor" name="dor"/>
</li>
<li>
Check-out Date*: <br>
<input type="text" size="12" id= "dco" name="dco"/>
</li>
<input type="submit" value="Submit">
<input type="reset" value="Clear" >
<li>
<br>
<br>
<br>
<br>
<br>
<br>
</ul>
</form>
Does anyone know the code?

As everyone has mentioned, please protect your SQL from injection.
You should calculate your price in PHP.
if($_POST['roomtype'] == "deluxe"){
$roomprice = 300;
}else if($_POST['roomtype'] == "superior"){
$roomprice = 200;
}else{
$roomprice = 100;
}
// Store query in variable
$query = "INSERT INTO reservation (user_id,fullname,contactno,passport,roomtype,roomprice,num_of_rooms,dor,dco,bookingdate,length_of_stay)
VALUES
(
'".$_SESSION['user_id']."',
'".mysql_real_escape_string($_POST['fullname'])."',
'".mysql_real_escape_string($_POST['contactno'])."',
'".mysql_real_escape_string($_POST['passport'])."',
'".mysql_real_escape_string($_POST['roomtype'])."',
$roomprice,
'".mysql_real_escape_string($_POST['num_of_rooms'])."',
'".mysql_real_escape_string($_POST['dor'])."',
'".mysql_real_escape_string($_POST['dco'])."',
NOW(),
DATEDIFF(dco,dor)
)";

Data insertion issues with HTML form and PHP to mySQL

I have seen few posts in SO related to the same scenario as mine but did not find a proper resolution. So am posting question with my problem stuff.
I have an HTML form
<form method="post" id="myForm">
<label for="e_name">Name</label>
<input name="e_name" id="emp_name" value="" type="text" data-theme="a">
<label for="date">Date</label>
<input name="date" id="emp_dob" value="" data-theme="a">
<label for="gender">Gender</label>
<select name="gender" id="emp_gender" data-role="slider" data-theme="a" data-inline="true">
<option value="male">Male</option>
<option value="female">Female</option>
</select>
<label for="address">Address</label>
<textarea name="address" id="emp_address" value="" type="text" data-theme="a"></textarea><br><br>
<input type="button" id="insert" value="Submit">
</form>
<div id="someElement"></div>
And I have the following to perform my form elements submission to a PHP page-
$(document).ready(function(){
$("#insert").click(function(e) {
e.preventDefault();
alert("am in the Insert function now");
$.ajax({
cache: false,
type: 'POST',
url: 'insert.php',
data: $("#myForm").serialize(),
success: function(d) {
$("#someElement").html(d);
}
});
});
});
Here is my PHP -
<?php
$con=mysqli_connect("localhost","root","root","employee");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$name =" ";
$dob =" ";
$gender =" ";
$address =" ";
if(isset($_POST['emp_name'])){ $name = $_POST['emp_name']; }
if(isset($_POST['emp_dob'])){ $dob = $_POST['emp_dob']; }
if(isset($_POST['emp_gender'])){ $gender = $_POST['emp_gender']; }
if(isset($_POST['emp_address'])){ $address = $_POST['emp_address']; }
echo $name;
echo $dob;
echo $gender;
echo $address;
$sql="INSERT INTO emp_details (emp_name, emp_gender, emp_address) VALUES ('$name', '$gender', '$address')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
Now what happens is, when I enter some values in my form and click on Submit, action performs well and a new row inserts in the database. But all the rows are empty. They're just empty, not even "NULL".
I tried to echo my field values in the PHP but there is no output there. My "1 Record Added" has come-up well, but no form values appear here.
Kindly help me sorting this out.
Thanks in advance.

$_POST[] references to the name attribute of html-tag, not id.
For example, $_POST['emp_name'] should be $_POST['e_name']
Furthermore, don't encapsulate your variables with single quotes:
"INSERT INTO emp_details (emp_name, emp_gender, emp_address) VALUES ('$name', '$gender', '$address')";
Do this instead:
"INSERT INTO emp_details (emp_name, emp_gender, emp_address) VALUES ('" . $name . "', '" . $gender . "', '" . $address . "')";
Or use bind_param() from mysqli ofcourse!

Make the id and name of your input elements same
<form method="post" id="myForm">
<label for="e_name">Name</label>
<input name="emp_name" id="emp_name" value="" type="text" data-theme="a">
<label for="date">Date</label>
<input name="emp_dob" id="emp_dob" value="" data-theme="a">
<label for="gender">Gender</label>
<select name="emp_gender" id="emp_gender" data-role="slider" data-theme="a" data-inline="true">
<option value="male">Male</option>
<option value="female">Female</option>
</select>
<label for="address">Address</label>
<textarea name="emp_address" id="emp_address" value="" type="text" data-theme="a"></textarea><br><br>
<input type="button" id="insert" value="Submit">
</form>
Otherwise change your $_POST array keys.Because you will get the keys of $_POST array will be the name of input elements.But i recommend you to mak ethe name and id same

Categories