what is failing in my insert query? - php

I have a form to submit with post, to my table in my database. However whenever I hit submit is says failure. I had several validation scripts that I removed to try and figure out why the form was not submitting.
I checked many of the answered questions regarding INSERT using mysqli_query, but none seemed to answer my question. I am aware the HTML structure is probably poor, this is just to get the script working correctly first. its really not complicated, I don't understand whats wrong here.
I have a registration form, and my other forms on the site I'm working on all work fine, update date their tables correctly. Don't know what I'm missing here.
<?php
include('db.php');
$event_name='';
$place='';
$time='';
$date='';
$description='';
$event_name=strip_tags($_POST['event_name']);
$place=strip_tags($_POST['place']);
$time=strip_tags($_POST['time']);
$date=strip_tags($_POST['date']);
$description=strip_tags($_POST['event_description']);
if(isset($_POST['submit'])) {
$query = "INSERT INTO user_posts (title, location, time, date, description)";
$query .= "VALUES ($event_name','$place','$time','$date','$description')";
if (mysqli_query($connection, $query)) {
echo "<h2> your post has been submitted </h2>";
}
else {
die('failure');
}
}
and the html form
<body>
<div class="box-1">
<form action="create_post_script.php" method="post" id="event_form">
<div class="box-2">
<input type="text" name="event_name" placeholder="event title" />
</div>
<div class="box-3">
<input type="text" name="place" placeholder="location" id="box-3" />
</div>
<div class="box-4">
<input type="time" name="time" id="box-4" />
</div>
<div class="box-4">
<input type="date" name="date" id="box-4" />
</div>
<div class="box-5">
<h4> <center> ... </center> </h4>
<textarea class="text-area" name="event_description" id="event_form" >
</textarea>
<input type="submit" value="submit" name="submit" placeholder="submit"/>
</div>
<div class="box-6">
<div class="box-7">
<h4> </h4>
</div>
</div>
</form>
</div>
When I hit submit, the resulting page confirms my connection and says 'failure', is this because of the way that I have the submit input field for the <text-area>?


try this
$query = "INSERT INTO user_posts (title, location, time, date, description) ";
$query .= "VALUES ('$event_name','$place','$time','$date','$description')";


you missing single quotes
<?php
$query = "INSERT INTO user_posts (title, location, time, date, description)";
$query .= "VALUES ('$event_name','$place','$time','$date','$description')";
// ^^^
// here missing single quotes
echo $query;
?>


Code look's fine, but only one thing you're missing a single quote ' in inserting values.
$query .= "VALUES ($event_name','$place','$time','$date','$description')";
Change To
$query .= "VALUES ('$event_name','$place','$time','$date','$description')";

Related

Hidden Input Only Takes Last Value From Looped Data-php

I am trying to make a small image/quiz application that allows users to upload a question, while other users answer those questions. The other users are allowed to select up to three checkboxes for their answers. Once selected, this data is to be posted to a script that checks the guesses against a database that has the correct answers. Many questions are on the same page, and more are echoed onto the page via a php script as users upload data. To ensure that each question has a unique identifier, I have a hidden input for the quiz form that takes on the value given from a loop. The first question works great! However, the other questions are unanswerable, because the hidden input seems to only take on the value of the last element in the loop(DESCENDING order). Also, the POST mechanism only seems to care about the most recent item as well.
Here is the code which loops out images and questions to the page:
$sql = "SELECT * FROM gallery1 ORDER BY idGallery DESC";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL Statment Failed";
}else {
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_assoc($result)){
echo '<div class="maincontainer">
<div class="thecard">
<div class="thefront" style="background-image:url(gallery/'.$row["imageFullNameGallery"].'); background-size:100% 100%;">
</div>
<div class="theback">
<p class="heading"> The Story</p>
<p class="desc">
'.$row["descriptionGallery"].'
'.$row["imageFullNameGallery"].'
</p>
<form action="includes/survey.php" id="form1" method="POST">
<label> <img src="img/IMAGE1.png" class="radio">
<input type="checkbox" name="food" value="1">
</label>
<label> <img src="img/IMAGE2.png" class="radio">
<input type="checkbox" name="water" value="1">
</label>
<label> <img src="img/IMAGE3.png" class="radio">
<input type="checkbox" name="shelter" value="1">
</label>
<input type="hidden" name="image" value='.$row["imageFullNameGallery"].'>
</form>
<button type="submit" form="form1" name="submit">Submit </button>
</div>
</div>
</div>';
}
}
?>
Notice that the '.$row["imageFullNameGallery"].' is under the <p class="desc"> tag in the above code. This properly gives me the full name of each image. I did this just to test if there were errors here. There are none though.
This is the code that handles the hidden input once it has been received(survey.php):
<?php
if (isset ($_POST['submit'])) {
include_once "dbh.php";
$food=$_POST['food'];
$water=$_POST['water'];
$shelter=$_POST['shelter'];
$image=$_POST['image'];
$survey = array("foodGallery"=>$food, "waterGallery"=>$water, "shelterGallery"=>$shelter);
$sql= "SELECT foodGallery, waterGallery, shelterGallery FROM gallery1 WHERE imageFullNameGallery = '$image';";
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
print_r($row);
if ($survey !== $row){
echo "These are not the same";
} else{
echo "These have the same values!";
}
?>
I have done some research, and some suggest that it could be because all of the names for the hidden inputs would be the same, therefore it only goes with the final value passed from the loop. If this is the case, how could this be solved, so that each item has the proper value for its hidden input? Also, any thoughts as to why only the first form's input is being posted? (Remember the order is descending, so it is the form with the true value as being correct from the hidden input; the last value given from the loop). I appreciate you for taking your time to read (and hopefully aid me in my search for truth) my wordy question. THANK YOU!

So I solved the issue! All of the forms had an id="form1" . Each submit button also had the element form="form1". By changing both of these fields to be both id='.$row["imageFullNameGallery"].' and form='.$row["imageFullNameGallery"].' respectively, the solution was found! Each form matches with the correct information in the database, and all forms are workable! I hope this helps someone in the future!

My code won't update a field in a database when submitted

Hey my code keeps on giving me an error when trying to update it on submit
This is my code (I also have tinymce on the textarea but never had any issue with it before.)
<form method="post">
<legend>Edit PClass</legend>
<div class="form-group">
<label for="descr">Description</label>
<textarea type="text" class="form-control" rows="6" id="descr" name="descr" placeholder="Description"></textarea>
</div>
<input type="submit" class="btn btn-default" name="Csubmit" value="Submit">
</form>
<?php
if (isset($_POST['Csubmit']))
{
$descr = $_POST['descr'];
$sql= "UPDATE INTO pclass(descr) VALUES ('".mysqli_real_escape_string($con,$descr)."')";
mysqli_query($con, $sql) or die(mysqli_error($con));
echo $sql;
$_SESSION['message']="PClass Edited";
}
?>

Your update query is wrong
Your update query should be like this :
UPDATE table_name
SET column1=value, column2=value2,...
WHERE some_column=some_value
So, update your query as below :
$sql= "UPDATE `pclass` set `descr`='".mysqli_real_escape_string($con,$descr)."'";
Hope it helps.

perhaps more like this?
$sql= "UPDATE `pclass` set `descr`='".mysqli_real_escape_string($con,$descr)."'";
that said,you ought to use prepared statements rather than embedding variables directly into your sql.

option from with php/mysql

I'm stuck on a posting script, I want information from mysql table 'category' from name to put that in mysql table 'post' to cat.
I cant get the data from category table in my html form "$row['name']
So when I click on sumbit the name from table 'category' example category called by 'name' test will be inserted into $cat
<html>
<body>
<title>ADD NEW POST</title>
<?php
// POST.PHP POSTING NEW CONTENT
include 'config.php';
// values from form
$id=$_POST['id'];
$title=$_POST['title'];
$pic=$_POST['pic'];
$youtube=$_POST['youtube'];
$cat=$_post['cat'];
// insert data to mysql
$sql="INSERT INTO post(id, pic, youtube, cat)VALUES('$id', '$title', '$pic', '$youtube', '$cat')";
$result=mysql_query($sql);
// succes added
if($result){
echo "Added a new post";
}
else {
echo "SOMETHING WENT WRONG!";
}
// end of post script ^^
?>
<?php
$query2 = mysql_query("SELECT * FROM `category` ");
while($row=mysql_fetch_array($query2)){
}
// html form start ?>
<form action="<?php $_PHP_SELF ?>" method="post">
title: <input name="title" type="text" id="title"><br />
Picture link: <input name="pic" type="text" SIZE="80" id="pic"><br />
Youtube link: <input name="youtube" type="text" SIZE="80" id="youtube"><br />
Category game: <select name="name">
<option VALUE="<?php echo ''.$row['name'].''; ?>"><?php echo ''.$row['name'].''; ?></option>
<br /><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>

You are vulnerable to SQL injection attacks. And if you have even bare bones minimal error handling in your code, you'd have been told WHERE the error is:
$result = mysql_query($sql) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^^-- you **NEED** this
As for the actual problem:
$sql="
INSERT INTO post(id, pic, youtube, cat)
^^^^^^^^^^^^^^^^^^^^^--- FOUR fields
VALUES
('$id', '$title', '$pic', '$youtube', '$cat')";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^--- FIVE values
You're missing title in the field list.
Never EVER assume success. Assume everything will fail, code accordingly, and treat success as a pleasant surprise.

Job Entrys Not Submitting to Database Table

I have a forum where a user can enter in a job they are looking for which would be submitted to a database and then displayed on the following page. Only I can't get any of the data to upload, and I'm not sure why.
I'm also struggling with ways to error check. Any ideas?
// Check for job submission
if(isset($_POST['submit']))
//empty error array
$error = array();
// check for a things in the field
if(empty($_POST['job']))
{
$error[] = 'Please fill in all required fields';
}
// iff there are no errors, insert the job listing into the database.
// otherwies, display error.
if(sizeof($error) == 0)
{
// insert job listing
$query = "INSERT INTO job (
job_id,
user_id,
jobtitle,
company,
location,
summary,
responsibilities,
skills
) VALUES (
null,
'{$_SESSION['user_id']}',
'{$_POST['jobtitle']}',
'{$_POST['company']}',
'{$_POST['location']}',
'{$_POST['summary']}',
'{$_POST['responsibilities']}',
'{$_POST['skills']}',
NOW()
)";
$result = mysqli_query($dbc, $query) or die('Query failed: ' . mysqli_error($dbc));
// display a confirmation
echo "<div class=\"alert alert success\">Your job listing has been added</div>";
} else {
// display error message
foreach($error as $value)
{
echo "<div class=\"alert alert-danger\"{$value}</div>";
}
}
?>
<!-- Job listing Form -->
<form method="post" action="listings.php">
<div class="form-group">
<label> Job Title </label>
<input name ="jobtitle" type="text" class="jobform"/>
<label>Company/Organization</label>
<input name="company" type="text" class="jobform"/>
<label> Job Location </label>
<input name ="location" type="text" class="jobform"/>
<label> Job Responsibilities </label>
<textarea name="summary" rows="8" cols="20" class="jobfourm"></textarea>
<label> Job Responsibilities </label>
<textarea name="responsibilities" rows="8" cols="20" class="jobfourm"></textarea>
<label> Job Skills </label>
<textarea name="skills" rows="8" cols="20" class="jobforum"></textarea>
</div>
<div class="form-group">
<input name="submit" type="submit" value="Submit" class="btn btn-large btn-primary" />
</div>
</form>
</div>

My bets are on your query:
(
job_id,
user_id,
jobtitle,
company,
location,
summary,
responsibilities,
skills
) VALUES (
null,
'{$_SESSION['user_id']}',
'{$_POST['jobtitle']}',
'{$_POST['company']}',
'{$_POST['location']}',
'{$_POST['summary']}',
'{$_POST['responsibilities']}',
'{$_POST['skills']}',
NOW()
for what should be job_id, you're passing null. Now, I'm going to assume that all jobs must have a job ID, correct? You need to actually pass in a valid id, as I'm going to bet money (or rep) that that's a non nullable field in the table. Additionally, you've added a column in your values that you have not declared in your column name parameter.

Insert text field content based on what checkboxes are selected php mysql

Hey Fellow Programmers,
I have a slight problem and I cant find the right answer online.
Basically what I need to do is, a user inserts content into a text box and then selects a check box. Whichever check box is selected is what table the text box content is supposed to insert into. **Both check boxes can be selected so the user can upload to two diff tables, before you ask no I cannot just upload to a diff row it has to be a completely diff table.
Let me know if I am not clear, and thanks in advance
HTML CODE:
<body class="login">
<div class="wrapper">
<h1><img src="img/logo-big.png" alt="" class='retina-ready' width="59" height="49">FLAT</h1>
<div class="login-body">
<form action="db_pre_panel.php" name="login" class='form-validate' id="test" method="post">
<div class="control-group">
<div class="email controls">
<h3>TEST</h3>
<input type="text" name="content" maxlength="500" placeholder="Content" />
</div>
</div>
<div class="control-group">
<input type="checkbox" name="Ck_1" /> <label>Ck_1</label>//If selected then INSERT content into tbl_connect
<input type="checkbox" name="Ck_2" /> <label>Ck_2</label>//If selected then INSERT content into tbl_share
</div>
<div class="submit">
<input type="submit" value="Simplicity" />
</div>
PHP CODE:
<?php
//Define Content, Post & Share
$content=$_POST['content'];
$post=$_POST['ck_1'];
$share=$_POST['ck_2'];
//Insert into the db
$sql_post="INSERT INTO $tbl_connect (wall) VALUES ('$connect', '$post')";
$sql_share="INSERT INTO $tbl_share (wall) VALUES ('$connect', '$share')";
//Make sure it insert into db
$result_post = mysql_query($sql_post);
$result_share = mysql_query($sql_share);
if($result_post){
header("location:alert.php");
}else{
header("location:error.html");
}
if($result_share){
header("location:http://www.google.com");
}else{
header("location:error.html");
}
?>

Just keep it simple:
//Define Content, Post & Share
$content = $_POST['content']; // you should sanitize this to prevent SQL injection
if ( !empty($_POST['ck_1']) ) {
$sql_post = "INSERT INTO `tbl_connect` (wall) VALUES ('$connect')"; // if you have more than one value, then you need to specify more than one column...
}
if ( !empty($_POST['ck_2']) ) {
$sql_share = "INSERT INTO `tbl_share` (wall) VALUES ('$connect')";
}

Categories